How to expose Gateway Services via HCI OData Provisioning, and secure them using SAP API Management on HCP Trial – Part 2
|Part 2 (You are here 🙂 )||
This is a continuation from Part 1 where we walk-through setting up HCI OData Provisioning on HANA Cloud Platform against SAP Developer Center’s ES4 Gateway system. If you haven’t already completed this, I recommend going through Part 1 in order to be ready for this blog.
A quick bit on “Why SAP API Management?”
SAP API Management does not replace SAP Gateway, and in fact, relies on SAP Gateway to expose data from SAP Backends. What SAP API Management adds is an enhancement of the capabilities provided by SAP Gateway. It can sit on top of a Gateway deployment in order to provide Secure and Scalable access, through security, and data management policies, such as
As well as providing a developer engagement area. With a deployment on HCP, it is even easier, as a user of SAP Gateway only needs to install/run the IWBEP component of Gateway on their SAP Backend system, and use HCI OData Provisioning on HCP to connect to it, consuming the exposed OData endpoints directly in SAP API Management. Additionally SAP API Management can combine other data sources such as HANA XS or Non-SAP data together with Gateway exposed data, exposed via a single secure endpoint for developers to build impressive Apps.
For more in-depth on benefits of SAP API Management – see SAP API Management FAQ
Now that you should have at least one SAP Gateway service exposed in HCI OData Provisioning (hereafter referred to as HCIODP), it’s time to set things up so that they can be connected to by SAP API Management. Due to the Platform nature of HANA Cloud Platform, this is remarkably easy fortunately. If you have not yet enabled SAP API Management, please follow the steps outlined here Free Trial of SAP API Management on HANA Cloud Platform is available now!
Once you are set-up, can get started right away.
PART II – Creating API Proxies from OData Endpoints in SAP API Management
1. Creating a “System” connection to HCIODP.
Login to your HCP Trial Account with SAP API Management enabled. Open the Services pane, and locate SAP API Management under the “Integration” section. Launch API Management API Portal by clicking “Access SAP API Management API Portal”
This should load the “Configure” section of SAP API Management by default, if not, click the drop down menu from the top left hand corner and select “Configure”. This is where one generates Target systems for SAP API Management. Click “Create” in the bottom right hand corner to add a system.
This will take you to the Create System window, where you will need to enter the relevant details for the HCIODP system used in Part I.
Details: HCI OData Provisioning system, providing exposed Gateway Services
Host: enter the Base URL from the Service Document URL you saved from Part I. (The format will be gwaas-<userID>trial.hanatrial.ondemand.com)
Check Use SSL
Authentication Type: Basic
Service Collection URL: /CATALOGSERVICE/ServiceCollection
* The Catalog URL is something unique to SAP Gateway systems, which allows SAP API Management to “Discover” available services from the Catalog Service. It is not used for Non-SAP systems.
After checking details entered, then click “Save”. Once system has been saved, click “Launch” hyperlink at bottom left-hand side of screen, this will launch a new tab, opening the SAP API Management Destinations area on the HCP Cockpit, not to be confused with the Global HCP Destinations. Here you will add Authentication settings for the newly created System. Click the name of the system you newly created, e.g. HCIODP and click the “Edit” button at the bottom of the page.
User: <Use the accountID that was added under GW_User in Part I>
Password: <Password for accountID added under GW_User in Part I>
Next, Click “New Property” under Additional Properties, and enter Key: TrustAll || Value: true
Then click “Save”. Changes can take up to 5 minutes to save (but usually will only take a few seconds).
2. Creating an API Proxy using HCIODP Service
Close HCP Cockpit to return to API Management API Portal window. Select drop-down menu list from top left hand corner and select “Manage” to open API Proxy page.
In the API Proxy window, click “Create” at the bottom-right hand corner, and select “Create API” from popup selection to bring up the “Create API” screen.
Provider System: <Select system created in step 2>
Click “Discover” button to see a list of all services exposed by HCI-OData Provisioning.
Select a Service and click “OK” this should auto-fill all the API Information for you.
* Link Target Server will create the API with all System information determined by the Provider System you determine, and all pathing linked as a virtual path. This allows for easy transition between environments (such as Dev, Test, Prod) for the API Proxy. Documentation flag determines whether SAP API Management attempts to pull existing documentation from the Service, and is only applicable for SAP Gateway endpoints.
Click “Create” to generate the API Proxy. If everything was entered correctly, the API Details screen should come up, with all Resources (and corresponding descriptions of the model) created automatically from the Metadata.
Then click “Save”. If everything went well you should see a message at the bottom of the screen telling you “API Registered Successfully”.
To test that the API Proxy is working correctly, click “GET” for one of the resources with that operation available. If no resources are available, select “Test” from the main Drop-Down menu, then select the name of the API Proxy from the list of APIs.
Click “Authentication: None” and select “Basic Authentication” from the drop down list.
User Name: <UserID added under GW_User in Part I>
Password: <Password for userID added under GW_User in Part I>
Select the “GET” operation.
Click “Send” in the bottom right hand corner.
This should successfully retrieve the OData Collection provided by HCIODP, via a call to the SAP API Management API Proxy Endpoint URL.
Now that you have an API Proxy sitting on top of the HCIODP service, you can start adding Policies to extend the functionality, as well as expose it to the Developer Portal so that Developers could begin to build apps on top of the data. I will not get into that in this blog, as we were just quickly getting up and running connecting SAP API Management to HCIODP.
If you would like to start learning more about what you can do with SAP API Management, I suggest looking at the repository of information SAP API Management – Overview & Getting started which will continue to be updated as more enablement content is added.
Of particular interest to this particular exercise, will be the Blog on creating a Policy SAP API Management – Enabling URL masking . If you notice above, the returned data includes links to the HCI OData Provisioning service, which is not what you want if SAP API Management is the intended target for connectivity. The linked blog will tell you how to have SAP API Management automatically mask all URLs through SAP API Management.
For questions, feedback, concerns, feel free to leave a comment, or send us an E-Mail.