Skip to Content
Technical Articles
Author's profile photo Priyanka Anagani

SAP ECC Proxy – OneDrive Integration using Microsoft Graph API in SAP PO

Hello All,

Recently, I’ve got a requirement to integrate SAP ECC with OneDrive. This blog post gives you the detailed steps to be performed to Get/Put files in OneDrive using Microsoft graph API & OAuth in REST Adapter in PI/PO.

What is Microsoft Graph API?

              Graph is a RESTful web API that enables us to access Microsoft Cloud service resources. It is a single API endpoint for accessing a variety of Microsoft services.

The OneDrive REST API is part of the Microsoft Graph API which allows our app to connect to content stored in OneDrive and SharePoint. We can work with files across the Office 365 ecosystem like OneDrive, OneDrive for Business, and SharePoint document libraries using graph API.

Prerequisites:

    • OneDrive Service Account(Personnel/Business) with application Developer role.
    • Create application in Microsoft Application Registration Portal.
    • Create a client secret.
    • Add API permissions to authorize our app to access OneDrive.

Overview:
             The below picture gives the overview of steps need to be performed.

Create Application:

Open Microsoft Application Registration Portal – Azure Portal

Sign in using your account credentials.

 

Go to App Registrations and Register an application. Note down the client Id & tenant Id.

Create client Secret:

Click on “Certificates &secrets” on the left navigation menu and add a new client secret.

Note the generated client secret which we need to enter in REST receiver channel.

Add API Permissions:

Click on API permissions and add permissions to read & write files.

Application Permissions are required to access the OneDrive API from SAP PO (without a signed user).

Grant Admin consent as the Application permissions needs it.

Configuration in SAP PO:

Get Files from OneDrive:

Below are the list of files/folders available in OneDrive. Let’s retrieve the same through interface call via PO.

The ESR objects are not covered here as it is just like for other scenarios and ID configuration is as below.

Microsoft Graph Endpoint URL:

The Graph endpoint consists of below

    • Microsoft Graph root URL and version: https://graph.microsoft.com/v1.0
    • A root resource target:  /users/{user-id}
    • A OneDrive API resource target :/drive or /drives/{drive-id}/items/{item-id} or /drive/root:/path/to/item

The GetFile EndPoint URL format is like: GET https://graph.microsoft.com/v1.0/users/{user-id}/drive/root:/{path-relative-to-root}:/children

The postman request looks something like below.

The Authorization URL format is like: POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

If we try from postman tool, the request looks like below.

Loading of Certificates in NWA:

Get the leaf, intermediate and root certificates from https://login.microsoftonline.com and https://graph.microsoft.com and load them in trusted CAs in NWA.

The result retrieves all the files available in the root folder of the drive with it’s details as shown below.

Put Files to OneDrive:

This is a Proxy (with Attachment) to OneDrive scenario. Our requirement was to send invoice related PDF attachments to OneDrive folder. The attachment in the proxy request contains a PDF file and the main payload contains the file name and type.

Java Mapping has been used to read the filename(with Invoice number) & file type from source payload, create target filename and to transform the attachment to main payload. Here is the snapshot of mapping.

public void transform(TransformationInput input, TransformationOutput output) throws StreamTransformationException {
/**
* @Description : This Java mapping to transfer attachment to mainpayload
* @Author  :  Priyanka Anagani
* @Date  : 10/01/2020
**/
AbstractTrace trace = getTrace();
trace.addDebugMessage(“JavaMapping Started….!”);

String str = “”, attId = “”,attName =””, contentType = “”, contentId = “”, fileName =””;
Attachment attachment = null;
Object[] arrayObj = null;
byte[] attBytes = null;

InputAttachments inputAttachments = input.getInputAttachments();
InputStream inputstream = input.getInputPayload().getInputStream();
OutputStream outputstream = output.getOutputPayload().getOutputStream();

try{
//Get the name of the file from source payload
DocumentBuilder dBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
org.w3c.dom.Document document = dBuilder.parse(inputstream);//source doc
document.getDocumentElement().normalize();
NodeList nList =  document.getElementsByTagName(“FileName”);
fileName = nList.item(0).getTextContent();

NodeList nList2 =  document.getElementsByTagName(“FileType”);
fileName = fileName+ “.” +nList2.item(0).getTextContent();
trace.addInfo(“File Name is:”+fileName);

//set the file name in dynamic config
Map map = (Map) input.getInputHeader().getAll();
DynamicConfiguration conf = (DynamicConfiguration) input.getDynamicConfiguration();
DynamicConfigurationKey key1 = DynamicConfigurationKey.create(“http:/”+”/sap.com/xi/XI/System/REST”,”fileName”);
conf.put(key1, fileName);

if(inputAttachments.areAttachmentsAvailable()){
trace.addInfo(“Attachments Found”);
Collection<String> collectionIDs = inputAttachments.getAllContentIds(true);
arrayObj = collectionIDs.toArray();
for(int i =0;i<arrayObj.length;i++){
attId = (String)arrayObj[i];
attachment = inputAttachments.getAttachment(attId);
contentType = attachment.getContentType();
attBytes = attachment.getContent();
}//end of for
}//end of if
outputstream.write(attBytes);//write mainayload file
}//end of try
catch(Exception ex){
trace.addWarning(“Exception Raised…! “+ex);
}
}//end of transform

 

Below is the ID configuration.

Microsoft Graph Endpoint URL:

The authorization URL is same as mentioned before.

The endpoint URL to put files to OneDrive looks in the format: PUT https://graph.microsoft.com/v1.0/users/{user-id}/drive/root:/{path-relative-to-root}:{file-name}/content

The Postman request looks something like below.

The ECC proxy request contains payload & attachment.

The result will have the file (attachment in ECC req) placed in respective path in OneDrive.

Reference: https://docs.microsoft.com/en-us/onedrive/developer/rest-api/concepts/upload?view=odsp-graph-online

I Hope this will be helpful and I welcome your feedback?

 

Assigned Tags

      14 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Eurico Borges
      Eurico Borges

      Excelent. Very helpfull. This opens up a lot of possibilities like put/get operations in Sharepoint or Azure Blob Storage.

      Priyanka Anagani can you please detail a bit more on how did you pass the PDF binary from SAP ECC to  SAP PO ?

      Thanks

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Eurico,

      Thank you for your feedback!!

      To pass the PDF to PO proxy, you need to get the PDF binary data in XString variable & create spool. Please refer
      https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=240189709
      https://wiki.scn.sap.com/wiki/display/ABAP/PDF+files+in+SAP#PDFfilesinSAP-WhatpossibilitiesdoesSAPoffertogeneratePDFfiles?

      Your ABAP team would be able to help you in getting the PDF attached to proxy. After that, in PO we just need to swap the payload with attachment & mark the data format as binary in REST receiver channel.

      --Priyanka

      Author's profile photo Manju Achar
      Manju Achar

      Excellent Blog. Thanks Priyanka for sharing and appreciate your efforts.

      Author's profile photo Vijayashankar Konam
      Vijayashankar Konam

      Thanks for the blog Priyanka.

      So, in your case, is ECC sending two calls to Azure? One to get the token and then to upload the file to the cloud drive?

       

      Thanks,

      Vijay Konam (VJ)

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Vijay,

      It was a single call from ECC Proxy with payload & attachment to upload file as you see in the screenshot. OAuth is configured in channel so that the channel gets the token before making put/get request to OneDrive. No need of a separate call to get the OAuth token. Hope it is clear.

       

      --Priyanka

      Author's profile photo Gautham Paspala
      Gautham Paspala

      Awesome. I once rejected this kind of requirement. Thank you for sharing the use case.

       

      Regards,

      Gautham Paspala

      Author's profile photo Swetanshu Shekhar
      Swetanshu Shekhar

      Hi Priyanka,

       

      You have given 13 permissions (application and delegated).

      Can you please provide a list of the same.

      I have added the below permissions:

      Please let me know if these are enough for the connectivity.

      Thanks

      Swetanshu

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Swetanshu,

      You mainly need File read & write permissions with Admin Consent Granted to be able to read from/write to onedrive. Remaining all permissions are optional. If you still want to have a look, here is the list.

       

      –Priyanka

      Author's profile photo Swetanshu Shekhar
      Swetanshu Shekhar

      Hi Priyanka,

       

      Our requirement is to post a file in One Drive.

      Can you please help with ESR configurations and also confirm if we need to install the certificates and java mapping for that?

       

      Thanks

      Swetanshu

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Swetanshu,

      In my example, I was getting the file as proxy attachment and hence I used java mapping. If your payload directly contains the file to be placed in OneDrive, you don't need java mapping.

      You need to load the leaf, intermediate & root certificates in NWA as I mentioned in the article.

       

      --Priyanka

      Author's profile photo Jef Vleugels
      Jef Vleugels

      Hi Priyanka,

      Thank you for this great article.

      Why is the Leaf certificate or even Intermediate necessary when talking to the Graph API?

      Leaf certificates are only valid for 1 year, and we would have to monitor that. Is it also possible to add just the trusted root?

      Kind regards, Jef

       

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Jef,

      It's been many months I logged in to SCN and hence could not respond.

      As I was getting certificate rejected error, I had to install all the certificates. We've enabled alert notification for certificate expiry so it did not become a problem for us.

      --Priyanka

      Author's profile photo Philomena steffy
      Philomena steffy

      Hi Priyanka,

      We have one such requirement, I have a doubt if REST adapter can handle files of size more than 20MB and also keen to know if this can be achieved through SOAP adapter which can handle files bigger in size

      Author's profile photo Priyanka Anagani
      Priyanka Anagani
      Blog Post Author

      Hi Philomena,

      Handling of file size is always depends on your system infrastructure. However, as I know, there is no such limitation for REST. But, for uploading files to OneDrive, there is a limitation at Microsoft graph API end. The API that I described above was to handle small files up to 4mb in size.

      For transmitting the large files, MS Graph provides a different API and I explained how large files can be transmitted in my new article. Please check

      https://blogs.sap.com/2021/08/31/resumable-upload-of-large-files-to-microsoft-onedrive-via-sap-po/

       

      --Priyanka