Building & Consuming API’s using SAP API Management (Part 1)
Moderator Notice: Developer Portal Onboarding has changed. Please see this blog for updated process.
In today’s digital era, to connect your enterprise to the digital economy, APIs are the fastest and most efficient way. Lightweight and versatile APIs provide easy exposure of data in a device agnostic manner.
SAP API Management enables businesses to manage all the digital assets that companies publish, manage, monitor and monetize as APIs on a single platform from the various data sources and systems of records across various technologies from Cloud or On-premise.It has capabilities to provide a unified access for APIs based on open standards such as REST, OData, OAuth with secure and seamless connectivity to your applications and platforms.
API management helps make APIs secure and stable. It provides uniformity of APIs and enables businesses to more easily see who is using the APIs to access data. It also provides an easy way to onboard developers and enables them to develop application using the exposed APIs.
There are three main components for SAP API Management.
- API Platform – provides the tools to create and manage API. This is accomplished using the API Portal
- Developer Services – provides the tools to manage App developers. It comes with a developer on-boarding mechanism and enables developers to consume the exposed APIs. This is accomplished using the Developer Portal
- API Analytics – provides tools to view analytical trends of the API usage
I am going to share some of my experience and also provide you a step-by-step guide on how to create a basic API using the API Portal and consume it as a developer from the Developer Portal.
As a pre-requisite you need have a trial account on HCP and also registered for a user in ES4 system
SECTION 1: Accessing HCP Cockpit & enabling services
In this section, you will get to know how to access the HCP Cockpit and enable the API Management
Accessing HCP Cockpit & setting up API Management
- Launch HCP Trial and login with your trial user.
- Navigate to the Services section in the menu and search for API Management
- If you the service is not enabled, click on the service and enable it
- Click on the “SAP API Management API Portal” to launch the configuration settings
- Notice there will be a destination which is automatically created with the name “DEST_CI”
- Click on the Roles menu to view the predefined 7 roles. Assign the service user “p1940842373“ to the below roles
- APIPortal.Service.Administrator
- APIManagement.Service.Administrator
- APIPortal.Service.CatalogIntegration
Assign your user (without the word trial) to the Role APIPortal.Administrator
- Go back to the main screen of the SAP API Management by clicking on the link at the top
- Click on the API Management Dev Portal to configure the Dev Portal
- Notice there will be a destination which is automatically created with the name “apimgmt_portal”
- Click on the Roles menu to view the predefined 8 roles. Assign the service user “p1940842373“ to the role AuthGroup.ContentAuthor and your user to the role AuthGroup.API.ApplicationDeveloper.
If the roles are already assigned, there is nothing much to do in the setup.
SECTION 2: Using the API Portal to create API’s
In this section, you will get to know how to use the API Portal to create API’s, assign policies and test them.
2.1 Create a System
Launch the API Portal from the API Management main menu
- There will be no systems registered. Click on the Create button to create a new system and provide the below values.
- Click on Save and hit the back arrow above the system name. You should now be able to see you system listed in the Systems section
In the other tab which is still open, navigate back to the API Portal Configuration page by clicking on the link as shown.
Notice that a new destination has been created for ES4 ABAP System. Click on the pencil icon and update the user/password with your details and save the settings.
2.2 Create an API
In the API Portal, click on the Panel icon at the top left corner and select “Manage” from the menu. This will take you to the screen which lists out all the API
- Click on “Create – Create API”
- Select the System as “SAP_ES4” and click on the “Discover” button
Search for an select “GWDEMO”. Accept the defaults and click on Create button.
The system will display all the available 25 resources under this OData service. You also have options to set the operations against each resource. For example, you can only restrict GET operation for SalesOrderCollection. You can also change the documentation against each resource.For now accept the defaults and click on create.
You have now created an API
2.3 Set policies for API
In this section we will explore on some of the policies which can be applied to API’s. There are many predefined polices which are available for us to use.
Click on the “Policies on API” tab, and select “Launch Policy Designer”. This will open the policy designer where you can add some of the predefined policies.
- The Policy Designer canvas provides a representation of the Request Response pipeline of the API proxy. Pipeline represents the flow pattern and specifies the condition on which this policy should be executed.
Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to Quota and provide a name as shown and click on Add button
In the script which shows up in the middle of the screen, change the number from 2 to 4. This means that you will not be able to call this API for more than 4 times a minute. This is one way to throttle your requests. Click on Update button.
Now go back to the Policy Designer to add one more policy. Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to XML to JSON and provide a name as shown and click on Add button. This will ensure you will always get to see a JSON output instead of the XML output. Click on update button.
This is how the policy designer will look like after your save your work.
2.3 Test the API
From the menu, select “Test”. Select “GWDEMO” as the service and in the drop down select “SalesOrderCollection”. Set the operation as “GET”. Set the Authentication to Basic and provide your details. Click on send. Notice that the output is ion JSON format.
If you try to execute the service from more than 4 times, you will end up with a policy error as shown.
Finally, before publishing the API, let’s add one more policy. This policy ensures that there is always an API Key provided when executing an API. Now go back to the Policy Designer to add one more policy. Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to Verify API Key and provide a name as shown and click on Add button.
In the script section, change the APIKey ref to ‘request.header.apikey’ as shown. Click on update button.
This is how the policy designer will look like after you save your work.
2.3 Publish the API
- Select “Manage” from the menu and navigate to the Product tab.
- Click on “Create” button to create a Product. A product can have one or more related API’s.
Give the name and title for the product and click on the + icon to add the API which we created earlier.
Publish the Product.
You have now created a Product and is ready to be consumed from the Developer Portal.
I have published the remaining steps as Part 2 in the following article.
Hi,
Stuck at section 2.1 - when I click on the link for Access SAP API Management API portal a new browser window opens and gives me an error message:
Hi Geoffrey,
that's very strange. The SAML redirect points to http://localhost:8080...
Could you try again? Maybe with another browser or from another PC?
Regards,
Holger.
Hi Geoffrey, When you click on the link to API Portal, your user will be authenticated using the Cloud Identity and it looks like something went wrong. Can you try again clearing all your cache and cookies in your browser.
Regards,
Murali
Hi Geoffrey, do you have this problem with other items in HCP trial as well? For example, are you able to open WebIDE?
I had an issue like this as well in the past, when I had changed some configuration of the HCP Cockpit during an OpenSAP course, and then had forgotten to set it back.
I believe the setting I had changed was the Trust setting - "Trusted Identity Provider", which had been set to a connection on my EclipseIDE for that particular exercise. By default it should typically be pointing to the SAP ID Service accounts.sap.com instead.
I'm not sure if this is the same issue you are facing, but I hope this helps, as it is an issue with SAML rather than API Management.
Regards,
Elijah
Hi,
Fixed the issue I had in section 2.1 - in case it happens anyone else it was related to my IDP settings in the trust section. Mine were set to custom, by changing this back to default, the link worked fine.
Regards,
Geoff
Hi,
Yes, it was to do with cloud identiy. I had created a POC application on the same Hana account and I had my identiy provider set to custom and running an identity provider from my machine. Once I changed this back to default identity provider I was able to access and continue with the guide.
Thank you for the replies.
Regards,
Geoff
Hi,
I am getting error at step 2.2 while clicking on discover after the choosing the provider system. Error is [Request Id: 925aa4ba-2328-4f30-a254-0af4e5ddf80e]Unable to fetch data from catalog.
I have given trial account user name and pwd and also tried using No authentication. Getting this error in both ways.
Can you please let me know, Is there a mistake from my side?
Hi,
when you created the system in 2.1., can you copy the Catalog URL and paste it in a browser? Is this working?
Regards,
Holger.
Hi Holger, I have made a typo error while entering the url. I used 0(zero) instead o for odata
🙂 While I was trying to check as you said, I noticed. Thanks for that . After the correction, when I paste the catalog url its prompting for the username and password. But its not accepting my hanacloud cockpit's account credentials . Do I need any additional authorization to login to ES4/800? Thanks, Arivarasu S
Hi,
yes, you have to enter the credentials for the ES4/800 system (actually you also have to enter these credentials when adding the system). If you do not have access, please follow this blog:
Sign up and get started with the SAP Gateway - Demo Consumption System
Regards,
Holger.
Hi Holger,
Now I got through 🙂 . My trial account does not have right auths, after getting access to ES4, I am able see Odata services. Thanks for your help. I will proceed further now 🙂 .
Thanks,
Arivarasu S
Typically "Unable to fetch data from catalog" indicates an error with authorization. If you are following the guide above, and using the ES4 system, you must enter the user name and password for the ES4 system.
Hi Elijah,
Yes, I have provided the password too. Actually I have given my username(without trial) and same the password which I used to login to the trail hana account. I hope that is the correct. Did I make any mistake there?
Thanks,
Arivarasu S
Hi Arivarasu, Please try the suggestions pointed out by Elijah and Holger. Make sure you put ES4 user & password in step 2.1. In Step 2.2 when you click on discover, there is a call which goes to ES4 system to retrieve all the OData services. You would be able to see this call in your browser Network trace.
I was working on this and was getting the same issue of not able to fetch the catalog. It says credentials not correct. I have provided my Pxxx user id and the pwd which I use to log on to the hanatrial.ondemand. Am I doing something wrong, please advice.
Hi Holger,
Could you tell me how to resolve this problem, i am getting the error in my system
I have checked the connection in destination also, I got message as connection established.
Regards,
Raghavendra
Murali Shanmugham ,
I followed all the steps and can successfully test the API,but i keep on getting an error message when trying to publish the product.
I can test the API successfully in the API hub.
Thanks.
Regards,
Rishi
Hi Rishi Khandelwal
Could you tell me how to resolve this problem, i am getting the same error in my system
Thanks, regards.
So the issue was with the roles.
I had followed the this old on boarding process where I had modified some of the roles.
This time due to some issue all my roles were wiped out and I simply followed-
https://blogs.sap.com/2017/04/21/update-to-developer-portal-onboarding-process-on-trial-environment/
Created a fresh new account just to see what roles comes pre-configured and maintained only those in my previously botched up Account.
API Portal Roles-1. APIPortal.Administrator
2.APIManagement.SelfService.Administrator
3. APIPortal.Service.CatalogIntegration
Developer Portal Roles
1. AuthGroup.API.Admin
2. AuthGroup.ContentAuthor
All these roles I assigned to my own user id.This time i was able to register my product without any error.
Regards,
Rishi
Thanks,
I followed your steps and, I solved my error, Thanks again.
Special cheers.