Skip to Content
Technical Articles

SAP ECC Proxy – OneDrive Integration using Microsoft Graph API in SAP PO

Hello All,

Recently, I’ve got a requirement to integrate SAP ECC with OneDrive. This blog post gives you the detailed steps to be performed to Get/Put files in OneDrive using Microsoft graph API & OAuth in REST Adapter in PI/PO.

What is Microsoft Graph API?

              Graph is a RESTful web API that enables us to access Microsoft Cloud service resources. It is a single API endpoint for accessing a variety of Microsoft services.

The OneDrive REST API is part of the Microsoft Graph API which allows our app to connect to content stored in OneDrive and SharePoint. We can work with files across the Office 365 ecosystem like OneDrive, OneDrive for Business, and SharePoint document libraries using graph API.


    • OneDrive Service Account(Personnel/Business) with application Developer role.
    • Create application in Microsoft Application Registration Portal.
    • Create a client secret.
    • Add API permissions to authorize our app to access OneDrive.

             The below picture gives the overview of steps need to be performed.

Create Application:

Open Microsoft Application Registration Portal – Azure Portal

Sign in using your account credentials.


Go to App Registrations and Register an application. Note down the client Id & tenant Id.

Create client Secret:

Click on “Certificates &secrets” on the left navigation menu and add a new client secret.

Note the generated client secret which we need to enter in REST receiver channel.

Add API Permissions:

Click on API permissions and add permissions to read & write files.

Application Permissions are required to access the OneDrive API from SAP PO (without a signed user).

Grant Admin consent as the Application permissions needs it.

Configuration in SAP PO:

Get Files from OneDrive:

Below are the list of files/folders available in OneDrive. Let’s retrieve the same through interface call via PO.

The ESR objects are not covered here as it is just like for other scenarios and ID configuration is as below.

Microsoft Graph Endpoint URL:

The Graph endpoint consists of below

    • Microsoft Graph root URL and version:
    • A root resource target:  /users/{user-id}
    • A OneDrive API resource target :/drive or /drives/{drive-id}/items/{item-id} or /drive/root:/path/to/item

The GetFile EndPoint URL format is like: GET{user-id}/drive/root:/{path-relative-to-root}:/children

The postman request looks something like below.

The Authorization URL format is like: POST{tenant-id}/oauth2/v2.0/token

If we try from postman tool, the request looks like below.

Loading of Certificates in NWA:

Get the leaf, intermediate and root certificates from and and load them in trusted CAs in NWA.

The result retrieves all the files available in the root folder of the drive with it’s details as shown below.

Put Files to OneDrive:

This is a Proxy (with Attachment) to OneDrive scenario. Our requirement was to send invoice related PDF attachments to OneDrive folder. The attachment in the proxy request contains a PDF file and the main payload contains the file name and type.

Java Mapping has been used to read the filename(with Invoice number) & file type from source payload, create target filename and to transform the attachment to main payload. Here is the snapshot of mapping.

public void transform(TransformationInput input, TransformationOutput output) throws StreamTransformationException {
* @Description : This Java mapping to transfer attachment to mainpayload
* @Author  :  Priyanka Anagani
* @Date  : 10/01/2020
AbstractTrace trace = getTrace();
trace.addDebugMessage(“JavaMapping Started….!”);

String str = “”, attId = “”,attName =””, contentType = “”, contentId = “”, fileName =””;
Attachment attachment = null;
Object[] arrayObj = null;
byte[] attBytes = null;

InputAttachments inputAttachments = input.getInputAttachments();
InputStream inputstream = input.getInputPayload().getInputStream();
OutputStream outputstream = output.getOutputPayload().getOutputStream();

//Get the name of the file from source payload
DocumentBuilder dBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
org.w3c.dom.Document document = dBuilder.parse(inputstream);//source doc
NodeList nList =  document.getElementsByTagName(“FileName”);
fileName = nList.item(0).getTextContent();

NodeList nList2 =  document.getElementsByTagName(“FileType”);
fileName = fileName+ “.” +nList2.item(0).getTextContent();
trace.addInfo(“File Name is:”+fileName);

//set the file name in dynamic config
Map map = (Map) input.getInputHeader().getAll();
DynamicConfiguration conf = (DynamicConfiguration) input.getDynamicConfiguration();
DynamicConfigurationKey key1 = DynamicConfigurationKey.create(“http:/”+”/”,”fileName”);
conf.put(key1, fileName);

trace.addInfo(“Attachments Found”);
Collection<String> collectionIDs = inputAttachments.getAllContentIds(true);
arrayObj = collectionIDs.toArray();
for(int i =0;i<arrayObj.length;i++){
attId = (String)arrayObj[i];
attachment = inputAttachments.getAttachment(attId);
contentType = attachment.getContentType();
attBytes = attachment.getContent();
}//end of for
}//end of if
outputstream.write(attBytes);//write mainayload file
}//end of try
catch(Exception ex){
trace.addWarning(“Exception Raised…! “+ex);
}//end of transform


Below is the ID configuration.

Microsoft Graph Endpoint URL:

The authorization URL is same as mentioned before.

The endpoint URL to put files to OneDrive looks in the format: PUT{user-id}/drive/root:/{path-relative-to-root}:{file-name}/content

The Postman request looks something like below.

The ECC proxy request contains payload & attachment.

The result will have the file (attachment in ECC req) placed in respective path in OneDrive.


I Hope this will be helpful and I welcome your feedback😊


You must be Logged on to comment or reply to a post.
  • Excelent. Very helpfull. This opens up a lot of possibilities like put/get operations in Sharepoint or Azure Blob Storage.

    Priyanka Anagani can you please detail a bit more on how did you pass the PDF binary from SAP ECC to  SAP PO ?


  • Thanks for the blog Priyanka.

    So, in your case, is ECC sending two calls to Azure? One to get the token and then to upload the file to the cloud drive?



    Vijay Konam (VJ)

    • Hi Vijay,

      It was a single call from ECC Proxy with payload & attachment to upload file as you see in the screenshot. OAuth is configured in channel so that the channel gets the token before making put/get request to OneDrive. No need of a separate call to get the OAuth token. Hope it is clear.



  • Hi Priyanka,


    You have given 13 permissions (application and delegated).

    Can you please provide a list of the same.

    I have added the below permissions:

    Please let me know if these are enough for the connectivity.



    • Hi Swetanshu,

      You mainly need File read & write permissions with Admin Consent Granted to be able to read from/write to onedrive. Remaining all permissions are optional. If you still want to have a look, here is the list.



  • Hi Priyanka,


    Our requirement is to post a file in One Drive.

    Can you please help with ESR configurations and also confirm if we need to install the certificates and java mapping for that?




    • Hi Swetanshu,

      In my example, I was getting the file as proxy attachment and hence I used java mapping. If your payload directly contains the file to be placed in OneDrive, you don’t need java mapping.

      You need to load the leaf, intermediate & root certificates in NWA as I mentioned in the article.