Skip to Content
Author's profile photo Shruthi M Arjun

Manage your APIs developed in Cloud Foundry using API Management

Introduction

So, you are a Cloud Foundry developer developing microservices/APIs/applications on SAP Cloud Platform. If you are familiar with SAP API Management, you will already know that on the Neo stack of the SAP Cloud Platform it provides you the capability to manage your APIs for security, traffic and protocol transformations. If you are unfamiliar with the service, get to know more about it here

With our latest release, we extend this capability to the Cloud Foundry stack of the platform and enable you to manage your digital assets on Cloud Foundry using SAP API Management. We provide you a service broker in the Cloud Foundry marketplace that you can use to create an instance and connect to your existing Neo subscription. You can then bind your Cloud Foundry application to the created service instance which automatically creates an API Proxy in your API Portal. From now on, when your Cloud Foundry application is called, it is routed via the API Proxy. You are now free to add management Policies to the auto created API Proxy and enjoy the full benefits of API Management 🙂

Creating a API Management Service Instance

In your Cloud Foundry space look for API Management Service in the Service Market place.

 

Create an instance by providing the co-ordinates of your Neo subscription (the pre-requisite is to have the API Management set up ready on Neo)

Note: Leave the Application field empty

 

 

Binding your Cloud Foundry application

Login to your Cloud Foundry space via the Command Line Interface (CLI). Invoke the following route service binding command to create the API Proxy in your Neo subscription.

cf bind-route-service sap-cf-domain.com apim-service-instance-name --hostname my-cf-app -c '{"api_name" : ”custom_api_proxy_name”}'

The api_name is an optional parameter incase you want a custom name for your API Proxy. Else it is created with an auto-generated name.

Example:

cf bind-route-service cfapps.sap.hana.ondemand.com APIMServiceInstance --hostname eProductStore

With this, all calls to your application will be routed through API Management.

Managing in API Portal

You will find the API Proxy in your API Portal. You could go ahead and add Policies to bring in additional security or control traffic, quota etc.

 

 

Summary

In this blog we saw how you could reuse your API Management subscription in Neo and manage your Cloud Foundry assets. You can find detailed documentation of the feature in our help documentation here. The service is now available on Cloud Foundry Trial for new registrations. Very soon we will also make this available to our customers to use on their productive accounts.

Do give this a try and let us know what you think.

 

Update :

The service is also available now for existing Cloud Foundry Trial accounts. Details on how you could get started is described at the end of this blog.

Assigned Tags

      18 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Amber Badam
      Amber Badam

      Interesting Stuff! Thank you for sharing

       

      Author's profile photo Johannes Veicht
      Johannes Veicht

      Hi Shruti,

      thanks for sharing this!

      I’d like to give it a try, but actually in my existing trial account I can’t see the API Management service broker . In Barcelona you said this will also come “soon” for the existing accounts. Do you have more detailled informations to this? Or is it for longer time only available, as you have written, for “new registrations” ?

      Best regards,

      Johannes

       

      Author's profile photo Shruthi M Arjun
      Shruthi M Arjun
      Blog Post Author

      Hello Johannes

      Thanks for showing interest ! CF trial has a short expiry cycle, hence we did not opt for a migration of existing accounts to enable the service. Is it possible for you to create a new trial account to try out the service?

      Hope this helps

      Thanks

      Shruthi

      Author's profile photo Johannes Veicht
      Johannes Veicht

      Hi Shruthi,

      tried it with a new account, but when I create the service instance I got an error :

      code:10001

      description:"The service broker returned an invalid response for the request to https://apim-service-broker-prodeu10.cfapps.eu10.hana.ondemand.com/v2/service_instances/........ Status Code: 500 Internal Server Error, Body: {"message":"Internal Server Error"}"

      error_code:"CF-ServiceBrokerBadResponse"

      The API Management service in the NEO is working as expected, any hint what could be wrong?

      Thx

      Johannes

      Author's profile photo Shruthi M Arjun
      Shruthi M Arjun
      Blog Post Author

       

      Hi Johannes

      Could you just cross check the input json parameters (credentials are case sensitive with SAP ID service) ?

      We are planning a latest update next weekend where you will be able to identify the exact error from the message but until then may be checking the input parameters should help.

      Thanks

      shruthi

      Author's profile photo Johannes Veicht
      Johannes Veicht

      Hi Shruthi,

      yes, i already checked it more than one times. Maybe I will wait then for your update and try it again....

      Thx Johannes

      Author's profile photo Pierre Fritsch
      Pierre Fritsch

      Hi Shruthi,

       

      Thanks for sharing.

      As of February 2019, is API Management on Neo also available productively, i.e. for non-trial accounts e.g. in Europe (Rot / eu1)? If so, what should I do to enable it? I can't find it in my cockpit.

       

      Best regards

      Pierre

      Author's profile photo Shruthi M Arjun
      Shruthi M Arjun
      Blog Post Author

      Hello Pierre

      Yes, API Mgmt is available productively for the last few years in Europe. If you have the entitlements, you should see the tile for the service. Can you give more details about your global account/customer so that we can get the entitlements checked if you are unclear about it? You could email me the details.

      Thanks

      Shruthi

      Author's profile photo Pierre Fritsch
      Pierre Fritsch

      Thank you for your support Shruthi, let's continue this discussion per email.

      Best regards - Pierre

      Author's profile photo Holger Neub
      Holger Neub

      Hi Shruthi,

      I tried to follow your setup and also the one at https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/4e727dfc46af412b91f6c37c3c773b9c.html

      In the provisioning phase I receive the error:

      prodeu10.cfapps.eu10.hana.ondemand.com/v2/service_instances/xxx?accepts_incomplete=true. Status Code: 500 Internal Server Error, Body: \{“message”:”Error occurred while enabling API Management subscription. User sXXX is not authorized to enable API management service in Neo account xxx. Assign Account Administrator role to sXXXX in Neo account xxx.”}

      However this role I have assigned as subaccount owner.

      One thing I spotted was that on the NEO Account Administrator it shows my S-User in capitals (i.e. S0123456789), in the error however is states in small letters s0123456789.

      So I went and specified the S-User in Caps. Still the same result.

      The JSON snippet in your example also is different to the one one official sap help page. 

       


      {
      "account_id": "xx ",
      "account_admin": "xx",
      "account_admin_password": "xx",
      "apiportal_admin": "xx",
      "apiportal_password": "xx",
      "consent": true
      }

       

      vs. 

       

      {
      "account_id": "xx ",
      "account_admin": "xx",
      "account_password": "xx",
      "consent": true
      }

       

      Any idea on how to track more logs or further information? we are on CF AWS Frankfurt.

       

      Regards

      Holger

      Author's profile photo Shruthi M Arjun
      Shruthi M Arjun
      Blog Post Author

      Hi,

      If you are on AWS, I would suggest that you follow this blog and this help link. This page is more suitable if you are running on SAP infrastructure. In case you are already having the necessary authorization on your Neo subaccount but still see an error, please raise a ticket on OPU-API-OD-OPS with the production account details, our support staff will check the logs and investigate. Unfortunately, I do not have access to the logs on production accounts.

      Thanks

      Shruthi

      Author's profile photo Holger Neub
      Holger Neub

      Hi Shruti,

       

      thank you for your reply. I followed the official documentation and still recieve the error there. I guess I will have to raise a support ticket then..

       

      Regards

      Holger

      Author's profile photo Daniel Silva
      Daniel Silva

      Hi, Holger.

      Have you open a ticket to this one? We're facing the same error here.

      Thanks,

      Daniel

      Author's profile photo Holger Neub
      Holger Neub

      Hi Daniel,

       

      yes I have and it took a while with videocall and demo session. But now it is fixdedx and working.

       

      We automated some of the provisioning tasks on API management. If you are interested in an information exchange let me know.

       

      Best regards

      Holger

      Author's profile photo Ariel Bravo Ayala
      Ariel Bravo Ayala

      Hi Shruthi,

       

      I am looking for information about the differences of APIM in Neo vs APIM in CF. So far, I can tell they do have differences as the "What is new" section, shows different updates for both. Is there any SAP Note that describes the key differences between them?

      Best regards,

      Ariel

      Author's profile photo Shruthi M Arjun
      Shruthi M Arjun
      Blog Post Author

      Hello Ariel

      Yes, you can check https://launchpad.support.sap.com/#/notes/2876620

      Thanks

      Shruthi

      Author's profile photo Ariel Bravo Ayala
      Ariel Bravo Ayala

      That was what I was looking for. Thanks Shruti for your prompt response. ?

      Author's profile photo Abhishek Mallik
      Abhishek Mallik

      Hi Shruthi,

      We have developed some APIs and deployed on CF. External vendors consume these APIs via APIM proxy which converts Basic Auth to OAuth.

      We have an instance of SAP IAS IdP on Neo, how can we use APIM to let our vendors be provisioned on IdP and authenticate via BasicAuth to our APIs in CF.

      PS: I was redirected to your post from https://api.sap.com/policytemplate/SAPCloudFoundrySAML2OAuthFlow

       

      Best regards,

      Abhishek