Skip to Content
Author's profile photo Martin Grasshoff

SAP Hana Cloud Platform mobile services 1.3 released

Hi there,

It’s this time again – HCPms release date. Today it includes:


  • Support for OAuth
  • Actionable Push for iOS
  • Account Self-Service (SCIM)
  • Same Origin Policy
  • Capability based notifications


So let’s take a look into the details.



Support for OAuth

Most prominently we now support OAuth2.0.  With the OAuth authorization framework support we have added another way to authenticate the users besides BasicAuth, Form (with SAML) and Certificate authentication. The nice benefit of OAuth is that there is no need to store the users credentials on the device anymore. We do that in the most secure manner – if wanted, but with OAuth it’s even more secure and more user friendly, since OAuth tokens can be renewed without user interaction.

This is how it looks like from the Admin perspective:



Push improvements for iOS

With iOS 8 Apple introduced interactive notification that let you react on incoming notifications without unlocking your device. To better facilitate this feature we have introduced some optional information into our back-end push API that let you control this behaviour.

This example shows how to trigger an action on the device by a back-end call.


> POST /restnotification/registration/<applicationId> HTTP/1.1

> Accept-Encoding: gzip,deflate

> Content-Type: application/json

> Authorization: Basic bm9uZW9meW91cmJ1c2luZXNz

> Content-Length: 117

> Host: localhost:8080

> Connection: Keep-Alive

> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

> {

“alert”: “PushAlert”,

“data”: “pushTest”,


{“apns.category”:”YourAction” }



With the information “content-available” you can send a wake up notification to the client:


> POST /Notification/<<applicationId>> HTTP/1.1

> Accept-Encoding: gzip,deflate

> Content-Type: application/xml

> Authorization: Basic cHVzaDpzZWNyZXQ=


> X-SMP-APNS-DATA: pushTest

> Content-Length: 0

> Host: localhost:8080

> Connection: Keep-Alive

> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)


This will make sure that your Apps application:didReceiveRemoteNotification:fetchCompletionHandler: is called, allowing you to react on the notification when your App is resumed or launched in the background. For instance to trigger a refresh of the local data.


Account Self-Service (SCIM)

Once you login the first time into HCPms 1.3 you’ll notice that there is a new tile on the home screen, labeled “Account Configuration”. This currently holds one option only: SCIM Type configuration.

The SCIM configuration allows you to delegate your user authentication to the SCIM capabilities of the Cloud Connector (“HCP SCIM” Option). This allows you to use an on-premise system like an SAP Gateway OData Service to be the source for your user authentication. Simply point the URL to the Service you want to use, HCPms will then forward BASIC Auth requests to this URL for all mobile applications in your account.

The other option is to select “HCPms SCIM”. This allows a more granular setup of your authentication, where you can define a SCIM authentication URL for every mobile application individually. Here you also have the option to define a global URL that is used for all BASIC auth configured Apps that do not have a dedicated SCIM URL. Notice that SCIM is only available if your application is configured to use Security: Basic.



Same Origin Policy

With this application wide setting you can control whether you want to allow or disallow cross-origin resource access in your mobile application. This option controls the response headers that will be sent to your mobile apps. If Same Origin Policy is enabled, which is the default, then we always make sure that we send the corresponding header to the client. Example:





Download of Usage Data

With the feature of uploading usage data you can instrument your mobile application and gather usage information on the device, and upload it for further analysis to the server. Here the data will be stored and is waiting for you. With a simple click you can download the collected data and put them into SAP Lumira.


CSV Download.png

Capability based Push Notifications

We now provide capability-based push support. This enables you to send push notifications to devices with a particular capability, rather than to individual applications, allowing you to further abstract in your backend from devices and Apps. I’ll later explain it in a separate blog post, if time allows.



Of course, we have included one or the other bug fix as well.


Have Fun,


Assigned tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Nagesh Caparthy
      Nagesh Caparthy

      Thanks for the update.