Manage your APIs developed in Cloud Foundry using API Management
Introduction
So, you are a Cloud Foundry developer developing microservices/APIs/applications on SAP Cloud Platform. If you are familiar with SAP API Management, you will already know that on the Neo stack of the SAP Cloud Platform it provides you the capability to manage your APIs for security, traffic and protocol transformations. If you are unfamiliar with the service, get to know more about it here
With our latest release, we extend this capability to the Cloud Foundry stack of the platform and enable you to manage your digital assets on Cloud Foundry using SAP API Management. We provide you a service broker in the Cloud Foundry marketplace that you can use to create an instance and connect to your existing Neo subscription. You can then bind your Cloud Foundry application to the created service instance which automatically creates an API Proxy in your API Portal. From now on, when your Cloud Foundry application is called, it is routed via the API Proxy. You are now free to add management Policies to the auto created API Proxy and enjoy the full benefits of API Management 🙂
Creating a API Management Service Instance
In your Cloud Foundry space look for API Management Service in the Service Market place.
Create an instance by providing the co-ordinates of your Neo subscription (the pre-requisite is to have the API Management set up ready on Neo)
Note: Leave the Application field empty
Binding your Cloud Foundry application
Login to your Cloud Foundry space via the Command Line Interface (CLI). Invoke the following route service binding command to create the API Proxy in your Neo subscription.
cf bind-route-service sap-cf-domain.com apim-service-instance-name --hostname my-cf-app -c '{"api_name" : ”custom_api_proxy_name”}'
The api_name is an optional parameter incase you want a custom name for your API Proxy. Else it is created with an auto-generated name.
Example:
cf bind-route-service cfapps.sap.hana.ondemand.com APIMServiceInstance --hostname eProductStore
With this, all calls to your application will be routed through API Management.
Managing in API Portal
You will find the API Proxy in your API Portal. You could go ahead and add Policies to bring in additional security or control traffic, quota etc.
Summary
In this blog we saw how you could reuse your API Management subscription in Neo and manage your Cloud Foundry assets. You can find detailed documentation of the feature in our help documentation here. The service is now available on Cloud Foundry Trial for new registrations. Very soon we will also make this available to our customers to use on their productive accounts.
Do give this a try and let us know what you think.
Update :
The service is also available now for existing Cloud Foundry Trial accounts. Details on how you could get started is described at the end of this blog.
Interesting Stuff! Thank you for sharing
Hi Shruti,
thanks for sharing this!
I’d like to give it a try, but actually in my existing trial account I can’t see the API Management service broker . In Barcelona you said this will also come “soon” for the existing accounts. Do you have more detailled informations to this? Or is it for longer time only available, as you have written, for “new registrations” ?
Best regards,
Johannes
Hello Johannes
Thanks for showing interest ! CF trial has a short expiry cycle, hence we did not opt for a migration of existing accounts to enable the service. Is it possible for you to create a new trial account to try out the service?
Hope this helps
Thanks
Shruthi
Hi Shruthi,
tried it with a new account, but when I create the service instance I got an error :
code:10001
description:"The service broker returned an invalid response for the request to https://apim-service-broker-prodeu10.cfapps.eu10.hana.ondemand.com/v2/service_instances/........ Status Code: 500 Internal Server Error, Body: {"message":"Internal Server Error"}"
error_code:"CF-ServiceBrokerBadResponse"
The API Management service in the NEO is working as expected, any hint what could be wrong?
Thx
Johannes
Hi Johannes
Could you just cross check the input json parameters (credentials are case sensitive with SAP ID service) ?
We are planning a latest update next weekend where you will be able to identify the exact error from the message but until then may be checking the input parameters should help.
Thanks
shruthi
Hi Shruthi,
yes, i already checked it more than one times. Maybe I will wait then for your update and try it again....
Thx Johannes
Hi Shruthi,
Thanks for sharing.
As of February 2019, is API Management on Neo also available productively, i.e. for non-trial accounts e.g. in Europe (Rot / eu1)? If so, what should I do to enable it? I can't find it in my cockpit.
Best regards
Pierre
Hello Pierre
Yes, API Mgmt is available productively for the last few years in Europe. If you have the entitlements, you should see the tile for the service. Can you give more details about your global account/customer so that we can get the entitlements checked if you are unclear about it? You could email me the details.
Thanks
Shruthi
Thank you for your support Shruthi, let's continue this discussion per email.
Best regards - Pierre
Hi Shruthi,
I tried to follow your setup and also the one at https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/4e727dfc46af412b91f6c37c3c773b9c.html
In the provisioning phase I receive the error:
prodeu10.cfapps.eu10.hana.ondemand.com/v2/service_instances/xxx?accepts_incomplete=true. Status Code: 500 Internal Server Error, Body: \{“message”:”Error occurred while enabling API Management subscription. User sXXX is not authorized to enable API management service in Neo account xxx. Assign Account Administrator role to sXXXX in Neo account xxx.”}
However this role I have assigned as subaccount owner.
One thing I spotted was that on the NEO Account Administrator it shows my S-User in capitals (i.e. S0123456789), in the error however is states in small letters s0123456789.
So I went and specified the S-User in Caps. Still the same result.
The JSON snippet in your example also is different to the one one official sap help page.Â
Â
Â
vs.Â
Â
Â
Any idea on how to track more logs or further information? we are on CF AWS Frankfurt.
Â
Regards
Holger
Hi,
If you are on AWS, I would suggest that you follow this blog and this help link. This page is more suitable if you are running on SAP infrastructure. In case you are already having the necessary authorization on your Neo subaccount but still see an error, please raise a ticket on OPU-API-OD-OPS with the production account details, our support staff will check the logs and investigate. Unfortunately, I do not have access to the logs on production accounts.
Thanks
Shruthi
Hi Shruti,
thank you for your reply. I followed the official documentation and still recieve the error there. I guess I will have to raise a support ticket then..
Regards
Holger
Hi, Holger.
Have you open a ticket to this one? We're facing the same error here.
Thanks,
Daniel
Hi Daniel,
yes I have and it took a while with videocall and demo session. But now it is fixdedx and working.
We automated some of the provisioning tasks on API management. If you are interested in an information exchange let me know.
Best regards
Holger
Hi Shruthi,
I am looking for information about the differences of APIM in Neo vs APIM in CF. So far, I can tell they do have differences as the "What is new" section, shows different updates for both. Is there any SAP Note that describes the key differences between them?
Best regards,
Ariel
Hello Ariel
Yes, you can check https://launchpad.support.sap.com/#/notes/2876620
Thanks
Shruthi
That was what I was looking for. Thanks Shruti for your prompt response. ?
Hi Shruthi,
We have developed some APIs and deployed on CF. External vendors consume these APIs via APIM proxy which converts Basic Auth to OAuth.
We have an instance of SAP IAS IdP on Neo, how can we use APIM to let our vendors be provisioned on IdP and authenticate via BasicAuth to our APIs in CF.
PS: I was redirected to your post from https://api.sap.com/policytemplate/SAPCloudFoundrySAML2OAuthFlow
Best regards,
Abhishek