Skip to Content

SAP Cloud Platform Integration (Cloud Integration) supports end-to-end process integration across cloud-based and on-premise applications (cloud-cloud and cloud-on-premise integration) making cloud integration simple and reliable.

SAP Cloud Platform Connectivity policy templates available in SAP API Business Hub facilitates easy and secure inbound communications for SAP Cloud Platform Integration services ( REST/ SOAP or OData). In this two part blog series, the usage of SAP Cloud Platform Connectivity policy templates for REST service (HTTPS sender adapter) from SAP Cloud Integration is covered in detailed.

In part 1 of the blog series, the configurations on the SAP Cloud Platform Integration side is captured and in this part configuration on the SAP Cloud Platform API Management side is covered in detail.

Discover and Copy SAP Cloud Platform Connectivity policy template

From SAP Cloud Platform API Management, all the APIs and policy templates available in SAP API Business Hub can be discovered via the Discover tab.

  • Logon to your SAP Cloud Platform, API Management account (say https://account.hanatrial.ondemand.com/cockpit).
  • Navigate to the Services tab, search for API Management service tile and click to open SAP API Management service.

 

  • Click on the link Access API Portal to open API Portal.

  • Navigate to the Discover from the hamburger icon

 

  • SAP API Business Hub is integrated into SAP Cloud Platform API Management and therefore all the APIs and Policy templates available in SAP API Business Hub can be easily discovered and consumed in SAP Cloud Platform API Management.
  • Navigate to the All tab, search and select SAP Cloud Platform Connectivity.

 

  • Navigate to the Artifacts tab and select Cloud_Platform_Connectivity policy template.

  • Click on Copy to copy the SAP Cloud Platform Connectivity policy template into SAP Cloud Platform API Management tenant.

 

  • Copied policy templates would be available under POLICY TEMPLATES tab of Develop view.

 

 

Create API Proxy to SAP Cloud Platform Integration service

In this section steps to manage the hello world SAP Cloud Platform Integration HTTPS adapter is captured.

  • Navigate to Develop view, select tab APIS and click on Create to create an API Proxy

 

  • Enter API Proxy details like URL ( https://{your_sap_cloud_integration_iflow_map}/http/v1/test/hello), name (say HelloworldCPI) , title, base Path ( /http/v1/test/hello) and click Create.

 

  • Click on Save and Deploy to deploy API Proxy.

 

  • Click on API Proxy URL to test the flow from Browser.

 

  • You will be promoted to enter credentials to connect to SAP Cloud Platform Integration HTTPS adapter based REST service using Basic authentication.

 

Apply SAP Cloud Platform Connectivity policy template

In this section steps to apply SAP Cloud Platform Connectivity policy template and the necessary configuration changes has been captured.

  • Click on Policies to navigate to the Policy designer view.

  • Click on Edit to switch to the editable mode.

 

  • Select Apply from the Policy Template.

  • Select the newly copied CloudPlatform_Connectivity template from Apply Template dialog.

  • From the Target endpoint preflow, select policy getCredential and provide OAuth client id and Secret details of the OAuth client created in part 1.

 

 

  • From the Target endpoint preflow, select policy getoauthtoken and in HTTPTargetConnection->URL provide your SAP Cloud Platform Integration OAuth token endpoint as shown in part 1.

 

 

 

 

  • Click on Update to save changes in the policy designer.

 

  • Click on Save to apply the changes to the HelloworldCPI API Proxy.

 

Finally testing the flow

  • Click on API Proxy URL to test the flow from Browser.

  • Response from the SAP Cloud Platform Integration service would be directly shown in the Browser

 

Monitor SAP Cloud Platform Integration service usage via SAP Cloud Platform API Management

With the SAP Cloud Platform Integration service connected via SAP Cloud Platform API Management, usage of the Hello world CPI API can be monitored and governed by SAP Cloud Platform API Management.

SAP Cloud Platform, API Management also offers many out of the box API Security best practices which includes security policies for Authentication and Authorization, Traffic Management and many more.

Further Reads

  • API Security Best Practices blog series.
  • Monitor and Analytics blog.
  • Enchanced developer experience blog.
  • Connecting and Exposing APIs from SAP Cloud Platform Integration blog.

For more blogs on SAP Cloud Platform API Management visit us at SAP Community

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Tobias Mitter

    Hi Mary,

    thanks for this blog.

    I am still trying to figure out what is the usage of it? At first you protect the Cloud Integration endpoint by oauth, only to remove it later on through APIM and making this service public as anyone can now call it without authentication.

    Also it seems that even when protecting the Cloud Integration endpoint by oauth, it seems that at the same time it can still be called with basic authentication as you showed in you blog. Is there a way to restrict authentication to only oauth?

    Thanks and regards,

    Tobias

    (0) 
    1. Divya Mary Post author

      Hi Tobias,

      Idea of this blog was to showcase connectivity from SAP Cloud Platform API Management to Cloud Integration via OAuth based authentication. Once connectivity is established then you can add in following features from SAP Cloud Platform API Management :-

      • API Security Best Practices blog series
      • Analyze the usage logs for APIs using the Analytics features
      • Publish APIs into Developer Portal and add in API documentations on the API Management side.

      Based on your scenarios and use cases you would be able to decide how to provide access to your end user from SAP Cloud Platform API Management like api key based access. Application developer can log on to Developer Portal, register via self service and once their registration is approved by API owner, developer’s would be able to subscribe to published APIs and get API key. This way you won’t have to create a OAuth client for these developer on SAP Cloud Platform cockpit and all these activity can then be done by SAP Cloud Platform API Management.

      It may not be able to restrict authentication to only oauth on CPI , however by managing this endpoint from SAP Cloud Platform API Management and using the oAuth policy you would be able to restrict it at API Management layer.

      Thanks and Best Regards,

      Divya

      (1) 

Leave a Reply