Internet of Things made simpler with SAP API Management – III

This blog is the last part of my blog series. In our scenario, we have our fictitious company called RailCo who are the largest rail freight operator, moving minerals, agricultural freight and more across the nation. They lease their trains and track to other business partners who need this service. Quite often their partners’ needs access to a real-time application which tells them (1) Where the trains are currently located (2) What is the current temperature of each wagon (3) What is the light exposure in each of the wagon. There are certain minerals which should not be exposed to light or high temperature for a long time.

In the previous blogs, I have explained how I created a prototype using sensors which communicated to a Raspberry Pi. The Raspberry Pi obtains the sensor readings and streams them to SAP HANA Cloud Platform. I have deployed an application on SAP HCP which shows a dashboard providing real-time information of a particular train wagon.

The next step is to actually expose the sensor information securely to external partners. This is where API Management comes into play. API Management exposes an Organizations digital assets across multiple channels to customer, partners and external world thereby enabling external developers to consume and build rich digital apps on top of that. With API Management, you can

•    Increase workforce productivity

•    Personalize consumer engagement

•    Provide enterprise-grade security

•    Reduce IT complexity and total cost of ownership

•    Create custom apps quickly and easily

•    Co-innovation with partners and customers

•    Open up new business channels and revenue streams

•    Reduce initial infrastructure investment

•    Quickly modernize your business applications

HCP IoT Service provides out-of-the-box OData service to expose registered devices and the data captured against each of the devices.

You can use these OData endpoints to retrieve information on devive metadata or even the messages staored against each device.

https://<host>/com.sap.iotservices.dms/v1/api/devices

https://<host>/com.sap.iotservices.dms/v1/api/devicetypes

https://<host>/com.sap.iotservices.mms/v1/api/http/app.svc

If you query the app.svc service, it will list out all the entity collections.

Copy the table name which stores the sensor information for the particular device and change the URL as below to retrieve the values.

I created a destination in my HCP Cockpit which refers the above OData service. This would enable me to quickly build any UI5 applications based on WebIDE in the future.

Let us now expose this API also using the API Management. Launch the API Management API Portal to register the IoT OData API

I am going to register the API without creating a System. Click on “Manage” to create the API.

Provide the OData endpoints as shown below

Navigate to the policies tab to add few policies for this API

The Policy Designer canvas provides a representation of the Request-Response pipeline of the API proxy. Pipeline represents the flow pattern and specifies the condition on which this policy should be executed.

The first policy that I am going to add is to retrict the number of times an API can be called within a particular time period. Under the ProxyEndpoint, select preflow and click on Edit button. On the right hand side select the “+” symbol next to Quota and provide a name  as shown and click on “Add” button

In the script which shows up in the middle of the screen, change the number to 5. This means that you will not be able to call this API for more than 5 times a minute. This is one way to throttle your requests. Click on Update button.

Similarly add another policy “XML to JSON” under proxyEndPoint (Postflow) to ensure the output is always in JSON.

Another good feature of API Management is the ability to write your own scripts. It supports Python and Javascript. This gives us complete flexibility to intercept the request or response payload and manipulate the contents.When you test OData API which are typically available in your backend system, you will notice the hostname of the system in the response. There is an excellent blog by Holger Bruchelt where he explains more about how you can mask your URLs. I tried to replicate this in my API policy by masking the IoT service URL.

Add a new script with the below code which looks for a string in the output response and replaces it with “myIoTService”.

Add the policy “Javascript” under TargetEndPoint(Postflow) as shown below

Ensure that your script is referenced as shown below.

Save your API and now you are ready to test it.

Select the IoT API and provide the User ID and Password for Basic Authentication

Your should be able to see the response from the IoT OData APIs

Now you can allow your developers (who are part of your partner ecosystem) to discover and consume these APIs to build rich applications using the Developer Portal in API Management.

This concludes the blog series which demonstrates how one could configure HCP IoT services to obtain sensor values from remote devices and securely expose this information to external world using API Management.