In this part 5 of 8 part blog series, I will explain how SAP Cloud Platform, API Management can be used to securely publish APIs from an on-premises S/4 HANA System. The best-practice for connecting to on-premises systems from the SAP Cloud Platform is to use the SAP Cloud connector. Once the connection with the on-premises S/4 Hana System is established through the Cloud Connector, API Management can connect to it, discover the available APIs, and make them available in a secure and documented way.
S/4 HANA Overview
S/4HANA is an ERP innovation based on a new and radically simplified data model design concept which is only possible with an in-memory database like SAP HANA.
Based on the new data model, S/4HANA replaces successively the old code line with a new code line which is unconstrained from the confinements of the traditional databases and which allows SAP, partner and customer developers to maximize the benefits of the modern in memory database technology to the fullest extent.
To learn more about S/4 HANA please refer to the following link: YouTube Video.
Cloud Connector Overview
The SAP Cloud Platform, Cloud Connector serves as the link between on-demand applications in SAP Cloud Platform and existing on premise systems. The cloud connector runs as an on-premises agent in a secured network and acts as a reverse invoke proxy between the on-premises network and SAP Cloud Platform. Due to its reverse invoke support, you don’t need to configure the on-premise firewall to allow external access from the cloud to internal systems.
To learn more about the Cloud Connector, please refer to the online documentation: SAP Cloud Connector.
In this blog, I have taken an example of my SAP Cloud Platform trial account for SAP API Management.
- You have an access to any of the S/4HANA on-premises system.
Let’s get started!
For downloading and configuring the cloud connector refer to the following link:
Once the cloud connector is installed, open the administration console.
- Open https://localhost:8443 (or whatever port you used) in your browser. The following screen should come up:
- Enter User name and password to login as Admin.
- Click on Add Account to add an account.
- Fill in the appropriate details as shown below for your account.
Here for SAP API Management I have taken example of my SAP Cloud Platform trial account:
- Under “Account Dashboard” your SAP Cloud Platform Account should have been added.
- Now we will be adding the on-premises system for ER9 (S/4 HANA system).
- On the left side menu, click on “Cloud To On-Premise”.
- Add Backend System as Other SAP System and Click Next
- Select Protocol as HTTPS and click Next
- Add host and port of Backend System and click Next
In Virtual Host and port don’t put the same name and port as above. The Virtual Host name and port are the ones that will be used in the SAP Cloud Connector to access your backend system, hence hiding internal system name and port
- Select Principle Type as None and Click Next.
- Check the summary, select internal host checkbox and select Finish.
System should get added.
- Click on Add button under Resources Accessible to add url path as”/” this is to consider all the resources after “/”.
With this we have configured our backend system and now we will check in SAP API Management whether we can access Odata services from S/4 HANA system
Let’s start Managing OData Endpoints from API Management!
Open SAP Cloud Platform Cockpit from where you can see the successful connection to the on-prem system under “Connectivity – Cloud Connectors”.
That’s all you need!
Now let’s go to the SAP API Management Service. From your SAP Cloud Platform cockpit, navigate to the list of services and locate API Management Service. Click on “Access API Portal”. It is a good idea to add the SAP API Management as a bookmark to your browser now.
- Click on Develop and Navigate to API Providers
- Create API Provider and fill in the following details.
Note that the host name and the host port correspond to the mapping we previously created. Also, make sure to check the “on-premise” checkbox, so that SAP API Management will connect through the SAP Cloud Connector to your on-premises system.
- Navigate to Authentication and enter the user name and the password used for basic authentication.
- Lastly, navigate to the Connectivity tab, and setup the catalog service as defined below (or adapt it to your environment).
- This catalog service will allow to discover all available APIs at API creation time in SAP API Management.
To test the new connectivity, create a new API Proxy. Use the previously generated API Provider and click on discover. Select any of the available APIs and click on OK.
- Enter the remaining details and save your API Proxy.
- Note that automatically the resources and documentation have been imported from the backend system into your API Proxy.
- Navigate to Test Console and click on the API Proxy you just created. Before testing it, provide Basic Authorization.
- Click on Send, and you should see the response of your S/4 System in the SAP Cloud Platform!
In order to provide access control and analytics on who is using the API, we will check that the API Key is correctly passed to the API upon any call.
This will be done in the the following blog entry, under the section “Checking for an API key”.