PI REST Adapter: Connect to BW/4HANA using X-CSRF-Token
This blog post is the continuation of a blog post which shows configuration about PI / CPI Integration with SAP BW/4HANA. You can find also some sample scenarios to make it easier for you to understand how you can achieve the integration between PI REST Adapter and SAP BW/4HANA.
The current blog post describes how to connect to SAP BW/4HANA via its XSRF protected REST API. In order to do so you need first to authenticate to the security policy domain and pass an HTTP header “X-CSRF-Token” with the value ‘Fetch’. If the authentication is successful the server generates a token, stores it in the user’s session table, and sends the value in the X-CSRF-Token HTTP response header. For each call in this session, the REST Adapter should send the token value obtained from the X-CSRF-Token HTTP header. As of release 7.50 SP15 the REST Adapter supports the configuration of XSRF protected REST API’s (see SAP Note 2757524). In this blog post I will describe how to configure such a scenario for connecting to the SAP BW/4HANA REST API.
From SAP BW/4HANA 2.0 Interface you need to take three URI’s:
- Get Structure URI, which will give you the XSD schema of the DataStore Object
- Get CSRF Token URI, it may be the same which gives you the XSD schema
- Send Data URI, which is the actual URI where you will use to PUSH data into a DataStore Object
and for each URI the corresponding HTTP method.
You need to have username and password for the SAP BW/4HANA 2.0 interface for a user which has rights to request the XSD schema and the XSRF token.
Firstly you should extract the XSD schema of the DataStore Object.
For this, you can use the Advanced REST Client Application in your Google Chrome browser or simply use your browser. Access the URL for the XSD schema using your credentials and save the result xsd (xml) file on your file system. Make sure that you are using the correct Content-type header (application/xml) otherwise you can get the JSON Schema which cannot be applied in the PI ESR.
Importing the XSD schema to ESR
Open your Enterprise Service Browser in the SAP Process Integration Designer. Go to the correspondent Software Component of your scenario, open the namespace tree and click with right button on the “External Definitions”. Select “Import External Definition”.
In the new window, add the XSD file from previous step and press next.
Now you have imported the Data Objects and can apply any mappings by your needs.
Configuring the REST receiver channel
You would like to access the SAP BW/4HANA Rest API. Create a new Integration Flow with Receiver channel of type REST. Select the receiver channel and switch to tab REST URL below tab Adapter-Specific. Maintain the URL pattern, use the given URL for Send Data.
As mentioned above, this service is XSRF protected, so next step is to configure usage of XSRF Token.
Switch to tab General below tab Adapter-Specific and check flag Use Basic Authentication. Here you should fill the information about the user and password for connection to the XSRF protected service.
Afterwards check the flag Use XSRF token. On this step you have to select the HTTP Operation which should be used for extracting the token. This information you should already have as per the section Prerequisites. In the drop down you will find the following non-modifying HTTP Operations:
Next required field is the XSRF Token URL which should be filled manually. Or if it is the same URL from tab REST URL you can check the flag “Use resource URL from tab ‘REST URL'”.
Switch to tab REST Operation and select for Value Source: Manual Value and under Static Value: select the required HTTP method for the Sent Data URI.
I hope this blog post was helpful to understand how to configure your REST Receiver channel in order to connect with SAP BW/4HANA XSRF protected service. If you like to learn more, check out the other blog posts accessible from the main blog post Data Integration with SAP BW/4HANA 2.0.
While maintain the URL pattern for sending data, do we have to maintain the URL with the parameter?
For example: /sap/bw4/v1/push/dataStores/XXXX/dataSend?request
I tried both the variations (with & without) parameter, but I am still getting Internal Server Error. The first URL to get the Token seems to work (getting HTTP 200 fromBW4HANA) but the second URL (DataSend) return HTTP 500 Internal Server error.
I have tried to setup the REST Receiver Channel as you explained in the blog.
Is there any customizing (or prerequisite) from the BW4HANA still missing in the blog?
Hello Satishkumar Dhamodharam, We are facing the same issue with "HTTP 500 Internal Server Error". How did you get past the issue? Thanks for sharing.
we are trying to implement the described scenario, but our pi is not reaching backend bw. Error is HTTP XSRF TOKEN REQUEST HAS FAILED -> connection timed out.
We checked if we can connect bw system from pi with telnet and it works.
Thank you for your support.
Hello Jürg Aebersold
We are facing issues with connecting PI to BW. How did you get past the issue? Thanks for sharing.
Hi Sudhanshu Surma
i got the the endpoints from BW - fellows and help from a senior developer
Following the REST-Receicer Channel configuration:
Channel - General
REST - URL
Static Value: POST
DATA Format (XML !)
Hope this helps out!
Many Thanks Jurg! I am reviewing your valuable inputs with my PI/PO Team 🙂
Thanks for your reply.
As per this SAP Help document(https://help.sap.com/viewer/107a6e8a38b74ede94c833ca3b7b6f51/2.0.3/en-US/8127edbcf2fa488ba04dfc1751d5261d.html#:~:text=XML)
there are two procedures to follow
Described in the above blog followed on the first procedure. does it right?
Please clarify me. Thank you very much
With Best Regards,
Did anyone have this working SOlution in SAP PO to use XSRF Token to call an API on S4?
I am unable to get any success. ANy pointer will be highly appreciated.
nice blog, but in the past it was possible and very easy via an ABAP Proxy to write data im multiple different DataSources in "one" transaction. So If there was a problem the hole "PI Message" was not written and the hole "Message" could be repeated.
How can we achive this in future ?
another question is:
Now we use ABAP Proxy (outbound) via SAP PI/PO to connect external systems.
How would this work on SAP BW4/HANA (in the cloud) ?
(Reverse Proxy would be available/CPI or Integration Suite not jet available) ?
Can you explain how you can "Get Structure URI, which will give you the XSD schema of the DataStore Object"? That is the critical and for this blog to work.
Hi Jonathan, Hope you googled to this useful SAP help.com documentation on "DataStore Object with Write Interface" already -