SAP API Management – Enabling URL masking
Now that SAP API Management is available you probably also have seen the fantastic blog from Bhanu Pratap Sharan about policies and how to use them. It explains what policies in SAP API Management are, which ones are available and how you can use them.
When following my first blog on How to use SAP API Management on HCP Trial you might have noticed that when calling the “proxified” URL to the ES4 system (e.g. https://trial.apim1.hanatrial.ondemand.com:443/<account>trial/GWSAMPLE_BASIC) yxou can still see URLs like https://sapes4.sapdevcenter.com/sap/opu/odata/iwbep/GWSAMPLE_BASIC/ in the response.
Although you can make this policy very generic, I will keep to the very basic and actually tell the script what the target server is and what the SAP API Management Proxy URL is.
Lets pick-up where we left in the How to use SAP API Management on HCP Trial
I had created a plain API proxy that would just connect to the ES4 system. Lets take another look at this API Proxy and go to the “Launch Policy Designer” in the API Artifacts section (for more details, take a look at the blog SAP API Management – Policy Management)
Once you launch the Policy Designer you can see an empty policy screen. In this screen, enable the Edit mode, by clicking on Edit and then add a script (by clicking on the “+” sign which will appear once you are in Edit mode)
Once you click on the “+” sign you can give the new script a name like “urlrewrite”
This will be the script that reads the actual URL and replaces it with the URL from our SAP API Management proxy. So once you click on Add in the pop-up above you can select the script name (“urlrewrite”) that we just created and add the content:
var rc = context.getVariable(“response.content”);
var newstr = rc.replace(/SAPES4.SAPDEVCENTER.COM:443/gi, “trial.apim1.hanatrial.ondemand.com”);
var newpath = newstr.replace(/\/sap\/opu\/odata\/iwbep/gi, “\/d044410trial”);
In these four lines (of course it could have been less :-)) we retrieve the content from the response, replace the targetserverhost and targetserverport (in my case the SAP Developer System) with the information from the api proxy, changes the path and put this new information back in the context. Quite straight forward.
Now we only have to tell the flow that and when we want to call this script.
A new pop-up will open where we can specify the name of this policy. Enter something like “maskurlfromresponse” and make sure that you select “Outgoing Response” from Stream. Then click on Add
(since we won’t use a helper.js file, you can also remove the lines:
<!– contains reference to any library scripts that help the main code file –>
<!– this policy allows us to execute java script code during execution of an API Proxy –>
<!– contains the name of the main code file –>
And that’s it! Now you can click on Update
and then on Save
… from now on your API calls to a backend systems should really mask the URL.
Feel free to add your comments & feedback.
Update: for more information see SAP API Management – Overview & Getting started