Skip to Content
Product Information
Author's profile photo Shilpa Vij

Connecting and Exposing APIs from Cloud Platform Integration

Note: We are in the process of refactoring the code and due to this it is not possible to discover OData services in SAP API Management by creating a provider system to Cloud Platform Integration.
If you still want this feature to work you need to give the direct Endpoint URL while creating API proxy in SAP API Management. We will inform you once we are done with the refactoring.

For this  fire the  url in browser

https://<tmn url>/api/v1/ServiceEndpoints?$expand=EntryPoints — > Expands and returns all possible entry points of the API for the specific tenant.

Use the same in API Management

In this part 7 of 8 part blog series, I will explain, how SAP Cloud Platform, API Management can be used to securely publish APIs from on cloud solution(e.g. CPI).Once the connection with the Cloud Platform Integration is established through API Provider, API Management can connect to it and make them available in a secure and documented way.

Overview of Cloud Platform Integration (CPI)

SAP Cloud Platform Integration makes cloud integration simple and reliable. Hence it is SAP’s strategic integration platform for SAP Cloud customers. It provides out-of-the-box connectivity across cloud and on-premise solutions. Beneath the real-time process integration capabilities, it also contains a data integration part that allows efficient and secure usage of ETL tasks to move data between on-premise systems and the cloud. Additionally, to these two different integration flavors, SAP is offering prepackaged integration content as reference templates via API Business Hub that allows customers to quickly realize new business scenarios. This drastically reduces integration project lead times and lowers resource consumption significantly.

For more details refer Blogs.

The customer can have a licensed tenant for CPI wherein the pre-packaged content can be copied and configured as per the business needs, additionally new integration flows can also be modeled and deployed to cater to integration scenarios. The deployed integration flow can be exposed as an OData service to be invoked from other applications as explained below.

Creating OData service in Cloud Platform Integration

The OData Provisioning feature in CPI is designed for today’s increasing demand to consume data from various data sources in a simple and standard way. This feature converts non-OData protocols to OData protocols. Using this feature, applications like SAP API Management, Fiori and Cloud Platform Mobile Services will be able to consume data from different data sources such as SOAP and REST as OData services.

Creating OData Services in CPI Blogs.

Business use cases User can achieve by OData Provisioning

  • Supports B2B and A2A integration use cases
  • Exposed OData can be consumed by SAP/Non SAP Applications
  • Create Custom application for User-centric scenarios

API Management Value Add

  • Best of Breed complete API Management Solution (Apigee gateway)
  • Tight integration with SAP (Cloud, On-Premise, iPaas , Mobile ) and Supports Non SAP
  • Full API Lifecycle Management
  • 1000+ pre-packaged API and Integration Content
  • API Monetization and Data insights into API traffic helps drive API economy faster
  • Global presence via multiple data center across geographical regions
  • EU Data protection and Enterprise grade API security Best Practices

Connect to CPI and expose APIs via SAP API Management

Now let’s go to the SAP API Management Service. From your SAP Cloud Platform cockpit, navigate to the list of services and locate API Management Service. Click on “Access API Portal”. It is a good idea to add the SAP API Management as a bookmark to your browser now.

Click on Develop and Navigate to API Providers

Create API Provider and fill in the following details

Note that the hostname and the host port correspond to the actual host and port of the system.

Since it is a cloud system hence do not select on-premise check box.

Navigate to Authentication and enter the username and the password used for basic authentication.

Lastly, navigate to the Connectivity tab, and setup the catalog service as defined below (or adapt it to your environment).

Navigate to APIs and to test the new connectivity, create a new API Proxy.

Use the previously generated API Provider and click on discover

All the OData services available on the TMN will be discovered. Select one of the services and click on OK.

All the details will be prefilled, check the details and click on create.

Check the Details and Click on Save and Deploy.

Navigate to Test Console by clicking on Test, click on API Proxy which was created above and Click on send.

You should be able to see the response in this scenario the category set.

Certificate Based Authentication

Note:If you wish to do certificate-based authentication instead of basic authentication, following are the pre-requisite

  1. You need to get your signed certificate refer
  2. KeyStore Certificate refer.

Once these are available continue the below steps

For this scenario, we will create a separate API Provider and upload the keystone.

Click on Develop and Navigate to API Providers.

Create API Provider and fill in the following details

Note that the hostname and the host port correspond to the actual host and port of the system.

Since it is a cloud system hence do not select on-premise check box.

Navigate to Authentication and select Authentication type as None and upload KeyStore Certificate.

Lastly, navigate to the Connectivity tab, and set up the catalog service as defined below (or adapt it to your environment).

Navigate to APIs and to test the new connectivity, create a new API Proxy.

Use the previously generated API Provider and provide the url to the Odata service for example /gw/odata/TEST_ODP_SCENARIO;v=1

Save and Deploy the API Proxy.

Navigate to Test Console by clicking on Test, click on API Proxy which was created above and Click on send. It should take the uploaded certificate give you the response.

Next steps

In order to allow or deny access to the API to specific client IP or IP ranges access control policy can be used. This is done in the following blog entry

 Further Reads

  • API Security Best Practices Blog Series
  • OData Service project in CPI Blog
  • SAP OData integration offerings Blog
  • For more blogs on SAP Cloud Platform, API Management visit us at SCN

Note: This feature is yet to be enabled in API Management Trial

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli

      Hi Shilpa-

       

      First of pretty good work on API management blog. I have a question for you. If a customer is providing an API and key. We need to consume that in SAP cloud integration solutions. Do you have any idea architecture which would suit this solution? In above blog, you have consumed data from cloud integration services but do you have any information on consuming external API into integration service.

       

      Any help would be appreciated.

       

      Please let me know.

       

      Regards

       

      HS

      Author's profile photo Aswini Alapati
      Aswini Alapati

      Hi Hari,

      I am looking for the same solution. Can you help with your inputs if you found the solution of your question.

      Regards,

      Aswini.

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli

      You can call any API using API key and secret.  Basically you can maintain API key and secret in security materials and using the API http url in address field  of HTTP adapter. Let me know what specific question you have with respect to calling an API.

       

      Thanks

       

      HS

      Author's profile photo Tobias Miller
      Tobias Miller

      Hi Shilpa,

      we have configured a API provider for one CPI IFLMAP runtime node of our development environment. This API provider contains basic authentification with CPI admin S-user.
      The API provider is used by a newly created API proxy including "Link to API provider" selected checkbox.

      Service calls are only working fine with additional basic authentification credentials in API test console. We are wondering why API proxy service calls e.g. via API test console are only successful with credentials. Normally the maintained credentials within API provider should be enough?!

      Are the basic authentification settings within API provider only relevant for "test connection" check or also for API proxy calls?

      Best Regards,
      Tobias Miller

      Author's profile photo Anjan Paul
      Anjan Paul

      Hi Shilpa,

       

      Its really a nice blog with lots of information.

       

      At the time of consuming and POST Odata using API , how to convert or call , as its showed error CX_SXML_PARSE.  Is there any policy to help it.

       

      Thanks,

      Anjan

       

      Author's profile photo Sugandhan Vazhumuni
      Sugandhan Vazhumuni

      Hi Shilpa Vij,

      I am Connecting On-Premise system while doing test connection I am getting issue saying that Method not implemented 

      Author's profile photo Akshay Shrivastav
      Akshay Shrivastav

      Hi Shilpa,

      Is it possible now to discover OData services in SAP API Management by creating a provider system to Cloud Platform Integration?

      Regards,

      Akshay

      Author's profile photo Shilpa Vij
      Shilpa Vij
      Blog Post Author

      Hello Akshay,

      We are working on this. I will update you as soon as it is available.

      Regards

      Shilpa

      Author's profile photo Merina Acharya
      Merina Acharya

      I have created API Proxy, API Product in API Portal and need to generate keys  from API Business  Hub Enterprise. However, I am not able to access it Attached screenshot).

      I entered my email id and since then I just see the message:

      'See you soon
      Your registration is being processed. A confirmation mail will be sent.'
      Could you please help on this.
      Thanks,
      Merina