Skip to Content
Technical Articles
Author's profile photo Divya Mary

Part 4: Discover, Consume and Manage third-party connectors from SAP Cloud Platform API Management

SAP Cloud Platform Open Connectors simplifies and accelerates connectivity to third-party cloud applications. It provides robust, feature rich, prebuilt connectors to an extensible library of over 160 of the most popular third-party cloud applications.

In Easily consume data from third-party in a Fiori application using SAP Cloud Platform Open Connectors blog, a simple Fiori application consuming the third-party RESTFul APIs was covered. In this blog, steps to secure and manage the third-party connectors would be showcased.

Building an enterprise application is not just about programming the core functionality, it is also about how DevOps will manage, operate the application, handle continuous development and maintenance and much more. Decoupling the actual API endpoint using SAP Cloud Platform API Management enables API Management as the access point to the actual API implementation, hiding internal information and providing specific behaviors that otherwise would need to be coded in the API itself, such as Authentication, Traffic Management or Data Transformation.

Prerequisites

Manage APIs using SAP Cloud Platform API Management

  • Navigate to the Services tab, search for API Management service tile and click to open API Management service.

  • Click on the link Access API Portal to open API Portal.

 

  • Navigate to the Develop tab from the hamburger icon.
  • From API tab, click on the Create button to create an API Proxy to the third-party CRM application.

 

  • In Create API wizard enter your API Proxy name, URL, API Proxy Base Path as provided below and then click on Create Button

URL

https://api.openconnectors.ext.hanatrial.ondemand.com/elements/api-v2/accounts

Name

OpenConnectorsCRMHub

Title

Open Connectors Hub

API Proxy URL

/elements/api-v2/accounts

 

 

  • From the API Proxy details page, open up Policy designer by clicking on the more button and selecting Policies from the drop down menu.

 

  • SAP Cloud Platform API Management provides more than 40 policies which enables customers to govern, set the behavior of their APIs based on their enterprise needs. These XML based policies enables administrators to define the API functionalities using just simple configurations. In this scenario, the Assign Message policy would be used to set the Authorization token as required by the SAP Cloud Platform Open Connectors. This ensures that authorization token need not be specified by the application developers in a JavaScript file on client side.
  • Select PreFlow from the ProxyEndPoint and then click on the + button next to the AssignMessage Policy available under the Mediation Policies segment. This would open up the Create Policy wizard.
  • In the Create Policy wizard set the name of the Policy say setAuthorization and then click on the Add button.

  • In policy snippet window provide the policy snippet provided below. In the snippet provide your third-party CRM connectors authorization from SAP Cloud Platform Open Connectors. Refer the blog Simplify connectivity to third-party application to know more about this token.

 

<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns='http://www.sap.com/apimgmt'>

<!-- Sets a new value to the existing parameter -->
<Set>
<Headers>
<Header name="Authorization">provide_your_authenticated_connector_token_from_SAP_Cloud_Platform_Open_Connectors</Header>
</Headers>
</Set>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" type="request">request</AssignTo>
</AssignMessage>

 

Note:- SAP Cloud Platform API Management, also supports storing of encrypted key value maps which can be used to further securely use this authorization. More information about encrypted key value map is available in help documentation.

  • Click on the Update button to save the Policy changes.

 

  • Click on the Save and Deploy button to persists and activate the API Proxy.

 

 

  • With this we have now created an API Proxy which can be consumed from the Fiori application. In order to apply the changes for the Principal propagation or single sign of user refer this blog series.

Note:- Only the first part of Single Sign On from Fiori application to SAP Cloud Platform API Management blog needs to be applied. The rest of the blogs and policies for SAML assertion generation is not required for this flow. This is because the connection to the third-party applications would be via the authorization token.

 

 

Destination to SAP Cloud Platform API Management

To connect the Fiori application to SAP Cloud Platform API Management managed Open Connectors CRM APIs, the destination openconnectors needs to be updated to the API Proxy host URL. In this section steps to update the destination to the API Proxy host URL is covered.

  • Click on Destinations tab under Connectivity. Select the destination named openconnectors and click on the Edit ( pencil icon) button.
  • Change the URL to the API Proxy URL which for trial should be in the format https://{your_useridtrial}-trial.apim1.hanatrial.ondemand.com/{your_userid}trial

 

With this have updated the openconnectors destination to connect to the API Proxy created on SAP Cloud Platform API Management.

Changes on Fiori applications

In this section, the changes required on Fiori application to remove the authorization token has been covered.

  • Open SAP Cloud Platform Web IDE Full stack service.
  • Expand the generated thirdpartydemo application from the previous blog.
  • Click on model.js from the expanded project in WorkSpace explorer and change the createDataModel function to remove the authorization token header as shown in the screen shot below.
  • Save and run the fiori application to connect securely via SAP Cloud Platform API Management.

 

  • This will launch the Fiori application in a new browser tab and after successful user login, data from your third-party application would be shown.

 

SAP Cloud Platform, API Management also offers many out of the box API Security best practices which includes security policies for Authentication and Authorization, Traffic Management and many more.

Further Reads

  • API Security Best Practices blog series.
  • Monitor and Analytics blog.
  • Enchanced developer experience blog.

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Rodrigo R. Salinas Torres
      Rodrigo R. Salinas Torres

      When i run the app i get no data after remove the sHeaders

      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Rodrigo,

      Apologies for the delay in response. Are your still facing the issue? If so could you check in the Chrome-> Developer tools Network tab, what is the error received.  The console & network tabs contains useful information about the issues that you might be facing.

      Mostly the issue happens because of the following reason :-

      a) The destination file is not URL or name mismatch.

      b) The API Proxy created on the API Management is not deployed or is giving errors.

       

      Thanks and Best Regards,

      Divya

      Author's profile photo Dhruv GUPTA
      Dhruv GUPTA

      Hello Rodrigo,

      Even I was having the same issue ,

      I did like below and it worked for me..

       

      createDataModel: function(){
      var oModel = new JSONModel();
      var sHeaders = {"authorization": "User Qlud0N+f4tSU0PacTMapz1uiQZMQ3EvlWMAlo1epUsM=, Organization bc32390a7b875b0eff8e58647e4ef144, Element 3a2AN3v29P7Yqli9dMY8jIZoZh8+SXlPivoYKecFzE8="};
      oModel.loadData("https://api.openconnectors.trial.eu10.ext.hana.ondemand.com/elements/api-v2/followers", null, true, "GET", null, false, sHeaders);
      return oModel;
      },

       

      Author's profile photo Srinivasa Reddy Bhimanadham
      Srinivasa Reddy Bhimanadham

      Hi Divya,

      Greetings of the Day!

           You are explained very Nice.

       

      Thanks and Regards,

      Srinivasa Reddy B.

       

      Author's profile photo Pankaj Yadav
      Pankaj Yadav

      Hi Divya Mary

      I hope you are doing well.
      Can you please help in giving solution for the issue mentioned in below link?
      Link: Error while connecting AmazonS3 open connectors to Fiori App via API Management | SAP Community

      Looking forward to hear from you.

      Author's profile photo Manjari Kotta
      Manjari Kotta

      Hi Divya Mary,

      We created an destination on Cloud platform and all the URL's are working from Webide, but when we deployed the app on the S/4 system, third party URL's are not working and we are receiving 404 error.

       

      Note: Our S/4 system is on premise system, do we need to do any other configuration  on S/4 hana system .

       

      Author's profile photo Manjari Kotta
      Manjari Kotta

      Hi Divya Mary,

      We created an destination on Cloud platform and all the URL's are working from Webide, but when we deployed the app on the S/4 system, third party URL's are not working and we are receiving 404 error.

       

      Note: Our S/4 system is on premise system, do we need to do any other configuration  on S/4 hana system .