Skip to Content
Author's profile photo Akhilendra Singh

SAP Hybris Marketing integration with AWS-SES Email provider

Applies to:

SAP Hybris Marketing:  For more information, visit

Summary:  This article explains SAP Hybris Marketing integration with AWS-SES which is used for email campaigns , newsletter and utilizes AWS-SES various features : such avoid SPAMs, Bounce, complaints etc

Authors: Akhilendra Pratap Singh

Company: Mindtree Bangalore

Created on: 15/06/2016

Author Bio


Akhilendra Pratap Singh is working as Sr. Functional Consultant at Mindtree Bangalore and has expertise in the areas of SAP SD, SAP CRM, SAP C4C and SAP Hybris Marketing . He is SAP SD and CRM Certified professional with around 16.5 years of experience.


SAP Hybris Marketing (1602 onwards) supports two email Service providers for Email Campaign management, namely: AWS-SES and SAP Mobile Service for Email. This paper will cover end to end integration of SAP Hybris Marketing with AWS- SES and is based on SAP Hybris Marketing 1511.

In order to set up the AWS- SES  email service provider, you will have to do configurations in:

  • SAP  Hybris Marketing Customizing
  • Amazon service for emails, notifications and queues and
  • Amazon Web Service Account for the Simple Email Service (SES) using http (not smtp)


  1. You have created an AWS account or has been setup by your BASIS team and you are provided with Login Id and Password.
  2. Login to with your credentials and configure a verified sender email address. You will need this when you define a sender profile later on.


     3. For the verified sender email address, edit the Notification Configuration and create a new Amazon SNS topic, eg  bounces and complaints. Give the new topic the same name as the feedback queue. For example : AMAZON_BOUNCE





4.. In the Sender Notification Configuration, assign the SNS topic and disable Email Feedback Forwarding.


After Saving the config  ARN will be generated as shown below:


5. In the SQS console, create a new queue with the same name you gave the feedback queue in technical configuration.



6. Subscribe to new queue to the SNS topic you created earlier.

   Go to your AWS -SES Account and click on Security Credentials



Now you should create an IAM Users required to send or used in Sender Profile. It’s advisable to use IAM users to send emails as you can control the permissions/ authorizations.

  • Steps  to create an IAM User


  • Enter the user Names and Click the check box to “Generate an access key for each users” and then click on create ,as shown below:


  • Security Credentials Created for IAM Users.


7. Now You have set an account up at Amazon AWS-SES and received  following parameters during account set-up:

  • Amazon Access Key ID (hash string)
  • Secret Access Key (hash string)
  • Feedback Queue Path : see below for details

          The Feedback Queue Path is the last individual portion of the queue URL at Amazon.

          For example, the path from is /NNNNNNNNNNNN/ABC.    is   /NNNNNNNNNNNN/ABC.

Identify Feedback Queue Path for you Hybris Mkt System :



8. Set up a Group so that you can assign Policies to Users. For Example “Administrator” and assign all the admin policies.


9. Select from the  Policies to attach it to  Group Created in above step and click next.


10. Assign Users to the Group



Steps for AWS-SES  HTTPS RFC connection setup  and  Download X.509 certificate for STRUST (SSL Certificates)


Following steps needs to be setup in SAP Hybris

  • Import Amazon SES SSL Certificates in the Trust Store
  • Download SSL Certificates for your AMAZON SES target host (you can download the SSL certificate by opening the target host URL in your internet browser and downloading the SSL certificate)
  • Import the certificate into the PSE as described in Creating the Anonymous SSL Client PSE. You find this topic under NetWeaver PlatformSAP NetWeaver 7.0Application HelpFunction-Oriented ViewSecurityNetwork and Transport Layer
  • SecurityTransport Layer Security on the AS ABAPConfiguring the SAP Web AS for Supporting SSLCreating the Anonymous SSL Client PSE.
  • Set SSL to Active for RFC destinations AMAZONMAIL, AMAZONBOUNCE.
  • Select the certificate list to which you uploaded the certificates.
  • Test the AMAZONMAIL RFC destination. If you receive an HTTP response code 404, then the set up is correct

Follow the below steps to Download Certificates and apply to  Hybris Mkt system

1.  Open URL: in Chrome and  Open developer tools , as shown below:


2. Navigate to Security tab.


3. Choose ‘view certificate’ and save the certificate locally:


4.Store it as Base-64 file:


5. Login in to Hybris Mkt System and Import the certificate in Strust:  ( tcode: strust)


6. Setup RFC connection: ( Tcode: SM59)


Check the Security options in Logon and Security TAB, it should be “ Anonymous SSL..”


7. Perform the connection test and you should get HTTP response 404, which confirms connectivity to Amazon Server has been established and now you can send email/ execute email campaign .


  • To maintain / change Access key and Secret access key of IAM user in Hybris MKt




  • You would not like that all the Target Group members (Contacts) should receive emails when you execute an email campaign , while you are working on Development System, To avoid that :
      • You should maintain multiple  test email id,(Tcode: ME_WHITELIST) whichare verified in AWS- SES (if you are still in Sand Box)


1) SAP Hybris Marketing Installation Guide1511

2) AWS Developers Guide

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member


      Thank you very much for this great and very detailed description of the configuration process on AMAZON side ūüôā

      One important point for everything to work correctly here is the following:

      When configuring the notification configuration, the SNS topic should NOT be assigned to the Delivery option.

      For successful deliveries no topic should be assigned at all. Otherwise you will get errors in the application log during the bounce collection from AMAZON SQS. Only bounces and complaints should be assigned here.

      Best regards,


      Author's profile photo Jan Matthes
      Jan Matthes
      Author's profile photo Tyagi Prashant
      Tyagi Prashant

      Hi Akhilendra,

      Nic article with detail information.



      Author's profile photo Former Member
      Former Member

      Hi Akhilendra,

      Does MS outlook supports email services in hybris marketing?



      Author's profile photo Akhilendra Singh
      Akhilendra Singh
      Blog Post Author

      Dear Esha,

      Integration with  MS Exchange ( MS outlook ) is not available  as out of the box solution. You would need to develop your own custom build adapter to integrate MS Exchange server with Hybris Marketing .

      Please refer to :yMkt: how to send email without external provider

      Hope it helps.



      Author's profile photo Surjeet Bhati
      Surjeet Bhati

      Really nice piece of work Akhilendra Singh

      Author's profile photo Former Member
      Former Member
      Hello Akhilendra and All,
      I would like to thank you for this much detailed blog
      We have followed each and every step as you have listed in your blog
      However at the end, I'm getting the below attached error when I try to do the connection test in RFC Destination AMAZONEMAIL, it doesn't give us 404 error but throws SSL handshake error 443.
      Just want some hints from you, if we have skipped some important steps or we are wrong some where.
      Your help here would be really appreciated.
      As we understood from your blog, to download the certificates

      As we understood from your blog, to download the certificates
      1) We opened below URL in chrome broswer ::
      When we open the site we get the below message . Is this right to get such a message ?

      The reason why we went for this URL is because in our console we got the URL and ARN as below, hence we changed the URL to
      Is this step which we did by opening the " eu-west-1 " url a correct one ?

      Is some certificate needs to be uploaded in AWS side as well ?



      Author's profile photo Former Member
      Former Member

      Please check transaction SMICM for more detailed error messages regarding SSL errors.

      Also on your SM59, AMAZONMAIL connection, did you set the Security Options on the "Logon&Security" tab to ANONYM SSL?

      Author's profile photo Joyca Vervinckt
      Joyca Vervinckt


      do you know the alternative for SMICM and SM59 logs in a hybris marketing cloud system perhaps?



      Author's profile photo Daniela Arndt
      Daniela Arndt


      Hi Bipin,

      I don't know if you could already solve that problem but we faced a similar problem. We had to change manually the proxy settings in the RFC connection. After that the connection test was ok.

      Hope that helps.

      Author's profile photo Akhilendra Singh
      Akhilendra Singh
      Blog Post Author

      Hi Bipin,

      while downloading certificate , please select the 2nd option i.e: "Base- 64 encoded X.509 certificate"

      For Amazon mail  :

      For Amazon Bounce:
      SQS( Region):

      You don't need to upload any certificate on Amazon!


      Author's profile photo Former Member
      Former Member

      Thank you Akhilendra for your reply.

      While exporting the certificate from AWS website we selected the BASE-64 encoded X.509 format only.

      Unfortunately we still get the same SSL handshake error ? Do you think any steps we could have missed, from your post we have followed all the steps.

      We visited the site our chrome browser and exported the certificate to our desktop. Later this was imported to STRUST under node SSL client SSL Anonymous

      When we opened this site in the browser we got the message <unknownoperationException/>, is this fine ?

      Can you give us some Hint.

      Thanking you for your help and guidance



      Author's profile photo Anthony Delcy
      Anthony Delcy

      Hi Bipin,

      I have followed the same instructions and I get the same error when I test the RFC. The only difference from your settings and mine is the region. I am using and for the bounce queue I am using and these information matches with my SQS queue from Amazon.

      Have you figured out the issue yet? If yes, could you share your finding please.

      Thank you


      You can email me at:




      Author's profile photo Former Member
      Former Member

      Hello Anthony,

      Thank you for letting us know that you too are facing this problem.

      Not sure how to proceed, I have raised an Incident with SAP asking and seeking some inputs from them. I will surely keep you posted, if you get some information please let is know as well.

      What determines the region ? While configuring the AWS account you get the ARN key generated, mine came as West so i thought I should open the west website and download the certificate from there. Is this a correct approach ?

      Also what is the RFC destination Target host you have kept





      Author's profile photo Former Member
      Former Member

      Author's profile photo Akhilendra Singh
      Akhilendra Singh
      Blog Post Author

      Hi Bipin,

      Have you maintained the  Access Key ID , Secret Key Id & Feedback Queue Id in customizing settings .

      Use Tcode: "ME_AMAZONXS"  to Set Amazon SES Credentials 

      Feedback Queue format looks like:

      Feed back: /XX09200XXXX / Amazon_Bounce_Complaint_Notifications

      Above  details you will find  from SQS Queue


      Also , it's advisable to maintain IAM user ( with admin credentials) and use Access Key and Secret key of IAM user, though not mandatory.



      Author's profile photo Former Member
      Former Member

      Thanks for the posting. It's informative.

      Does Hybris support multiple AWS accounts to use SES? It seems to support to add multiple AMAZONSES. But only ONE AWS credential tab is provided, which means it does not support using multiple AWS accounts for SES. Is this correct?


      Author's profile photo Former Member
      Former Member

      Hi Bipin

      Did you resolve SSL handshake error ? Please post the solution if it is solved

      Hi Akhilendra,

      We are getting error in Amazon bounce RFC destination like Bipin(same screen) and we are getting 404 in Amazon mail

      Where did we go wrong in that case ?

      Any help would be appreciated





      Author's profile photo Thirupaty Reddy Vemula
      Thirupaty Reddy Vemula

      Hi Everyone,


      Can we use Amazon for SMS services.




      Author's profile photo Former Member
      Former Member

      You will need a license for SAP SMS 365 for SMS functionality

      Author's profile photo Oliver Sierig
      Oliver Sierig

      Hi  Akhilendra,


      i'm completely new to the topic and have to configure Amazaon SES for Hybris Marketing Cloud.

      I have a question concerning the Feedback Queue. What do you mean by

      " In the SQS console, create a new queue with the same name you gave the feedback queue in technical configuration. " ? 

      What technical configuration do you mean ?




      Author's profile photo Vervinckt Joyca
      Vervinckt Joyca



      In SLG1 in hybris marketing; we are getting this log:

      Start collecting bounces from provider "sapAmazon".
      Please create an incident due to an internal error: "NOTIFICATION_TYPE"
      Please create an incident due to an internal error: "NOTIFICATION_TYPE"
      Processed 0 entries from queue.
      Finished collecting bounces from provider "sapAmazon".


      Does anyone have an idea what the problem could be?



      Author's profile photo Thirupaty Reddy Vemula
      Thirupaty Reddy Vemula



      After Subscribe the new queue to the SNS in AWS, do we need to  confirm the subscription and what need to mention in "Subscription confirmation URL".

      Is the above steps are mandatory for mkt system to recieve bounces



      Thirupaty Reddy V

      Author's profile photo Tobias Schneider
      Tobias Schneider

      Hi Akhilendra Pratap Singh,

      thanks for the nice blog! Sending e-mails works as expected.

      Is there a special configuration needed for getting the "EMAIL_OPENED" and "CLICK_THROUGH" events as interactions into Hybris Marketing.

      Because when I just have a look at the e-mail (e.g. in outlook) that seems to be not enough to receive the EMAIL_OPENED interaction.

      When I click a link in an e-mail I afterwards get the EMAIL_OPENED interaction but not the CLICK_THROUGH interaction.

      Best regards


      Author's profile photo Renjith Kumar Ramadasan
      Renjith Kumar Ramadasan

      Has anyone faced this error?

      API error: Code "403", Reason: "Forbidden", Message: "SignatureDoesNotMatch The request signature we cal", RequestID: "7d3d55...


      Regards, Renjith