External API Integration in SAP using REST handlers – PART 1
I have been not blogging for quite sometime and I was looking for some interesting use-case related to SAP Gateway which could be of some help to the community. Recently I have worked on SAP & External third party integration about which am going to share the technical know-how’s.
Let’s get started !
This is a step-by-step guide on how to call an external REST service from an SAP system using ABAP code. This documentation can be used as a reference for implementing calls from ABAP to any third party service which supports REST requests & JSON.The examples in this blog series have been implemented with SAP NetWeaver 7.50. However, the used ABAP classes exist with NetWeaver 7.3x onwards. Thus, the code can easily be adopted to suit for older SAP releases.
Before start coding in ABAP, we must execute the following preparation steps.
Export the SSL Certificate from the browser
You need an SSL certificate for the external slack server which hosts REST services. The following steps demonstrate how you can export the appropriate certificate using Google Chrome.
- Start Google Chrome and go to url https://slack.com/api/conversations.list
- You will receive http status 403 – Forbidden unless your browser already has installed an appropriate certificate. Ignore the error.
- Press F12 to start the developer tools.
- Click on tab Security.
- Click button View certificate.
- In popup dialog click on tab Details.
- Click button Copy to file in your local machine if you are using Windows.
- Save base-64 encoded X.509 certificate as file extrestsap.cer which will be imported into SAP.
Install Certificate in the SAP System
Proceed as follows to install the exported SSL certificate in your SAP system.
- In SAP, call transaction STRUST.
- Switch to edit mode (press according tool bar icon).
- If a local PSE file does not exist already, create it by right-clicking on SSL client SSL Client (Standard) and selecting Create from context menu. Keep all default settings in next popup dialog.
- In Certificate section, click Import (alternatively select menu item Certificate → Import). Choose file extrestsap.cer and import the certificate.
- Add to certificate list and click save as shown below.
Maintain RFC Destination in SAP
We have to create a RFC destination of type G with the following technical settings:
Target Host: https://slack.com/api/conversations.list
In our example this RFC destination is called ODATAORG.
Please note that you might have to configure a proxy server if you are in corporate network where access to external sites and web services are restricted by firewall due to security reasons.
Maintain the destination details based on your requirements. Below screenshot is for demo purpose only.
Configuration of TLS / SSL parameters in SAP
TLS (Transport Layer Security) is used to secure communication between your application program in SAP which acts as a consumer proxy and the REST API to which we are interfacing with.
There are scenarios where the hosted REST services in the external server support different version of TLS like 1.0 / 1.1 / 1.2. Ensure the required TLS / SSL configurations are enabled in SAP to connect with the REST api. Unless otherwise you may be not able to hit the api from SAP.
In modern api’s TLS version 1.0 is not supported. API integrations use TLS 1.1 as a minimum, but version 1.2 is recommended.
You can test whether your integration is compatible at any time using the test environment (https://api-testbed.giftbit.com/papi/v1)
If your test calls fail with an SSL handshake failure or similar error in SM59 when testing the connection, refer the F1 documentation or ICM Monitor ( TCode: SMICM ) for you to communicate with rest API. This type of failure may be caused by an outdated language version or library being used that does not have support for newer TLS versions.
Attached OSS message discusses in detail about the SSL configurations to be enabled in the ABAP application server. https://launchpad.support.sap.com/#/notes/510007
Thats all about configurations to be maintained. In the next part of this blog series, we will see how to write the ABAP code solution to consume these REST api’s using the standard handler CL_REST_HTTP_CLIENT and parser class /UI2/CL_JSON.
Hope you enjoyed reading the content.
Please visit Part 2 for this blog series here.