Building & Consuming API’s using SAP API Management (Part 1)
Moderator Notice: Developer Portal Onboarding has changed. Please see this blog for updated process.
In today’s digital era, to connect your enterprise to the digital economy, APIs are the fastest and most efficient way. Lightweight and versatile APIs provide easy exposure of data in a device agnostic manner.
SAP API Management enables businesses to manage all the digital assets that companies publish, manage, monitor and monetize as APIs on a single platform from the various data sources and systems of records across various technologies from Cloud or On-premise.It has capabilities to provide a unified access for APIs based on open standards such as REST, OData, OAuth with secure and seamless connectivity to your applications and platforms.
API management helps make APIs secure and stable. It provides uniformity of APIs and enables businesses to more easily see who is using the APIs to access data. It also provides an easy way to onboard developers and enables them to develop application using the exposed APIs.
There are three main components for SAP API Management.
- API Platform – provides the tools to create and manage API. This is accomplished using the API Portal
- Developer Services – provides the tools to manage App developers. It comes with a developer on-boarding mechanism and enables developers to consume the exposed APIs. This is accomplished using the Developer Portal
- API Analytics – provides tools to view analytical trends of the API usage
I am going to share some of my experience and also provide you a step-by-step guide on how to create a basic API using the API Portal and consume it as a developer from the Developer Portal.
SECTION 1: Accessing HCP Cockpit & enabling services
In this section, you will get to know how to access the HCP Cockpit and enable the API Management
Accessing HCP Cockpit & setting up API Management
- Launch HCP Trial and login with your trial user.
- Navigate to the Services section in the menu and search for API Management
- If you the service is not enabled, click on the service and enable it
- Click on the “SAP API Management API Portal” to launch the configuration settings
- Notice there will be a destination which is automatically created with the name “DEST_CI”
- Click on the Roles menu to view the predefined 7 roles. Assign the service user “p1940842373“ to the below roles
Assign your user (without the word trial) to the Role APIPortal.Administrator
- Go back to the main screen of the SAP API Management by clicking on the link at the top
- Click on the API Management Dev Portal to configure the Dev Portal
- Notice there will be a destination which is automatically created with the name “apimgmt_portal”
- Click on the Roles menu to view the predefined 8 roles. Assign the service user “p1940842373“ to the role AuthGroup.ContentAuthor and your user to the role AuthGroup.API.ApplicationDeveloper.
If the roles are already assigned, there is nothing much to do in the setup.
SECTION 2: Using the API Portal to create API’s
In this section, you will get to know how to use the API Portal to create API’s, assign policies and test them.
2.1 Create a System
Launch the API Portal from the API Management main menu
- There will be no systems registered. Click on the Create button to create a new system and provide the below values.
- Click on Save and hit the back arrow above the system name. You should now be able to see you system listed in the Systems section
In the other tab which is still open, navigate back to the API Portal Configuration page by clicking on the link as shown.
Notice that a new destination has been created for ES4 ABAP System. Click on the pencil icon and update the user/password with your details and save the settings.
2.2 Create an API
In the API Portal, click on the Panel icon at the top left corner and select “Manage” from the menu. This will take you to the screen which lists out all the API
- Click on “Create – Create API”
- Select the System as “SAP_ES4” and click on the “Discover” button
Search for an select “GWDEMO”. Accept the defaults and click on Create button.
The system will display all the available 25 resources under this OData service. You also have options to set the operations against each resource. For example, you can only restrict GET operation for SalesOrderCollection. You can also change the documentation against each resource.For now accept the defaults and click on create.
You have now created an API
2.3 Set policies for API
In this section we will explore on some of the policies which can be applied to API’s. There are many predefined polices which are available for us to use.
Click on the “Policies on API” tab, and select “Launch Policy Designer”. This will open the policy designer where you can add some of the predefined policies.
- The Policy Designer canvas provides a representation of the Request Response pipeline of the API proxy. Pipeline represents the flow pattern and specifies the condition on which this policy should be executed.
Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to Quota and provide a name as shown and click on Add button
In the script which shows up in the middle of the screen, change the number from 2 to 4. This means that you will not be able to call this API for more than 4 times a minute. This is one way to throttle your requests. Click on Update button.
Now go back to the Policy Designer to add one more policy. Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to XML to JSON and provide a name as shown and click on Add button. This will ensure you will always get to see a JSON output instead of the XML output. Click on update button.
This is how the policy designer will look like after your save your work.
2.3 Test the API
From the menu, select “Test”. Select “GWDEMO” as the service and in the drop down select “SalesOrderCollection”. Set the operation as “GET”. Set the Authentication to Basic and provide your details. Click on send. Notice that the output is ion JSON format.
If you try to execute the service from more than 4 times, you will end up with a policy error as shown.
Finally, before publishing the API, let’s add one more policy. This policy ensures that there is always an API Key provided when executing an API. Now go back to the Policy Designer to add one more policy. Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to Verify API Key and provide a name as shown and click on Add button.
In the script section, change the APIKey ref to ‘request.header.apikey’ as shown. Click on update button.
This is how the policy designer will look like after you save your work.
2.3 Publish the API
- Select “Manage” from the menu and navigate to the Product tab.
- Click on “Create” button to create a Product. A product can have one or more related API’s.
Give the name and title for the product and click on the + icon to add the API which we created earlier.
Publish the Product.
You have now created a Product and is ready to be consumed from the Developer Portal.
I have published the remaining steps as Part 2 in the following article.