Now that SAP API Management is available you probably also have seen the fantastic blog from Bhanu Pratap Sharan about policies and how to use them. It explains what policies in SAP API Management are, which ones are available and how you can use them.

When following my first blog on How to use SAP API Management on HCP Trial you might have noticed that when calling the “proxified” URL to the ES4 system (e.g.<account>trial/GWSAMPLE_BASIC)  yxou can still see URLs like in the response.

Obviously that doesn’t make a lot of sense. So we have to tell the API proxy, that it should hide / “mask” the real URL. There are plenty of ways how this can be done. In this blog I want to show the power of one of the policies that we have: the JavaScript policy.

Although you can make this policy very generic, I will keep to the very basic and actually tell the script what the target server is and what the SAP API Management Proxy URL is.

Lets pick-up where we left in the How to use SAP API Management on HCP Trial

I had created a plain API proxy that would just connect to the ES4 system. Lets take another look at this API Proxy and go to the “Launch Policy Designer” in the API Artifacts section (for more details, take a look at the blog SAP API Management – Policy Management)

01 - Go to Policy Designer.png

Once you launch the Policy Designer you can see an empty policy screen. In this screen, enable the Edit mode, by clicking on Edit and then add a script (by clicking on the “+” sign which will appear once you are in Edit mode)

02 - Edit Policy.png

Once you click on the “+” sign you can give the new script a name like “urlrewrite”

03 - urlrewrite.png

This will be the script that reads the actual URL and replaces it with the URL from our SAP API Management proxy. So once you click on Add in the pop-up above you can select the script name (“urlrewrite”) that we just created and add the content:

04 - add content to script b.png

var rc = context.getVariable(“response.content”);

var newstr = rc.replace(/SAPES4.SAPDEVCENTER.COM:443/gi, “”);

var newpath = newstr.replace(/\/sap\/opu\/odata\/iwbep/gi, “\/d044410trial”);

context.setVariable(“response.content”, newpath);

In these four lines (of course it could have been less :-)) we retrieve the content from the response, replace the targetserverhost and targetserverport (in my case the SAP Developer System) with the information from the api proxy, changes the path and put this new information back in the context. Quite straight forward.

Now we only have to tell the flow that and when we want to call this script.

So on the left hand side, scroll down to TargetEndpoint and select the PostFlow (after all we want to replace the results from the server response). Then on the right hand side click on the “+” sign for the JavaScript policy

05 - Add JavaScript Policy.png

A new pop-up will open where we can specify the name of this policy. Enter something like “maskurlfromresponse” and make sure that you select “Outgoing Response” from Stream. Then click on Add

06 - maskurlfromresponse.png

This policy now allows us to call / do whatever we want in JavaScript. In our case, we will just call the script that we had previously created: the urlrewrite script. In order to do that just replace/add the name of the script with the urlrewrite script so that the content looks like this:

(since we won’t use a helper.js file, you can also remove the lines:

  <!– contains reference to any library scripts that help the main code file –>


07 - updated script.png

<!– this policy allows us to execute java script code during execution of an API Proxy –>

<Javascript async=”false” continueOnError=”false” enabled=”true” timeLimit=”200″ xmlns=’‘>

  <!– contains the name of the main code file –>



And that’s it! Now you can click on Update

08 - Update.png

and then on Save

09 - Save.png

… from now on your API calls to a backend systems should really mask the URL.

10 - UpdatedURL a.png

I hope this small example not only showed you how you can mask the URL, but also gave you a glimpse of the power of these policies. With the JavaScript policy you can actually do whatever you want in your flow. You can filter traffic, redirect URLs, change content, check or validate content, … The possibilities are endless.

In future blogs we will go in more detail and talk about some other things you can do with the JavaScript policy. We could for example make this script more dynamic so that it first retrieves the target URl and uses the API Proxy name — so that you do not have to hardcode this information.

Feel free to add your comments & feedback.

Update: for more information see SAP API Management – Overview & Getting started

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Matthias Heiler


    is there a simple way to copy an API?

    I tried to export and import an API. At import, after selecting the corresponding (exported) zip file, it says API already exists. So what am I missing to get an API copied? Instead of starting from scratch I could take an existing one and adjust it to my requirements?


    1. Elijah Martinez

      Hi Matthias,

      When you export an API, you are saving all the relevant data including the name and path for that API. This is relevant as the standard use of export/import is across API Management systems (say for example when moving an API from Dev -> Test landscape).

      Currently there is no “Clone” feature, so you will have to manually edit the API details before you import it back into the system.

      After you export the API, open the created zipfile (e.g. for “API” it will generate “”) with your favorite zip-handler.

      Fortunately, due to the way the API Proxies are structured, you will not need to edit too many items or fields, unfortunately, you will need to dig through the XML.

      The Folder will be “APIProxy” – Under that will be a root XML file describing the API, with name like “API.xml” from example above. Edit this file, and change the value for the name,  and title, e.g. change <name>API</name> to <name>API-2</name>, and <title>API</title> to <title>API-2</title>, then save and close.

      Next you will need to enter folder “APIProxyEndPoint” and edit “default.xml”. In here you need to locate and change the base path, e.g. <base_path>/p#trial/API</base_path> to <base_path>/p#trial/API-2</base_path>

      With just those minor edits, if you keep the zip file structure the same, you should be able to import your API proxy back into the API Management platform, under the new name/title/base path and retain all your other work such as Policies and scripts, assuming those were left without specific references to a static path/name.

      This can also be done for more advanced modifications to an API Proxy if desired, though obviously it is more difficult and error-prone this way.

      I hope that helps answer your question.



  2. Matthias Heiler

    Hi Elijah,

    yes it worked out perfect. And that two little tiny changes are not worth to mention. Little effort great result.

    Tx a lot.



Leave a Reply