Skip to Content
Technical Articles
Author's profile photo Nikhil Puri

Authorization Management API in SAP Cloud Platform

Purpose:

Authorization Management API is used to manage roles and groups and their assignments in applications. With Authorization Management API we can also assign the roles or group to user as per customer requirement.

The Authorization Management API is protected with OAuth 2.0 client credentials. Create an OAuth client and obtain an access token to call the API methods.

 

Follow the below given steps to obtain the access token to call the API methods.

Steps to obtains the access token to call the API methods.

  1. Logon to SAP Cloud Platform Cockpit.
  2. Click on oAuth to create client credentials.
  3. Click on Create API Client.
  4. Select the required permission.
  5. Once, we have our client credentials ready. We must create our destinations
  6. Create one more destination with same URL select Authentication as NoAuthentication.
  7. Now, we are good with our basic configuration. Let’s Implement the ajax calls to obtain the token and maintain roles and groups.
var access_token_url = "/<Destination name with authorization i.e. c4c_oauth> /oauth2/apitoken/v1?grant_type=client_credentials";
//************* AJAX Call Start *************//
$.ajax({
type: "POST",	
contentType: "application/json",
url: access_token_url,
success: function(data, textStatus, jqXHR) {	
var acc_token = data.access_token;
var header_token = "Bearer" + " " + acc_token;
var get_role_url = /<Second Destination with authorization NoAuthentication > /authorization/v1/accounts/<Subaccount Name> /users/roles/?userId=" +<Pass the userID>;
$.ajax({
type: "GET",	
contentType: "application/json",
accept: "application/json",
url: get_role_url,			
headers: {
"Authorization": header_token
},					
success: function(data, textStatus, jqXHR) {
	var data= JSON.stringify(data);
sap.m.MessageToast.show(data);
	},
error: function(jqXHR, textStatus, errorThrown) {		
// alert("Error " + csrf);
}
});
},
error: function(jqXHR, textStatus, errorThrown) {
alert("Error in Fetching CSRF");}});

 

Conclusion

It’s a simple example of checking the roles and groups assigned to user and their assignments in application. Hope it will help those who are facing this issue & add some knowledge to those who haven’t worked on such applications.

 

Important Links

https://api.hana.ondemand.com/authorization/v1/documentation

 

I hope everyone enjoyed this blog, Please don’t forget to put comment and share ?

 

Regards

Nikhil Puri

Assigned Tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Kumar Ashutosh
      Kumar Ashutosh

      Very helpful post!

      Author's profile photo Vinoth Kumar
      Vinoth Kumar

      Hi Nikhil,

      I have tried this, I am getting error : HTTP Status 401 – Unauthorized.

      I can able to get token, i am passing in to Bearer + TOKEN, But still i am getting 401 error.

      $.ajax({
      type: “GET”,
      contentType: “application/json”,
      accept: “application/json”,
      url: get_role_url,
      headers:{“Authorization”: header_token},
      success: function (data, textStatus, jqXHR) {
      var data = JSON.stringify(data);
      sap.m.MessageToast.show(data);
      },
      error: function (jqXHR, textStatus, errorThrown) {
      // alert(“Error ” + csrf);
      }
      });

      In Create API Client : I have assigned 4 roles you have mentioned in the blog.

      Using this 2 roles, i can able to get roles using postman with same URL.

      https://oauthasservices-XX.hana.ondemand.com/authorization/v1/accounts/{account}/users/roles/?userId=SUSERID

      Can you please help me out to solve this issue.

      Thanks in advance,

      Vinoth

       

       

      Author's profile photo Nikhil Puri
      Nikhil Puri
      Blog Post Author

      Hi Vinoth,

       

      Have you created the bearer token as defined below.

      var header_token = "Bearer" + " " + acc_token;

      Make sure in the second call, the destination should be created as no authentication

      Second Destination with authorization NoAuthentication
      Author's profile photo Shalini Shalini
      Shalini Shalini

      Very helpful blog. Do we have to follow the same steps if we create destination in the BTP?

      Author's profile photo Nikhil Puri
      Nikhil Puri
      Blog Post Author

      Hi Shalini,

      Yes, we have to follow the steps however it depends how we configured the destination in BTP.