In this part 7 of 8 part blog series, I will explain, how SAP Cloud Platform, API Management can be used to securely publish APIs from on cloud solution(e.g. CPI).Once the connection with the Cloud Platform Integration is established through API Provider, API Management can connect to it and make them available in a secure and documented way.
Overview of Cloud Platform Integration (CPI)
SAP Cloud Platform Integration makes cloud integration simple and reliable. Hence it is SAP’s strategic integration platform for SAP Cloud customers. It provides out-of-the-box connectivity across cloud and on-premise solutions. Beneath the real-time process integration capabilities, it also contains a data integration part that allows efficient and secure usage of ETL tasks to move data between on-premise systems and the cloud. Additionally, to these two different integration flavors, SAP is offering prepackaged integration content as reference templates via API Business Hub that allows customers to quickly realize new business scenarios. This drastically reduces integration project lead times and lowers resource consumption significantly.
For more details refer Blogs.
The customer can have a licensed tenant for CPI wherein the pre-packaged content can be copied and configured as per the business needs, additionally new integration flows can also be modeled and deployed to cater to integration scenarios. The deployed integration flow can be exposed as an OData service to be invoked from other applications as explained below.
Creating OData service in Cloud Platform Integration
The OData Provisioning feature in CPI is designed for today’s increasing demand to consume data from various data sources in a simple and standard way. This feature converts non-OData protocols to OData protocols. Using this feature, applications like SAP API Management, Fiori and Cloud Platform Mobile Services will be able to consume data from different data sources such as SOAP and REST as OData services.
Creating OData Services in CPI Blogs.
Business use cases User can achieve by OData Provisioning
- Supports B2B and A2A integration use cases
- Exposed OData can be consumed by SAP/Non SAP Applications
- Create Custom application for User-centric scenarios
API Management Value Add
- Best of Breed complete API Management Solution (Apigee gateway)
- Tight integration with SAP (Cloud, On-Premise, iPaas , Mobile ) and Supports Non SAP
- Full API Lifecycle Management
- 1000+ pre-packaged API and Integration Content
- API Monetization and Data insights into API traffic helps drive API economy faster
- Global presence via multiple data center across geographical regions
- EU Data protection and Enterprise grade API security Best Practices
Connect to CPI and expose APIs via SAP API Management
Now let’s go to the SAP API Management Service. From your SAP Cloud Platform cockpit, navigate to the list of services and locate API Management Service. Click on “Access API Portal”. It is a good idea to add the SAP API Management as a bookmark to your browser now.
Click on Develop and Navigate to API Providers
Create API Provider and fill in the following details
Note that the hostname and the host port correspond to the actual host and port of the system.
Since it is a cloud system hence do not select on-premise check box.
Navigate to Authentication and enter the username and the password used for basic authentication.
Lastly, navigate to the Connectivity tab, and setup the catalog service as defined below (or adapt it to your environment).
Navigate to APIs and to test the new connectivity, create a new API Proxy.
Use the previously generated API Provider and click on discover
All the OData services available on the TMN will be discovered. Select one of the services and click on OK.
All the details will be prefilled, check the details and click on create.
Check the Details and Click on Save and Deploy.
Navigate to Test Console by clicking on Test, click on API Proxy which was created above and Click on send.
You should be able to see the response in this scenario the category set.
Note: If you wish to do certificate-based authentication instead of basic authentication, you need to get your certificate, generate the public key and deploy the same on TMN.
In order to allow or deny access to the API to specific client IP or IP ranges access control policy can be used. This is done in the following blog entry
- API Security Best Practices Blog Series
- OData Service project in CPI Blog
- SAP OData integration offerings Blog
- For more blogs on SAP Cloud Platform, API Management visit us at SCN
Note: This feature is yet to be enabled in API Management Trial