Hi,
Since the REST adapter has been introduced there have been so many queries on how to fetch Oauth Token to authenticate the REST API. Our fellow SAP Community members have provided multiple solution with adapter modules and UDFs to fetch the Oauth token, but finally from SAP PO 7.5 SP13 we have out of the box functionality in adapter to do it which saves the hassle of writing a code and setting the headers with ASMA variables.
Conventional Way
https://blogs.sap.com/2017/02/13/enablement-of-oauth-2.0-authorization-in-receiver-communication-cha...
https://blogs.sap.com/2017/01/23/oauth-2.0-authentication-within-a-udf-mapping-to-be-included-in-res...
Out of the Box Functionality
Finally with SP13 we have out of the box functionality to fetch the token in the adapter itself. This adds advantages like
1. avoid using external library and java classes which might need to be upgraded with time as version change occurs
2. Performance optimization
3. Easy to maintain
I will highlight some features which SAP could add still to make life easy , but first let us see how it is done.
1. General Tab -> Oauth
i) Enable Authorize with Oauth
ii) Choose the type of Flow. I am using the most common case of Bearer token Grant_type flow, we have multiple options in REST APIs for grant flow. The list can be seen and understood from - https://oauth.net/2/grant-types/
SAP has right now provided only 2 of the above grant_types.
iii) Now we need to give details further necessary to call the REST API. These details can either be HTTP Headers or Query parameter to the URL. Based on as required REST API choose the correct options.
iv) we can pass any additional parameter in the Additional Parameters, the parameter can be of following types
v) I am writing this point in bold for unusual behavior of Additional Parameters. My additional parameters were supposed to go as Http Headers but it did not work so I have put it as Query parameter and it worked.
SAP claims to have resolved this with SP13 P 0028 (Note - 2782239) or from SP14. I am on Patch 27 so need to check again. I will update if I get the latest patch.
vi) One last check is the check box Use Oauth Token Caching. Now your REST API might have the token valid for certain time (say 1 hour), if you check this box the same token will be used till it expires.
To check the expiry time, try fetching token from POSTMAN, you will get response header with parameter expires_in.
Note - you do not need to maintain the expires_in parameter in SAP PO, the check box will read the expiry time from response header.
That is all , everything else remain same now your REST calls will be work fine. As mentioned in the beginning of the blog, there is one improvement which i think we can have is monitoring of this functionality.
At present the normal message logs do not display the fetched token or mentions the step of token being fetched which leaves us clueless to debug.
Hope this blog will be useful to the fellow members. also I never miss to provide references so a similar attempt has been published in the below blog
https://blogs.sap.com/2017/07/21/sap-po-rest-integration-with-salesforce-oauth/
See you soon, with next blog!
Since the REST adapter has been introduced there have been so many queries on how to fetch Oauth Token to authenticate the REST API. Our fellow SAP Community members have provided multiple solution with adapter modules and UDFs to fetch the Oauth token, but finally from SAP PO 7.5 SP13 we have out of the box functionality in adapter to do it which saves the hassle of writing a code and setting the headers with ASMA variables.
Conventional Way
- Write UDF or adapter module to fetch the token
- Pass the token in ASMA variable and use it in the HTTP Headers
- Few blogs which solved this in the the Pre-SP13 era
https://blogs.sap.com/2017/02/13/enablement-of-oauth-2.0-authorization-in-receiver-communication-cha...
https://blogs.sap.com/2017/01/23/oauth-2.0-authentication-within-a-udf-mapping-to-be-included-in-res...
Out of the Box Functionality
Finally with SP13 we have out of the box functionality to fetch the token in the adapter itself. This adds advantages like
1. avoid using external library and java classes which might need to be upgraded with time as version change occurs
2. Performance optimization
3. Easy to maintain
I will highlight some features which SAP could add still to make life easy , but first let us see how it is done.
1. General Tab -> Oauth
i) Enable Authorize with Oauth
ii) Choose the type of Flow. I am using the most common case of Bearer token Grant_type flow, we have multiple options in REST APIs for grant flow. The list can be seen and understood from - https://oauth.net/2/grant-types/
SAP has right now provided only 2 of the above grant_types.
iii) Now we need to give details further necessary to call the REST API. These details can either be HTTP Headers or Query parameter to the URL. Based on as required REST API choose the correct options.
iv) we can pass any additional parameter in the Additional Parameters, the parameter can be of following types
- Query - Parameter will be added to the URL query
- HttpHeader - Parameter will be added as HTTP header
v) I am writing this point in bold for unusual behavior of Additional Parameters. My additional parameters were supposed to go as Http Headers but it did not work so I have put it as Query parameter and it worked.
SAP claims to have resolved this with SP13 P 0028 (Note - 2782239) or from SP14. I am on Patch 27 so need to check again. I will update if I get the latest patch.
vi) One last check is the check box Use Oauth Token Caching. Now your REST API might have the token valid for certain time (say 1 hour), if you check this box the same token will be used till it expires.
To check the expiry time, try fetching token from POSTMAN, you will get response header with parameter expires_in.
Note - you do not need to maintain the expires_in parameter in SAP PO, the check box will read the expiry time from response header.
That is all , everything else remain same now your REST calls will be work fine. As mentioned in the beginning of the blog, there is one improvement which i think we can have is monitoring of this functionality.
At present the normal message logs do not display the fetched token or mentions the step of token being fetched which leaves us clueless to debug.
Hope this blog will be useful to the fellow members. also I never miss to provide references so a similar attempt has been published in the below blog
https://blogs.sap.com/2017/07/21/sap-po-rest-integration-with-salesforce-oauth/
See you soon, with next blog!
- SAP Managed Tags:
42 Comments
