Skip to content

POSService

POSService is a standalone Windows Service you need to install somewhere to have network connection to the ECR device. This service is creating the connection between the device and Navertica POS Base application in your Business Central. It is using Azure Relay Service. One POSService could handle multiple ECRs. One POSService could communicate only with one Business Central company.

Authentication

POSService could connect to OnPrem or Online Business Central and could use Basic authentication or OAuth v2 authentication when connecting.

Basic Auth

For using Basic Authentication, you need to set correctly these values in the NVRPOSService.config file:

OAuth

Registering AAD Application

To be able to authenticate through OAuth, you need to have registered application in the target AAD tenant. You can register it through Azure Portal in AAD section. After it is registered, you need to register this AAD application inside Business Central and assign BC permissions to it. For more info, how to register the application in AAD and in Business Central, follow this doc. You do not need to create Secret key, because it will be generated by POSService setup script.

Setting OAuth for POSService

For OAuth authentication you need to use PowerShell script Scripts\GenerateCredential.ps1 to enter the needed information for the authentication. The script must be running as Administrator to have access into folder where the settings will be saved, and must be running on the server, where POSService is installed.

After you run the script, it will ask if you want to connect to Cloud or OnPrem environment, if you want to use certificate for authentication or not, name of the AAD application which will be used for authentication. Script will need user to authenticate into AAD domain to be able to create new secret on the AAD application, which will be used to authenticate the POSService instance. Entered values will be saved into file for use with the service.

Script have few parameters you can use to fine-tune run of the script:

  • AADTenant - ID or name of the AAD tenant to use for authenticating the user (good to use when using account from different tenant than the target one, e.g. when using delegated admin account),
  • Secret - allows you to use predefined/pregenerated secret value. Script will not generate new secret key and will use the passed value instead, thus no login into AAD will be needed
  • AppId - allows you to pass AppID of the existing AAD application registration which will be used to authenticate the service, thus no login into AAD will be needed
  • Thumbprint - allows you to pass Certificate thumbprint for certificate, which will be used for authentication
  • Years - default = 1, number of years after which newly generated secret key will expire (when Secret parameter is not used and script will generate new secret key) or the newly generated self-signed certificate will expire, if certificate is used for authentication and Thumbprint parameter was not used

In NVRPOSService.config you need to enter correctly these values:

If everything is ok and you start the service, service should create new entry in your Business Central in ECR Log table.