Inbound Connection from WeChat or LINE to SAP Marketing Cloud
Why
In the inbound communication from WeChat to SAP Marketing Cloud, WeChat sends follower events and messages to SAP Marketing Cloud. Due to different security mechanisms of WeChat and SAP Marketing Cloud, there are gaps between header content. To be more specific, SAP Marketing Cloud requests the user and password of a web service, which WeChat doesn’t have. LINE integration has the same problem. This guide aims to provide technical guidance on how to establish a middleware service to solve the problem.
Prerequisites
Before implementing the inbound connection, ensure that you meet the following requirements:
- Have a WeChat official account with basic developer functions.
- Have created a communication arrangement in SAP Marketing Cloud.
- Have created WeChat accounts in the Digital Accounts app.
- Have a publicly accessible server that can host the middleware service and can also access SAP Marketing Cloud.
How
Work flow for WeChat
Step 1. WeChat open platform sends a request to the middleware service that checks URL validity.
In WeChat open platform, WeChat requests to submit the service URL for receiving messages from end users. A GET request with 4 parameters in header is sent to the middleware service to check the validity when submitting the URL for the first time.
Parameters | Description |
signature | Encryption signature. It combines the timestamp, nonce and user input token. |
timestamp | Timestamp |
nonce | Random number |
echostr | Random string |
Validate the signature by:
- Sort token, timestamp, nonce by lexicographical order.
- Concatenate those parameters to one string and encrypt it with SHA1 mode.
- Compare the result. If it equals the signature, that means the request comes from WeChat. You should set echostr as request body and 200 as status code. Otherwise, it’s not a valid request.
The validation logic is already included in the WeChat integration scope. The middleware service just adds an authentication header for SAP Marketing Cloud and transports the request to SAP Marketing Cloud.
Step 2. The middleware service adds an authentication header and sends it to SAP Marketing Cloud.
If a service URL is already set up in the WeChat platform, every message sent from end users will be replicated to the middleware service by a POST request. The message body is formatted to XML. The middleware service will receive messages and add a header with the following parameters:
Parameters | Description |
sap-user | Communication user you assigned to the communication arrangement |
sap-password | Password of sap-user |
After adding the header, the middleware service will send the request to the service URL of SAP Marketing Cloud, which is generated in the Digital Accounts app when you create a digital account.
Request Sample:
Header
Body (Get)
signature , bd24980c7a719cc1ca8b0f04298ed905ad899219
echostr , 4009760200478008056
timestamp , 1531814584
nonce , 51727410
Body (Post)
<xml>
<ToUserName><![CDATA[gh_7c2518c75a2f]]></ToUserName>
<FromUserName><![CDATA[olvNV0b9PK1jnPcvl0ziNSwK2tws]]></FromUserName>
<CreateTime>1531390272</CreateTime>
<MsgType><![CDATA[text]]></MsgType>
<Content><![CDATA[测试文本]]></Content>
<MsgId>6577271136077938084</MsgId>
</xml>
@Controller
@RequestMapping(value = “/mkt/lineinbound/account1”, method = RequestMethod.POST)
@ResponseBody
publicvoid doAction(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
request.setCharacterEncoding(“UTF-8”);
response.setCharacterEncoding(“UTF-8”);
PrintWriter out = response.getWriter();
String body = readAsChars(request);
String signature = request.getHeader(“x-line-signature”);
String respMsg = sync2Account1(body, signature);
out.write(respMsg);
out.close();
}
@sync2Account1
public String sync2Account1(String body)
{
String respMsg = “”;
//Input SAP Marketing Digital Account Url
String mktUrl = “https://***-352.wdf.sap.corp:443/sap/cuan/ntwrk/*****************”;
try
{
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpPost post = new HttpPost(mktUrl);
post.addHeader(“Content-Type”, “text/xml;charset=utf-8”);
post.addHeader(“sap-user”, “CC000000****”);
post.addHeader(“sap-password”, “ftx****************zzvjN”);
post.setEntity(new StringEntity(body));
CloseableHttpResponse resp = httpClient.execute(post);
HttpEntity entity = resp.getEntity();
String httpResult = EntityUtils.toString(entity);
respMsg = httpResult;
resp.close();
}
catch (Exception e)
{
e.printStackTrace();
}
return respMsg;
}
Step 3:End users send messages to your WeChat official account.
Step 4:WeChat open platform redirects the message body to the middleware service.
Step 5:The middleware service adds an authentication header and sends it to SAP Marketing Cloud.
Work flow for LINE
Step 1:End users send messages to your LINE account.
Step 2:LINE open platform redirects the message body with x-line-signature to the middleware service.
Step 3:The middleware service adds an authentication header and sends it to SAP Marketing Cloud.
In LINE open platform, it also requests to set up a webhook URL. After LINE receives messages from end users, the platform will add x-line-signature in the header for identifying the messages.
The verification logic for checking x-line-signature is already included in LINE integration scope. The middleware service only adds an authentication header for SAP Marketing Cloud and transports the request to SAP Marketing Cloud.
Parameters | Description |
sap-user | Communication user you assigned to the communication arrangement |
sap-password | Password of sap-user |
After adding the header, the middleware service sends the request to the service URL of SAP Marketing Cloud, which is generated in the Digital Accounts app when you create a digital account.
Request Sample:
Header
Body
{
“events”: [{
“type”: “message”,
“replyToken”: “8be2688d4118464eaf437b62f1aa551b”,
“source”: {
“userId”: “U0e6b7b252e4f9846e50cfe36aad439ee”,
“type”: “user”
},
“timestamp”: 1531883571480,
“message”: {
“type”: “text”,
“id”: “8281113610204”,
“text”: “test”
}
}]
}
@Controller
@RequestMapping(value = “/mkt/lineinbound/account1”, method = RequestMethod.POST)
@ResponseBody
publicvoid doAction(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
request.setCharacterEncoding(“UTF-8”);
response.setCharacterEncoding(“UTF-8”);
PrintWriter out = response.getWriter();
String body = readAsChars(request);
String signature = request.getHeader(“x-line-signature”);
String respMsg = sync2Account1(body, signature);
out.write(respMsg);
out.close();
}
@sync2Account1
public String sync2Account1(String body)
{
String respMsg = “”;
//Input SAP Marketing Digital Account Url
String mktUrl = “https://***-352.wdf.sap.corp:443/sap/cuan/ntwrk/941******************E4D”;
try
{
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpPost post = new HttpPost(mktUrl);
post.addHeader(“Content-Type”, “application/json”);
post.addHeader(“sap-user”, “CC000000****”);
post.addHeader(“sap-password”, “TJKgHtfAgkHv4********voAYHA”);
//LINE header
post.addHeader(“x-line-signature”, signature);
post.setEntity(new StringEntity(body));
CloseableHttpResponse resp = httpClient.execute(post);
HttpEntity entity = resp.getEntity();
String httpResult = EntityUtils.toString(entity);
respMsg = httpResult;
resp.close();
}
catch (Exception e)
{
e.printStackTrace();
}
return respMsg;}
More…
Deploy your service on SAP Cloud Platform (SCP)
The middleware service must be hosted on a publicly accessible server which can access SAP Marketing Cloud in the same time. We recommend you to deploy it on SAP Cloud Platform with following steps.
Step 1. Build the war package for the middleware service.
Step 2. Upload the war package at the Java Application page in SCP.
Step 3. Set the jre and tomcat configuration.
Step 4. Start the server on SCP.
Extend to Multiple WeChat or LINE Accounts
In some cases, enterprise owns more than one WeChat accounts for marketing purpose. To extend the middleware service to multiple accounts, we suggest you to generate the same controller using “account2” and change the related code line as shown below.
@Controller
@RequestMapping(value = “/mkt/****inbound/account2”,…) @ResponseBody public void doAction (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { … String respMsg = sync2Account2(body); … } |
@ sync2Account2
public String sync2Account2(String body) { … //Input SAP Marketing Digital Account 2 Url String mktUrl = “*****************”;
try { … //User & Password for Account 2 post.addHeader(“sap-user”, “*********”); post.addHeader(“sap-password”, “************************”); … } … } |
hi Chole Xu,
Referring to Step2 in the article, below is URL we use in postman to test GET method:
https://my300135.saps4hanacloud.cn:443/sap/cuan/ntwrk/FA163EBA00171EE999E96BB6F84C9F50
However, it reports 401 Unauthorized error with system SMS user info.
Hello Chloe Xu,
does SAP deliver an iFlow or integration package for integration of the WeChat or do we need to implement the servlet manually?
Regards
Danny
No. we didn't. We had planned to but due to limited capacity, we didn't make it in the end. You have to implement the servlet for customer.
Thank you for clarification