Skip to Content

SAP PO Rest Integration with Salesforce (OAuth)

Our customer has  one requirement: SAP ECC sent  ads vendor data to Salesforce system with Rest.

We call know that to call Salesforce service, we need a token.

We need to send the data to Salesforce to get token:


Test it with SOAPUI, we get token from response:

Then add token to the Header when call Salesforce services:

we can complete this in PO REST adapter:

But how to get the token dynamicly?
a lots of ways:

Write java mapping program?

Write a lookup function?

Design another interface and save the parameters in ECC system?

Design a complex iflow …

Can I use configuration? did a search but no anwser.

Our PO system is 7.5 with support package 7, there three options for OAuth:

Choose OAuth 2.0 Grant Tye Flow:

There are two options, we have parameter grant_type=password in SOAPUI.

Which one is for me?

After I hack into the codes of Rest Adapter and find out:

Resouce Owner Password Credentials Grant = password

Client Credentials Grant =  client_credentials

Then I have to fill all the fields:

I can tell you:

Resource Owner Client ID = client_id

Resource Owner Username = username

Resource Owner Password = password

Authorization Server Username & Password is  not used in the codes! And Salesforce  don’t give me these parameters.

Then do a test, not lucky.

Response message is :

Error while processing Authorization request! 
[EXCEPTION] HTTP OAUTH 2.0 CLIENT CREDENTIALS GRANT call to not successful. Error while obtaining authorization code - response code: 400 
{"error":"invalid_client","error_description":"invalid client credentials"}


There is no field for client_secret.

Ok, add ‘client_secret=……’ to Authorization Server URL,  end with ‘&’:


Look into the debug info, it works out:

I’m so happy to resolve the problem.Maybe SAP should provide more detail information about each function.We tried so many times.

Later I get this note from SAP support, New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants.
It is very helpfull.

You must be Logged on to comment or reply to a post.
  • Hello Shen,

    Thank you a lot for sharing this valuable functionality of the REST adapter - it is truly demanded by the community, and before having it in standard, various solutions required custom development or usage of 3rd party components (such as adapters). Revealing a new feature and providing a real life use case for the introduced functionality is helpful and very appreciated.

    In my opinion, it would also be worth mentioning a SAP Note 2405166, which contains description of relevant adapter configuration parameters and references to the corresponding specifications of OAuth 2.0 framework (defined in RFCs 6749 and 6750) that might be useful for understanding available and supported grants an their usage.



    • Thanks for your reply.
      I have read this note, very helpfull.
      2405166 – New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants
      I think it is not applied for Salesforce at the moment.

    Nice blog. I am also working on similar requirement. However we are on PI 7.4…

    When I checked SOAP UI with URL -<client_id>&client_secret=<client_secret>&username=<username>&password=<password>


    I dont see anything in request message, instead values are passed as query to URL.


    How to achieve this in PI?


    Please help.




  • Hi Shen

    Thanks for your excellent blog, very useful. I had one further question - we are looking to implement this new functionality but a question has come up about token caching. From your experience do you know if the new functionality of the REST adapter supports this? And does it support use of refresh tokens? Or does it send a new auth request for every message processed regardless of token expiration times?

    Many thanks


  • Hi Shen Peng,


    Thanks for the very helpful  article. we unable to see acces_token, could you please let what are values to pass for HeaderName & ValuePattern in  HTTPHeaders tab?


    Thanks in advance.

    Best Regards,

    Karunakar A

  • Hi All,

    Concerning Sharepoint authentication in the cloud (office365) - has anyone connected there yet using standard adapter Sender/REST Polling.  I am going down the route of OAuth but am struggling to figure out the needed parameters and HTTP headers needed.

    7.5 SAP PI Java only SP10.

    Hoping it can be done without the need of custom module development.

  • Hello,

    Is it mandatory to provide Authorization server username and password for grant type flow "Password" as the application with which I want to use the REST receiver adapter does not provide them just like in your case. Could you please guide me on this

    • Please refer to the notes:

      2535623 - OAuth 2.0 call to the authorization server could be of wrong type

      2405166 - New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants

      Keep update with latest SPs.

        • The REST Receiver adapter works with Salesforce, as we just tried. For the “Authorization server username and password” you can enter whatever you want, it’s not used. We just doubled the entries from the fields below (Resource owner user and pass).


          Philippe Addor

  • Hello.


    I followed the steps you have explained, but I can´t get authorization token correctly.

    How you fill Authorization server username and password??

    In the notes you refer, I don't get explanation to fill the fields.

  • Thanks for this post.  Just set this up successfully using the details in Shen's original message.


    Two notes:

    • I didn't put the client_secret on the end of the URL - I put it in the additional parameters with parameter type "Query".
    • We had an additional issue caused because our Salesforce account password contained a % sign.  We had to URL encode it before entering it into the password field (ie. replace % with %25) to get the connection to work.





  • Hi All,

    As you may know PO adds “Content-Encoding : UTF-8” parameter to message header by default. In my case SalesForce rejects Content-Encoding parameter whether I populate it with ‘UTF-8’ or ‘identity’ values.

    I have tried the same case with SOAP UI and the result is same. 415 Unsupported Media Type. If I remove Content-Encoding parameter from message header on SOAP UI, it works fine.

    Did you also face with the same issue?

    Thanks in advance.

    • Hi Yekbun,

      Just out of interest: you integrate with SFDC ( using a REST adapter. Which version of SAP PI (or PO) do you have?

      Thanks a lot.