Skip to Content
Technical Articles
Author's profile photo Prabaharan Asokan

External API Integration in SAP using REST handlers – PART 1

Hello Everyone,

I have been not blogging for quite sometime and I was looking for some interesting use-case related to SAP Gateway which could be of some help to the community. Recently I have worked on SAP & External third party integration about which am going to share the technical know-how’s.

Let’s get started !


This is a step-by-step guide on how to call an external REST service from an SAP system using ABAP code. This documentation can be used as a reference for implementing calls from ABAP to any third party service which supports REST requests & JSON.The examples in this blog series have been implemented with SAP NetWeaver 7.50. However, the used ABAP classes exist with NetWeaver 7.3x onwards. Thus, the code can easily be adopted to suit for older SAP releases.


Before start coding in ABAP, we must execute the following preparation steps.

Export the SSL Certificate from the browser

You need an SSL certificate for the external slack server which hosts REST services. The following steps demonstrate how you can export the appropriate certificate using Google Chrome.

  1. Start Google Chrome and go to url
  2. You will receive http status 403 – Forbidden unless your browser already has installed an appropriate certificate. Ignore the error.
  3. Press F12 to start the developer tools.
  4. Click on tab Security.
  5. Click button View certificate.
  6. In popup dialog click on tab Details.
  7. Click button Copy to file in your local machine if you are using Windows.
  8. Save base-64 encoded X.509 certificate as file extrestsap.cer which will be imported into SAP.

Install Certificate in the SAP System

Proceed as follows to install the exported SSL certificate in your SAP system.

  1. In SAP, call transaction STRUST.
  2. Switch to edit mode (press according tool bar icon).
  3. If a local PSE file does not exist already, create it by right-clicking on SSL client SSL Client (Standard) and selecting Create from context menu. Keep all default settings in next popup dialog.
  4. In Certificate section, click Import (alternatively select menu item Certificate → Import). Choose file extrestsap.cer and import the certificate.
  5. Add to certificate list and click save as shown below.

Maintain RFC Destination in SAP

We have to create a RFC destination of type G with the following technical settings:

Target Host:

In our example this RFC destination is called ODATAORG.

Please note that you might have to configure a proxy server if you are in corporate network where access to external sites and web services are restricted by firewall due to security reasons.

Maintain the destination details based on your requirements. Below screenshot is for demo purpose only.

Configuration of TLS / SSL parameters in SAP

TLS (Transport Layer Security) is used to secure communication between your application program in SAP which acts as a consumer proxy and the REST API to which we are interfacing with.

There are scenarios where the hosted REST services in the external server support different version of TLS like 1.0 / 1.1 / 1.2. Ensure the required TLS / SSL configurations are enabled in SAP to connect with the REST api. Unless otherwise you may be not able to hit the api from SAP.

In modern api’s TLS version 1.0 is not supported. API integrations use TLS 1.1 as a minimum, but version 1.2 is recommended.

You can test whether your integration is compatible at any time using the test environment (

If your test calls fail with an SSL handshake failure or similar error in SM59 when testing the connection, refer the F1 documentation or ICM Monitor ( TCode: SMICM ) for you to communicate with rest API.  This type of failure may be caused by an outdated language version or library being used that does not have support for newer TLS versions.

Attached OSS message discusses in detail about the SSL configurations to be enabled in the ABAP application server.

Thats all about configurations to be maintained. In the next part of this blog series, we will see how to write the ABAP code solution to consume these REST api’s using the standard handler CL_REST_HTTP_CLIENT and parser class /UI2/CL_JSON.

Hope you enjoyed reading the content.


Please visit Part 2 for this blog series here.



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo HEAD IS
      HEAD IS

      Hi Prabaharan Asokan,


      We are new to this concept and we are planning to setup E-invoice throught the concepts which you have mentioned in the above article.  Will it be suitable for the same.

      Please clarify the below points.

      1. You are importing the certificate from google chrome and adding to the server - Do we need to do the same activity.
      2. Creating a RFC to the API. - We want to access the  - How to create this one
      3. Our connection is through HTTPS.


      Kindly help us to resolve this issue




      M. Surendra


      Author's profile photo Prabaharan Asokan
      Prabaharan Asokan
      Blog Post Author


      I hope you might have found answers to your questions already. If in case not, please see if my response could be of some help.


      1. You are importing the certificate from google chrome and adding to the server – Do we need to do the same activity.

      It depends on the user case in my case using Slack / Intercom was sufficient.

      2. Creating a RFC to the API. – We want to access the  – How to create this one

      Please go through this blog series to get deeper understanding of how to achieve the above requirements. We have long / strict set of configurations involved that are discussed in the blogs.

      3. Our connection is through HTTPS.

      Yes, this is supported provided STRUST setup is enabled for the SAP system to act like client proxy.





      Author's profile photo Ankur Singh
      Ankur Singh

      Hi M. Surendra,



      We are trying to consume the E-invoice API through SAP system..please let us know the detail steps




      Author's profile photo Shankar Vangari
      Shankar Vangari

      Is it alwats odata when you create in SM59?

      Author's profile photo Graham Day
      Graham Day

      Hi Prabaharan, nice article. I'm in the process of writing code to consume external rest api's that require HTTPS. If you have time I have a couple of questions. I have created my own SSL Client Identity and loaded the certificates against it ( PKCS#12, so it should contain both Public and Private Keys) What I'm not clear on is how I populate the HTTP request, this needs the Authorisation Header to contain the Public Key. How do I retrieve this from STRUST? Also the Body of the request requires 2 strings of data, First String is a random string of characters encoded in Base64 and the Second String is the First String signed by the Private Key. How do I get SAP to sign this data with the Private Key in STRUST. I have looked at a few of the standard classes such as CL_SMIME / CL_ST_CRYPTO_X509 - my thinking is that I could create an instance based on my SSL Client Identity I have created. Any help guidance would be much appreciated. Kind regards Graham

      Author's profile photo Devendra Singh
      Devendra Singh

      Thanks Prabaharan Asokan . Very Informative !!

      Author's profile photo Israel Morales
      Israel Morales

      Hi everyone,


      Some of you guys know if all this process is suitable for this landscape: SAP_BASIS 702 / SP 22?


      I had tried to use the SM59 to call our required endpoint but still getting the "Failed connection" message.


      Please advise,


      Author's profile photo Amy King
      Amy King

      Great blog, Prabaharan. I appreciate the details you included.

      You wrote that, "you might have to configure a proxy server if you are in corporate network where access to external sites and web services are restricted by firewall"

      How would the approach in your blog be used along with a proxy? I notice SAP's "Create > Enterprise Service" wizard to create a "service consumer" or "consumer proxy" does not work with a REST service as the wizard expects a WSDL, so how could you create the proxy?