The four sanctioned integration surfaces
The golden rule across all of them: writes go through IDOs (directly or via BODs), never through SQL. Direct-table writes bypass validation and business rules, and they are the leading cause of corrupted data and broken upgrades.
| Surface | What it is | Best for |
|---|---|---|
| IDO layer | SyteLine's business-object API (LoadCollection / UpdateCollection / custom methods) | Real-time reads and validated writes; the default choice |
| Infor ION | Infor's middleware bus connecting Infor and third-party apps | Multi-application Infor landscapes; pub/sub flows |
| BODs | Business Object Documents — standardized XML messages over ION | Master-data sync (items, vendors, orders) between systems |
| Direct SQL (read-only) | Reporting against the database | Analytics extracts only — never writes |
Common integration patterns
- Customer portal → IDO API: real-time order status and inventory lookups, read-only, cached.
- CRM sync → BODs over ION: customers and orders flowing bidirectionally with standardized documents.
- Data warehouse → scheduled read-only extracts: nightly SQL or IDO pulls into your analytics store.
- Shop-floor systems → IDO methods: labor and material transactions posted with full validation.
The silent killer: unmonitored integrations
Most SyteLine integration failures aren't dramatic — a BOD queue backs up quietly, an API credential expires, a nightly job half-finishes. Nobody notices until month-end doesn't reconcile. Observability is not optional once you have more than two integrations.
This is where AI agents earn their keep: SyteRay's ION & Integration agents watch BOD processing, connection health, and API endpoints continuously, and raise exceptions in plain English before the backlog becomes a crisis. The REST connector API (JWT auth, RBAC, full audit trail) also gives modern apps a clean, governed way into SyteLine without bespoke plumbing.
Build checklist for any new integration
- Writes through IDOs or BODs only — no direct SQL writes, ever.
- Idempotency: re-delivered messages must not duplicate transactions.
- Monitoring from day one: queue depth, error rate, last-success timestamp.
- Credentials in a vault with rotation — not in config files.
- An owner: every integration needs a named human who gets the alert.
Frequently asked questions
Does SyteLine have a REST API?
Modern CSI exposes REST-style APIs, and platforms like SyteRay add a governed REST connector (JWT auth, RBAC, audit logging) that works across SyteLine 8, 9, 10, and CSI — translating REST calls into proper IDO operations.
What is a BOD in SyteLine?
A Business Object Document — a standardized XML message (e.g., ProcessSalesOrder, SyncItemMaster) exchanged over Infor ION to keep applications in sync.
Can I write directly to SyteLine tables from another system?
You can, but you shouldn't. Direct writes bypass validation, security, and events — corrupting data in ways that surface weeks later. Route writes through IDO methods or BODs.
How do I monitor SyteLine integrations?
Continuously, with alerting on queue depth, failures, and staleness. SyteRay ships prebuilt agents for BOD processing, connection health checks, and API monitoring that alert in plain English.
Put a watchdog on every integration
SyteRay's integration agents monitor BODs, connections, and APIs around the clock — and explain failures in plain English.