Skip to Content

SAP Cloud Platform Integration (Cloud Integration) supports end-to-end process integration across cloud-based and on-premise applications (cloud-cloud and cloud-on-premise integration) making cloud integration simple and reliable.

SAP Cloud Platform Connectivity policy templates available in SAP API Business Hub facilitates easy and secure inbound communications for SAP Cloud Platform Integration services ( REST/ SOAP or OData). In this two part blog series, the usage of SAP Cloud Platform Connectivity policy templates for REST service (HTTPS sender adapter) from SAP Cloud Integration is covered in detailed.

In part 1 of the blog series, the configurations on the SAP Cloud Platform Integration side is captured and in part 2 of the blog series configuration on the SAP Cloud Platform API Management side is covered in detail. In this blog, I am assuming that you are familiar with SAP Cloud Platform Integration.

For more details on SAP Cloud Platform Integration refer Blogs.

Creating a “Hello World” REST service in SAP Cloud Platform Integration

The HTTPS sender adapter  in SAP Cloud Integration allows you to accept incoming http request on a specific address. Keeping it very simple in this blog HTTPS sender adapter is used to create a Hello World REST service.

  • Logon to your SAP Cloud Platform Integration web application
  • Navigate to Design tab, click Create to create an integration package.


  • Enter integration package details like name,  technical name, description and click Save.


  • Navigate to Artifacts tab, Select Integration Flow from Add action to add in a new Integration flow.


  • In the Add integration flow artifact dialog enter integration flow name and click OK.


  • Click on Edit to start editing the newly created integration flow.


  • From the Sender box drag the connecting arrow to connect to Start action, from Adapter type dialog select HTTPS.


  • In Connection tab, enter the Address or URL details ( say /v1/test/hello ).


  • To return the Hello world response, a JavaScript script option can be used.



  • The generated script is modified to set message body to “Hello world from IFlow
function processData(message) {
 var body = message.getBody();
 message.setBody("Hello world from IFlow");
 return message;



  • Change the connection so that, from Start action the newly added Script action is invoked and from Script action End action is invoked.



  • Click Save to persist the changes to integration Flow.
  • Click Deploy to deploy the Hello world integration Flow.



  • The newly created IFlow can be invoked by using https://{your_sap_cloud_integration_iflow_map}/http/v1/test/hello


Registering OAuth Client for SAP Cloud Platform Integration

SAP Cloud Platform Integration supports OAuth for inbound communication direction , i.e, when a sender system sends a message to the integration platform.  OAuth grants access to resources of SAP Cloud Platform Integration without the need to share passwords with the client. Details for configuring OAuth authentication is available here.

Note : Administrator access on SAP Cloud Platform tenant is required for this configurations.
  • Logon to your SAP Cloud Platform Integration tenant
  • Navigate to OAuth Settings under Security, select Clients tab.  Click on Register New Client to register an OAuth client.


  • Enter a meaningful OAuth client name (say apimconnectivity), client id ( say apimconnectivity) and secret.  In the subscription, select a value ending with iflpmap. Select client credentials in the Authorization Grant flows.
  • Click Save to register the OAuth client named apimconnectivity.
This flow enables grant of an OAuth access token based on the client credentials only, without user interaction. You can use this flow for enabling system-to-system communication (with a service user).


Assigning SAP Cloud Platform Integration roles to OAuth Client

In order to use the OAuth client in HTTPS adapter flows, OAuth client must be assigned necessary SAP Cloud Platform Integration roles.

  • Navigate to Subscriptions under Applications, select subscription ending with iflpmap.

  • Navigate to Roles , select ESBMessaging.Send role and click on Assign to assign the OAuth client the necessary SAP Cloud Platform Integration roles.


  • In Assign role dialog, enter OAuth client id in the format oauth_client_{your_oauth_client_id} ( say oauth_client_apimconnectivity). Click Assign to complete the action.


Finally testing the flow

For testing the flow, any test console / client like Postman can be used. In this blog, postman has been used.

  • Logon to your SAP Cloud Platform Integration tenant
  • Navigate to OAuth Settings under Security, copy the OAuth Token Endpoint URL.


  • In postman, copy OAuth token end point URL and append ?grant_type=client_credentials . Select POST method. In Authorization tab, select Basic Auth from drop down and enter OAuth client id (say apimconnectivity) as username and client secret as password.


  • Click send to get an OAuth access token.


  • Invoke hello world SAP Cloud Integration hello world HTTPS service (https://{your_sap_cloud_integration_iflow_map}/http/v1/test/hello) by passing the OAuth access token in the header named Authorization in the format Bearer {your_access_token}



Further Reads

  • Secure connectivity to SAP Cloud Platform Integration Part 2.
  • API Security Best Practices blog series.
  • Monitor and Analytics blog.
  • Enchanced developer experience blog.
  • Connecting and Exposing APIs from SAP Cloud Platform Integration blog.

For more blogs on SAP Cloud Platform API Management visit us at SAP Community

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Naresh Dasika

    Thanks Divya for the detailed blog.

    If I am correct Integration consultant still requires to share the username and password created during the registration of new client in Cockpit.

    Can multiple Integration flows use the same OAuth account if the sender application is same? In that case does it required to generate multiple Endpoint URL’s for multiple int flows?

    What is the validity of OAuth token?

    1. Divya Mary Post author

      Hi Naresh,

      Thanks a lot for the kind words.

      In blog we had focused on OAuth Client credential flow and therefore OAuth client id and secret has been used. As an alternative option you can also use Authorization flow and in this case secret need not be shared.

      Multiple integration flows can use the same OAuth client in the sender side and while registering OAuth you can specify the OAuth access token validity. Default validity ( as in this example case) is 1 hour.

      Thanks and Best Regards,


  2. Benjamin Perez

    Good day  Divya  and thank you  for your detail work .

    Question ,Do you by any chance have the procedure to sign an XML  with XADES on SAP CLUOD

    I have to consume an API sending an XML with XADES-APES







Leave a Reply