SAP API Management – Enhanced Developer Experience
As you know, SAP API Management is an important pillar for digitalization projects. In this blog I would like to highlight a few features that you may or may not, already know. These features have one thing in common: they will streamline and simplify your projects by providing enhanced Developer Experience.
Indeed, API Management is an integral part of an architecture blueprint when it comes to development of apps or web applications. Often, companies start realizing this only after having implemented the first apps and APIs, and start feeling the need for a centralized API management platform. Since API management is non-intrusive, it is never too late to get started!
Please note, that SAP API Management can handle any REST API, not only SAP APIs. However, when working in the context of an SAP ecosystem, you will find some nice added-value features described below.
This blog post is not intended to guide you through all the features in detail, but will provide you an overview on how to be very efficient at using SAP API Management in the context of the SAP Cloud Platform.
More detailed information on SAP API Management can be found in our other blog entries.
Import of APIs
Whenever developers want to secure and publish an API through SAP API Management, they will be creating an API Proxy, ie. a facade to an existing API, in SAP API Management. This operation can be completely manual (and facade to a non-SAP as well as SAP API) or wizard-driven and automated (for ODATA APIs, SAP-specific and Partner APIs).
SAP on-premises APIs
The operation of creating an API proxy is largely simplified for SAP on-premises APIs through the catalog feature of the SAP Gateway Hub. Simply search for an existing API in the catalog, select the resources you want to use and click on OK: selected resources and documentation are created automatically for you in SAP API Management. This is largely due to the usage of ODATA Rest APIs which simplify usage for developers and provide very usefull runtime features.
Using the catalog feature of SAP Gateway Hub to generate API proxies in API Management makes the process of securing and publishing APIs much faster and less error-prone.
Herunder you can see the how this looks like in the API Management Portal:
1- Start by discovering the on-premises SAP Gateway OData Services
2- Search and find the OData API you want to proxy
3- The URL is automatically retrieved from the catalog service of the SAP Gateway
4- The resources and documentation are automatically created in SAP API Management
SAP cloud apps APIs
For SAP Cloud applications, you can make use of the “Discover” menu, to search and find SAP Cloud APIs you would like to secure and publish through API Management. Simply locate the API you need, and hit the “Copy” button. You will be prompted to parametrize the access to the API (API backend URL, API proxy URL, …). Once done, clicking on the “OK” button will automatically create the corresponding API Proxy.
Import of the SuccessFactors Employee Central Employee Global Information API.
Same as above: using the available APIs of the API Business Hub to generate API proxies in API Management makes the process of securing and publishing APIs much faster and less error-prone.
Just as it is possible to import an SAP API into SAP API management, it is also pssoble to import Partner APIs. These are listed in the Discover menu, and can be filtered through the “Vendor” filter.
For instance, you can import HERE APIs directly from the API Business Hub into your SAP API Management API Portal.
Copying a Partner API “HERE” into SAP API Management
OpenAPI (fka. Swagger) APIs
If your company is following a “design-first” approach for implementing APIs, it is likely that you are acquainted with the OpenAPI specification (fka. Swagger). Generally speaking, SAP supports OpenAPI in all its solutions, eg. SAP API Business Hub or SAP API Management.
In API Management, you can use the “API Designer” feature to either create or import OpenAPI specification files (Develop / Create in API Designer). Once the specification file is created or imported, you can have the API Designer generate stubs for you (Generate Server / JAX-RS, NodeJS, Spring) so you can start the actual implementation. In any case, you can now generate an API Proxy out of the specification file (File / Save).
SAP API Management API Designer
Automatically, the API Proxy is created, based on the API Backend URL, containing the API resources and the documentation read from the OpenAPI specification file.
Once an API proxy is created, you want to specify its behavior in more detail using policies.
As described in one of my previous blogs entries, Policy Templates in SAP API Management let you create one set of operations and save this set – or template – for future re-use. Or you can use SAP’s pre-defined policy templates for quickly implementing security best-practices, or configure the policies needed for specific SAP APIs.
Custom Policy Templates
When considering a central API Management layer, it is important to streamline operations. Hence, one could classify its APIs into internal, partner and external APIs, and defined a specific governance model for each classification. Each classification would then translate into a policy template that would be applied to every new API.
SAP API Management Policy Templates
The benefit behind this feature is that you can start building your very own template library, and re-use templates whenever new APIs are onboarded. Hence, you dramatically reduce the time for providing an API and the process is error-prone.
Pre-defined Policy Templates
SAP is committed to run simple. In that perspective, we provide a lot of content for our customers and partners. Based on the Policy Template feature, SAP provides a large set of pre-defined templates for SAP API Management. These policy templates implement specific features such as handling CORS, URL masking, threat protection, etc., as well as pre-configured access to other SAP APIs such as Concur or Hybris.
SAP predefined Policy Templates
If you already have an API Management tenant (trial or productive), you access the policy templates through the “Discover” menu. Otherwise, you can browse through the policy templates in the SAP API Business Hub (APIs/SAP API Management product filter).
Security policy templates
Policy Template for accessing Concur
The benefit of these pre-defined policy templates is that you don’t need to write policies on your own: simply copy them into your tenant and you’ll benefit from advanced functionaltites. Furthermore, new policy templates are being published on a regular basis, addressing upcoming integration needs.
Integration with IDEs
Once an API Proxy is created and refined with the necesary policies, it can be published to the Developer Portal, part of SAP API Management.
Internal and external developers can use the Developer Portal to discover, search, test and subscribe APIs. These developers will either start building integration scenarios, or start building applications using the APIs.
On the SAP Cloud Platform, the central applications development tool is the WebIDE.
In order to simplify the developer’s life, the WebIDE can use SAP API Management Developer Portal as a data source when creating an application. This integration allows the developer to search for APIs, look at the data structure and subscribe to an API – all from within the WebIDE.
WebIDE with integration into SAP API Management – Developer Portal
This means that a developer will be able to pick any API that is secured and published through SAP API Management directly from the WebIDE, without having to go through the Developer Portal.
And as for any ODATA data source in WebIDE: the application creation wizard will automatically generate the complete application for the developer!
Xcode and SAP SDK for iOS
When building native iOS applications, developers can use the SAP Cloud Platform SDK for iOS.
This SDK (from v2.0) allows the developer to add an account pointing to the SAP API Management Developer Portal. Now, when creating a new app, it is possible to use the SAP API Management Developer Portal APIs as ODATA Service providing the data to the app.
More information in that regard can be found in the following blog.
Integration with SAP Cloud Platform CloudFoundry
As you may now, the SAP Cloud Platform is also available from other IaaS Platform Vendors such as Amazon and Microsoft. In this case, the underlying infrastructure is CloudFoundry, which can natively integrate into SAP API Management.
If you are running an application or an API implementation on the Cloud Foundry SAP Cloud Platform, then you can protect it through SAP API Management. Using the Cloud Foundry command line interface, you can bind an application to SAP API Management: that means that an API proxy is going to be created automatically in SAP API Management, where you can define all the policies that are needed for accessing your application or API. At runtime, every time your application or API is accessed, it is first routed through SAP API Management in order to have the policies enforced.
More information in that regards can be found in the following blog.
As you can see from the features above, SAP API Management lives up to the expectation: it is a central piece in any application development, in order to simplify projects and increase the overall SAP Cloud Platform Developer Experience.