SAP Cloud Platform Integration – Headers whitelisting in OData V2 Outbound Connector
As described in the blog https://blogs.sap.com/2018/08/14/sap-cloud-platform-integration-odata-v2-headers-propagation-and-response-body/, in SAP Cloud Platform Integration version 2.43.x and above, all the message headers implicitly getting converted to HTTP request headers and sent to OData V2 endpoint with OData V2 outbound adapter/connector. This required some extra steps to clean up headers via script before invoking OData V2 endpoint. This ended up in multiple scripts steps in integration flow and, it was difficult identify the message headers which were creating issues in invoking OData V2 endpoint.
SAP Cloud Platform Integration version 2.49.x reduces this complexity. OData V2 outbound adapter now comes with a UI enhancement where-in, you can add the headers which you want to send as HTTP header(s) to OData V2 endpoint. This blog explains how to whitelist the request headers.
Request and Response Headers
The OData V2 outbound connector/adapter properties UI has been enhanced with text fields to capture/whitelist the request and response as shown below
Consider an example Integration Flow project with HTTP inbound connector, a content modifier and an OData V2 outbound connector.
Now consider that you wish to send an if-match header and a myHeader to OData V2 endpoint.
The if-match header is being passed from the caller system (e.g. POSTMAN client) who invokes the HTTP endpoint, provisioned after the deployment of Integration Flow. For this, you need to make an entry of if-match in Allowed Headers field of Integration flow properties. Another header called as myHeader, created in content modifier. To propagate these two headers to OData V2 endpoint, you need to add/whitelist these two Request headers (under HEADER DETAILS section) field as shown below.
Usage of apikey
If you are configuring OData v2 endpoints in SAP Cloud Platform Integration OData V2 outbound/receiver adapter, which are authenticated by apikey, then you can create a header named apikey in either content modifier or script step (like myHeader in the above section) and provide the required value to apikey.
Then, you need to provide this header in Request Headers of HEADER DETAILS section as well as Request Headers of METADATA DETAILS section as shown below.
Since apikey will be used as authentication header, you need to set the Authorization property drop down control of OData V2 outbound/receiver connector properties to None.
OData V2 outbound connector will now convert these two headers as HTTP header and sets the values of each headers as available and sends it to the OData V2 endpoint.
After deployment of this integration flow, you get access to the endpoint from the monitoring view under Integration Content
When you invoke this endpoint from a client, for example, POSTMAN client, with proper if-match header value, the Supplier response will be sent, as shown in the screenshots below.
If you expect some of the response headers, which will be sent by the OData V2 services, to be converted as message headers, then you should make such header entries in Response field.
With option to whitelist the request and response headers, you now have more control of the headers to be sent to OData V2 backend and the response headers to be allowed in the integration pipeline.