Skip to Content

How to use Integration Gateway with SMP 3.0 (Part 3)

How to use Integration Gateway with SMP 3.0

Part 1:

– Describes how to set up the HSQLDB and how to deploy the JDBC driver to SMP3

Part 2:

– Describes how to model, implement and deploy the OData service with Integration Gateway

Part 3:

– Describes how to configure the Integration Gateway on SMP3 to bind the OData service to the backend and how to display the OData service

In this third part of this tutorial we will configure and finally execute the OData service which got deployed in part 2 of this tutorial.

Also make sure that the JDBC driver is already known to SMP3 BEFORE deploying the OData service via the “Toolkit for Integration Gateway”. This has been described in part 1.

Create Security Profile for our OData Service

Because we deployed our OData service in the namespace called “sap”, we have to create a security profile which is matching this namespace. Therefore open the Administration Management Cockpit by calling https://smp3server:8083/Admin/

1. Switch to the “SETTINGS” tab and click under “SECURITY PROFILES” the button “New”

2. Type as name “sap” (has to match the namespace which was chosen when deploying the OData service) and click on the small plus/add button to add an authentication provider. For testing purpose I chose “No Authentication Challenge” which simply will let everyone pass you is calling this service.


3. Save the changes.

Using Gateway Management Cockpit (Integration Gateway)

There is a Gateway Management Cockpit available (which is different from the Admin Management Cockpit). You can manage the deployed OData services here and also the destinations. Destinations are the backend connections which serves as base for the OData services.

1. Access the Gateway Management Cockpit by calling https://smp3server:8083/gateway/cockpit .


2. Switch to “DESTINATIONS” and click on “Create a New Destination…”. Choose the following information for a connection to HSQLDB database:

Property Value
Destination Name DestHSQLDB
Destination Type DATABASE
Destination URL jdbc:hsqldb:hsql://localhost/xdb
Database Driver org.hsqldb.jdbcDriver
Authentication Type Basic Authentication
User Name smpUser
Password yourPassword

Of course you might have to adapt the destination url, username or password dependent on your environment.

3. Switch to “SERVICES”. You should see our OData Service, which we deployed in part 2 of this tutorial.


4. Click on the service name. In the coming window click on “Add Destination” and choose the newly created destination (DestHSQLDB).


5. After that close the window and activate the service.


6. Click on “Open Service Document” which should open the OData service in your browser.


Testing the OData Service

7. In our example the webpage http://smp3server:8080/gateway/odata/sap/intgwtest;v=1 is displayed and you can see the Collections (CUSTOMER)


8. If you navigate into the collection http://smp3server:8080/gateway/odata/sap/intgwtest;v=1/CUSTOMER you can see that the data is displayed which is retrieved from the HSQLDB database.


9. You can open one element by calling CUSTOMER(primaryKey), so e.g. …/CUSTOMER(0) will display the first data entry


10. You can also create new elements. For this you have to send a HTTP POST request to the base collection address. Because by default the Integration Gateway enabled CSRF Token Handling, you have to catch a token before you can post data. CSRF Tokens are used to increase the security and make sure that a session got successfully created. You can use any REST client to perform these requests, I like to use the freeware Fiddler.

Send a GET message to the integration gateway to receive the CSRF Token. Beside the Authorization (for your “sap” security profile in SMP3) you need to set the HTTP Header “X-CSRF-TOKEN” with value “FETCH”.

UPDATE: Fetching the CSRF Token is only needed for SMP 3.0 SP03 and higher (Previous versions does not include CSRF token handling).


11. You should get an “HTTP 200 OK” response. In the Header of this response you will find some Cookies (X-SMP-SESSIDSSO and X-SMP-SESSID) and also the requested X-CSRF-TOKEN value. Copy all three values (all Cookies and the CSRF Token).


12. Paste the copied values into your HTTP POST request. Header values should be Authorization, Content-Type, X-CSRF-TOKEN and Cookie. So the header could look like this:

Authorization: Basic dGVzdFVzZXI6dGVzdA==
CONTENT-TYPE: application/xml
Cookie: X-SMP-SESSIDSSO=F0A363722FB5A370ACB0511C9EE14C66; Path=/; HttpOnly
Cookie: X-SMP-SESSID=9212486C3E0E402812E8196F7C2C044EA974B0D53146C68350B61211A24251B7; Path=/; HttpOnly
X-CSRF-Token: 79861F653C809F765F92B3A532C27B3C
Host: localhost:8080
Content-Length: 541

The body will include the object you want to create. In our case we want to add a new customer, so we insert the following:

<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="" xmlns:m="" xmlns:d="" xml:base="http://localhost:8080/gateway/odata/sap/intgwtest;v=1/">
<content type="application/xml">
<d:ADDRESS>Adlerstr. 33</d:ADDRESS>


13. After sending you should receive an HTTP response code 201 Created. If you get an HTTP 403 Forbidden, make sure you don’t have an Authorization issue or a problem with the CSRF Token and the other cookies. In some cases you might get an HTTP 500 Internal Server Error. Then have a closer look. It could be that the entry got successfully inserted and after this an error occurred (happened some times to me). Verify this by calling the CUSTOMER collection or by looking directly inside the database.


14. As you can see the new record got inserted!

Now you know how the Integration Gateway in context of SMP3 can be used. For sure it will be enhanced in the future and the process (especially of the data binding) might change, but the functionality should be clear now.

You must be Logged on to comment or reply to a post.
    • Hi Jitendra Kansal,

      make sure that the JDBC driver got successfuly deployed on SMP3. Also make sure that the database connection information specified in the Destination are valid.

      For each error you get you should also get a more detailed error message in the server log file. So please check the serverlog which might give you more information...

      • Hi  ,

        I tried the all 3 parts from scratch,

        1. Yes, JDBC driver has been deployed to SMP server successfully.


        2.  I have created one table CUSTOMER in HSQLDB with few test data, and created one user smpAdmin and s3pAdmin (as password) and has granted DBA access to this user.



        but when i run this URL


        I get the same error as i mentioned in my previous comment:

        I checked in the server log as it says failed: service = sap/intgwtest, entity set = CUSTOMER, content type = application/xml;charset=utf-8, message = org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (invalid authorization specification)|

        2014 01 17 failed to serve request for URI http://SMPSERVER:8080/gateway/odata/sap/intgwtest;v=1/CUSTOMER, message = Cannot create PoolableConnectionFactory (invalid authorization specification)|

        I have uploaded log file here, Please have a look and advise.

        Appreciate your help.



        • Hi Jitendra,

          It's a late reply, but I am just now going through this blog.  I ran into the same error you did.

          I found that my Connect Settings in the "Database Manager" (where I created the table/user) was set to the Type "In Memory".  Once I was very careful to fix these settings I had to re-create the table and user, then I closed the database manager and tried to login with the user I just created. 

          After this, it solved the issue.

          Hope it helps

  • Hi Marvin,

    Firstly, thanks for your brilliant blogs, they are very helpful.

    I was wondering if you were able to help me with my problem. I am trying to create an OData Service on SMP3 fetching data from SQL Server. I followed your tutorial, however, after the service deployment the data set access is giving me the following error:

    <error xmlns="">

    <script id="tinyhippos-injected"/>


    <message xml:lang="en">

    Cannot load JDBC driver class ''



    The sqljdbc4.jar library has been deployed correctly from the pickup folder based on the “sqljdbc4.deploy.ok” file in the .state folder. I noticed the bundle has been marked there as “bundle-id=544”.

    After inspection of the log I discovered following:

    java.lang.ClassNotFoundException: from bundle 547

    I tried to undeploy the library by deleting it from the server pickup folder but the file would not disappear from the \work\org.eclipse.virgo.nano.deployer\staging folder and the log contains following error:

    org.eclipse.virgo.medic.eventlog.default##anonymous#fs-watcher###Hot un-deploy failed for file 'sqljdbc4.jar'.java.lang.NullPointerException: while trying to invoke the method java.lang.String.equals(java.lang.Object) of a null object returned from org.osgi.framework.Bundle.getSymbolicName()

    Any idea what might be causing my issues? Not sure whether it is relevant here but note the different bundle ids

    Here is the log containing deployment first (14:11:06) then triggering the OData service request (14:14:53). -

    Many thanks,


    • Hi Frank,

      even if the deployment with the standard Microsoft JDBC Driver (sqljdbc4.jar) seems to be ok, when you are deploying it directly to SMP3, it won't work... If you have a look into the SMP3 server log you will find some errors.

      Similar to the Oracle case, you have to create an osgi enabled bundle wrapping the SQLServer JDBC driver.

      I wrote it down in a new blog post here:

      Integration Gateway and Microsoft SQL Server as data source



  • hi Marvin,

    thank you very much for your blog.

    i could make it work by following your blog step by step. it's really great

    i have one question about the OData service url when i tried to insert a row into the db, what is the format of the url?

    please help.

    thanks again

    • Hi Lawrence Lu,

      this is a nice question. Actually it is quite easy to insert some new data. I enhanced this blog post to show how to send an HTTP POST request to the collection to create a new object. You only have to think about the CSRF Token the Integration Gateway requires...



      • hi Marvin

        thank you very much for you sharing again. it's brilliant.

        actually i worked it out my self. indeed i could insert it into db, i tried the following js:

        oModel = new sap.ui.model.odata.ODataModel(uri, true, user,

          password, headers);

          var product = {

          ProductID: '3',

          ProductName: 'Bus',

          Category: 'Transportation',

          Url: ‘’,

          Description: 'public transportation'


          oModel.create('/product',product,null, function() { alert("Create successful");

        }, function() { alert("Create failed");});

        i saw the sample code have the get CSRF token, but i skipped it. with the above code, not sure it's the right way  😛

        • Hi Lawrence,

          yes you can do it this way. SAPUI5 can handle CSRF tokens. In the moment when you instantiate the sap.ui.model.odata.ODataModel an HTTP GET request will be sent to the OData Service, here also the CSRF Token is fetched...

          when calling oModel.create the CSRF token should be implicitely atached to your request.

          So your code should be fine...

  • Hello Marvin,
    Thank you very much for this blog.  I've gotten as far as far as step 9.  However, when I run step 10 I do not see the CSRF token.  All I see is the following:


    GET http://localhost:8080/gateway/odata/sap/intgwtest;v=1/CUSTOMER/ HTTP/1.1

    User-Agent: Fiddler

    Host: localhost:8080


    HTTP/1.1 200 OK

    Set-Cookie: X-SMP-SESSIDSSO=296715BC57EE1941372EDAFADA7709CB; Path=/; HttpOnly

    Set-Cookie: X-SMP-SESSID=3A933FA698570A2FDF63A5DC7457B486F6A48115AD9EBB1D9DCE0AD269EE9131; Path=/; HttpOnly

    DataServiceVersion: 2.0

    Date: Wed, 09 Apr 2014 17:10:28 GMT

    Content-Type: application/atom+xml; type=feed;charset=utf-8

    Content-Length: 3107

    Server: SAP

    • Hi Ted,

      you have to include into your GET request the header "X-CSRF-TOKEN" with value "FETCH". Did you do this?

      It could be also related to the SMP3 version, what service pack level you are on?

      I tested it with SMP 3 SP02 and higher...

      • /
          • Hi Ted,

            yes you are right. I retested it. It seems that with SP02 there is still no CSRF token handling, but starting from SP03 (not yet available for public) the CSRF token will be introduced. I think I was originally testing it with a pre-build of SP03.

            I upated the blog post with this information! Thanks for pointing this out!

  • Hi Marvin,

    Your tutorial is great! But when I test my hybrid app to my device, it doesn't have access to my data. I think this is because everything runs localhost. Can I replace "localhost" with a specific IP in the destination URL?

    Thank you in advance,


    • Sure you have to replace this... localhost will only work if you are directly on the SMP server machine. If you want to access your odata service from within the same network, you can use the server machine's hostname or ip address. If you want to access a SMP server (which is in your local company's network) from the internet you might need a reverse proxy or relay server in between...

  • Hi Marvin,

    i noticed while configuring back-end in IG Cockpit. Destination URL and Database Driver names are different in terms of how it is written. Is there any specific pattern we have to follow while mentioning Destination URL and Database Driver?

    Let me also know in case of MySQL where to find Destination URL and Database Driver Name?


    • The DriverName and destination url depend on the used JDBC driver. To find out these values check the database vendor's documentation...

      For MySQL:

      I didn't try to connect the Integration Gateway to a MySQL database. I guess that it should be working. You would have to deploy the (OSGI enabled) MySQL JDBC driver, the official driver is called MySQL Connector/J . The Database Driver name can be found on the official MySQL webpage

      Database Driver: com.mysql.jdbc.Driver

      Destination URL: jdbc:mysql://[host:port]/[database]

  • Hi Marvin,

    I am stuck on step 7, having this error:

    2014 06 16 not instantiate data provider based on class null Could not instantiate data provider based on class null

    Do you know how can i solve it?

    Screen Shot 2014-06-16 at 11.11.13 AM.png



    Screen Shot 2014-06-16 at 11.11.13 AM.png
  • Hi Marvin,

    The tutorial is great. I've followed steps through the end, and everything went well. I can successfully GET/POST the data through a integration gateway url (http://<server>:<port>/gateway/odata/<namespace>/<servicename>/...).

    However, I have a problem regarding a csrf token, while application try to POST data passing through SMP (url http://<server>:<port>/<back-end-connection-name>), which will forward the request to Integration gateway service url. The system always returns with error code 403 forbidden (with 'X-CSRF-Token: Required' in the response header)

    Note: I'm using SMP3.0 SP03 on Windows

    Let's me tell you what I understand and please correct me if i'm wrong.
    Applications should access odata of any back-end systems via SMP. We can configure an endpoint urls of backend systems in SMP management cockpit for each application. So, I think of integration gateway service as another back-end. Thus, the backend connection to integration gateway is: ( is my local ip of the SMP server)

    Using this configuration, I can perform GET request to the integration gateway via SMP correctly, as shown:

    However, When I try to POST data back, I got error 403 forbidden, as shown:

    Then, I used TCPdump to inspect the header of the request. Turn out, the request that SMP forwarded to integration gateway don't have a Session-id value in the header field. My assumption toward CSRF is that it needs to use x-csrf-token along with the session id to verify, otherwise it would return with error 403. 

    This is the header of the request from the requester to SMP server:

    and this is the header of the request from SMP to integration gateway:


    the return of the request is


    It seems to me that SMP do not parse the header correctly to integration gateway such that the csrf token would work. However, though I might wrong in the concept of how to use the integration gateway.

    Please help us on how should we proceed. Is there any workaround for POST  the data to integration gateway?

    Is there setting that we can set in integration gateway for disable csrf process

    • Hi Surachai,

      yes you are right. I can reproduce this behaviour.

      For a POST request to integration gateway you need to provide the CSRF token and additionally the X-SMP-SESSID. Usually SMP will forward the client cookies/headers to the backend, only SMP specific headers e.g. X-SMP-APPCID and also the header X-SMP-SESSID will be filtered and not sent. In case of the integration gateway this seems to be really an issue.

      I will try to follow up on this SAP internally. If I get some information I will post it here, but I would suggest you (if you are a SAP customer or partner) to open a customer message for this.



      • Hi Marvin,

        Thank you for your response. By the time project is started and if there is no solution to this, I'll open a support ticket to SAP.

        Thank you again,



          • FYI, after upgraded to SAP Mobile Platform 3.0 SP03 PL02 (which is released on 18.07.2014), the issue of csrf-token seems to be resolved. We can now GET and POST data via SMP URL. It makes our lives much easier.

            Thank you Marvin, Mustafa, and SAP developer teams

            P.S I'm looking forward to SMP SP04. Can't wait to see what's coming. 🙂

          • Yes I also verified this.Surachai is correct. This got fixed with SP03 PL02.

            To perform POST Request againast a SMP follow the steps like described in the guide above.At first you need to send a GET request to smp3server/appid/Collection with Header X-CSRF-TOKEN to fetch the value, then insert this value AND the Cookies (you can take all 4, namely twice X-SMP-SESSIDSSO and X-SMP-SESSID) and then send the POST request to smp3server/appid/Collection for this example e.g. with following body:

            <?xml version="1.0" encoding="utf-8"?>

            <entry xmlns="" xmlns:m="" xmlns:d=""> 

            <content type="application/xml">





            <d:ADDRESS>Fantasy-Street 123</d:ADDRESS>






            You should get a HTTP 201 Created response...

          • Marvin Hoffmann

            Thanks it worked.

            also, we are trying to POST more than one entry. Can you please help us on this? what exactly we have to pass in the payload? We have tried with <feed>, <entry> tags but didnt succeed.



          • You have to send an OData Batch Request for that. Inside a Batch Request you can insert several HTTP operations, e.g. combine serveral POST operations there.

            If you e.g. have an OData service that supports Batch Requests you can send these messages also through SMP. Read more here, it is part of the OData specification: Batch Processing | Open Data Protocol

            But as far as I know these Batch requests are not yet supported with Integration Gateway... You will likely get an HTTP415 Unsupported media type response ...

          • Oh... I spoke too soon...
            I found another bug, which affect the token (hopefully it is not a bug). In case of SMP3.0.3.2, after you register an application and send a GET request for a first time, you will receive 4 set-cookies, namely, twice of X-SMP-SESSID and X-SMP-SESSIDSSO for two different paths. If you request a GET request again, all four cookies will be part of the request headers automatically. But the problem lies afterward. Turn out, some (sometime all) of the send-to-SMP cookies are not be able to decode by SMP. Then, the behavior of SMP I noticed is that SMP will send those undecoded cookies back as a set-cookies, which will mess up those previous 4 cookies.  Then, you will never be able to POST/PUT/DELETE again, even though you fetch a new CSRF-Token.


            Screen Shot 2557-08-04 at 4.13.42 PM.png

            I wonder is it only me or someone else be able to reproduce this?

            Screen Shot 2557-08-04 at 4.13.42 PM.png
  • Hi Marvin,

    Can you please point out if request response is supported for SOAP services using Integration gateway. I tried creating a read operation and mapped the user input with a key that i created. But this is a user input and not a key in backend. I then mapped the response but when i run in the url its not working. Kindly let me know if i m going in the wrong direction.

    Please see the mapping of read and response files.

    Screen Shot 2014-06-22 at 4.18.46 PM.png

    Screen Shot 2014-06-22 at 4.19.10 PM.png

    I have opened a thread on

    If you can please look into this.


    Best Regards,

    Rakshit Doshi

  • Hi Marvin,

    I have a already developed RESTfull services, Example i have a login service of a android application so i want to develop sample application by using the REST services in our Appbuilder application so can you please send me the solution how can i use the service in our application. Is there any procedure you have please explain it and how may i suppose to use that in SMP 3.0 using Appbuilder.


  • Hi All,

    we have SAP ECC as backend system, we created service in ECC and added service in gateway cockpit. Now i can get the data from backend ECC using gateway cockpit URL.

    My doubt is

    While creating destination for ECC in SMP Gateway Cockpit, we have to give credentials for basic authentication. While calling service of SMP Gateway Cockpit , It is going to ECC with the user name given in Gateway Cockpit and giving the data authorized by same,

    How to make the dynamic authorization.




    • Hi Suresh,

      You can use the CSI Authentication in gateway cockpit, and in SMP Admin page, do the following steps

      1. Go to the settings, create a new security profile

      2. In the Security Profile window, create new Authentication provider, select HTTP/HTTPS Authentication, in the URL provide the Backend url details same as  configured in CSI authentication in gateway cockpit. Do not provide any user details here.

      Now if you open the service document url it will ask for the user popup.

      I hope this will help you. Please let us know if it works for you.

      Thanks and Regards,


      • Hi Suma,

        Thanks, its great, it is working.

        I have small doubt,

        How to link between Admin cockpit security profile and Gateway Cockpit destination?

        In Gateway Cockpit I created a destination for ECC DEV system.

        In Admin cockpit I created a security profile  . Now it is working for DEV system.

        We have ECC QAS and ECC DEV systems also, I created destinations in Gateway Cockpit.

        Now in Admin cockpit how I need to create security profile for different systems and how to link with gateway cockpit destinations.



          • Hi Suma S

            I am getting following error in POST,Please help me on, how to solve this...

            Where to increase the timeout time

   Read timed out




          • Hi Suresh,

            Are you passing the CSRF token when doing the post request?

            you should pass the CSRF token obtained from GET request to the POST request.

            When you perform the GET operation get the CSRF token with

            header: x-csrf-token value: fetch

            In the response we will get the value for CSRF token, pass this value to the POST request


            header: X-csrf-token: <value>

            then you will be able to perform the POST request.

            If you are trying to consume the gateway cockpit url , through SMP Admin in SMP3.0 SP3 POST/PUT/DELETE will not work.

            It will work directly through the  service document url. If you need to create the Applications through SMP Admin, please upgrade to SMP3.0 SP04 P1.

            Thanks and Regards,


          • Hi Suma S,

            We are using service document URL for POST method. It is working fine. But in some times we are getting error in PORT request. In gateway cockpit troubleshooting we are getting following log How to solve this.

            I am getting x-csrf-token from GET method and passing to POST method .

   Read timed out


            Where we need to Increase the time out time.

            Note :Our POST method will take nearly one minute to execute.

            We are passing two images in string format to POST method.


            Suresh Babu

          • Hi Suresh,

            To increase socket time out you can try to set the data here

            In SMP 3.0 SP4 P1 server go to SMP Admin, Settings->System->Socket Connection Time out.

            Thanks and Regards,


    • /
      • Thank you Jitendra! Got it.

        I saw in a previous comment you were getting the HTTP/1.1 403 Forbidden error.

        I thought my error was being caused by the Authorization parameter. It wasnt...

        Im on SMP 3.0 SP4. My GET is successful and I copy the 3 lines into my post like the blog describes above with the body but on execution I get the Forbidden error.

        It is also showing the token is required (like your error above).



  • Hi Marvin,

    Thanks for the blog. It is really helpful.

    I have a doubt. Is it possible to achieve the same functionality using Hana Cloud Platform? If yes, how to use it?



  • Marvin Hoffmann

    This is a great blog!! There is one thing I am curious about. I am basically following the same steps as you are - except with MS SQL Server 2008 R2 as the destination. A GET request works just fine. For a POST request however, I too am working with a identity column 'ID' just the same way you are. I see you are able to Create records on HSQLDB just fine when you send a POST without ID specified. When I attempt the same in my case however, the INSERT statement seems to have the ID column with a 'NULL' value in it. I see this error in my Odata Services -> Troubleshooting tab: Cannot insert the value NULL into column 'custSiteDetailTypeId', table 'Routebook.dbo.tblCustomerSiteDetailAttributesInfo'; column does not allow nulls. INSERT fails.

    If I do send a value for the ID field, I get the common SQL error : Cannot insert explicit value for identity column in table 'tblCustomerSiteDetailAttributesInfo' when IDENTITY_INSERT is set to OFF.

    This error ^ basically means that I need to modify my SQL to be able to successfully INSERT the value I am sending - but this isn't my goal as I am filtering the table to bring down only a subset of the records.

    Any idea how to solve this one?