Technical Articles
SAP ECC Proxy – OneDrive Integration using Microsoft Graph API in SAP PO
Hello All,
Recently, I’ve got a requirement to integrate SAP ECC with OneDrive. This blog post gives you the detailed steps to be performed to Get/Put files in OneDrive using Microsoft graph API & OAuth in REST Adapter in PI/PO.
What is Microsoft Graph API?
Graph is a RESTful web API that enables us to access Microsoft Cloud service resources. It is a single API endpoint for accessing a variety of Microsoft services.
The OneDrive REST API is part of the Microsoft Graph API which allows our app to connect to content stored in OneDrive and SharePoint. We can work with files across the Office 365 ecosystem like OneDrive, OneDrive for Business, and SharePoint document libraries using graph API.
Prerequisites:
-
- OneDrive Service Account(Personnel/Business) with application Developer role.
- Create application in Microsoft Application Registration Portal.
- Create a client secret.
- Add API permissions to authorize our app to access OneDrive.
Overview:
The below picture gives the overview of steps need to be performed.
Create Application:
Open Microsoft Application Registration Portal – Azure Portal
Sign in using your account credentials.
Go to App Registrations and Register an application. Note down the client Id & tenant Id.
Create client Secret:
Click on “Certificates &secrets” on the left navigation menu and add a new client secret.
Note the generated client secret which we need to enter in REST receiver channel.
Add API Permissions:
Click on API permissions and add permissions to read & write files.
Application Permissions are required to access the OneDrive API from SAP PO (without a signed user).
Grant Admin consent as the Application permissions needs it.
Configuration in SAP PO:
Get Files from OneDrive:
Below are the list of files/folders available in OneDrive. Let’s retrieve the same through interface call via PO.
The ESR objects are not covered here as it is just like for other scenarios and ID configuration is as below.
Microsoft Graph Endpoint URL:
The Graph endpoint consists of below
-
- Microsoft Graph root URL and version: https://graph.microsoft.com/v1.0
- A root resource target: /users/{user-id}
- A OneDrive API resource target :/drive or /drives/{drive-id}/items/{item-id} or /drive/root:/path/to/item
The GetFile EndPoint URL format is like: GET https://graph.microsoft.com/v1.0/users/{user-id}/drive/root:/{path-relative-to-root}:/children
The postman request looks something like below.
The Authorization URL format is like: POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
If we try from postman tool, the request looks like below.
Loading of Certificates in NWA:
Get the leaf, intermediate and root certificates from https://login.microsoftonline.com and https://graph.microsoft.com and load them in trusted CAs in NWA.
The result retrieves all the files available in the root folder of the drive with it’s details as shown below.
Put Files to OneDrive:
This is a Proxy (with Attachment) to OneDrive scenario. Our requirement was to send invoice related PDF attachments to OneDrive folder. The attachment in the proxy request contains a PDF file and the main payload contains the file name and type.
Java Mapping has been used to read the filename(with Invoice number) & file type from source payload, create target filename and to transform the attachment to main payload. Here is the snapshot of mapping.
public void transform(TransformationInput input, TransformationOutput output) throws StreamTransformationException {
/**
* @Description : This Java mapping to transfer attachment to mainpayload
* @Author : Priyanka Anagani
* @Date : 10/01/2020
**/
AbstractTrace trace = getTrace();
trace.addDebugMessage(“JavaMapping Started….!”);
String str = “”, attId = “”,attName =””, contentType = “”, contentId = “”, fileName =””;
Attachment attachment = null;
Object[] arrayObj = null;
byte[] attBytes = null;
InputAttachments inputAttachments = input.getInputAttachments();
InputStream inputstream = input.getInputPayload().getInputStream();
OutputStream outputstream = output.getOutputPayload().getOutputStream();
try{
//Get the name of the file from source payload
DocumentBuilder dBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
org.w3c.dom.Document document = dBuilder.parse(inputstream);//source doc
document.getDocumentElement().normalize();
NodeList nList = document.getElementsByTagName(“FileName”);
fileName = nList.item(0).getTextContent();
NodeList nList2 = document.getElementsByTagName(“FileType”);
fileName = fileName+ “.” +nList2.item(0).getTextContent();
trace.addInfo(“File Name is:”+fileName);
//set the file name in dynamic config
Map map = (Map) input.getInputHeader().getAll();
DynamicConfiguration conf = (DynamicConfiguration) input.getDynamicConfiguration();
DynamicConfigurationKey key1 = DynamicConfigurationKey.create(“http:/”+”/sap.com/xi/XI/System/REST”,”fileName”);
conf.put(key1, fileName);
if(inputAttachments.areAttachmentsAvailable()){
trace.addInfo(“Attachments Found”);
Collection<String> collectionIDs = inputAttachments.getAllContentIds(true);
arrayObj = collectionIDs.toArray();
for(int i =0;i<arrayObj.length;i++){
attId = (String)arrayObj[i];
attachment = inputAttachments.getAttachment(attId);
contentType = attachment.getContentType();
attBytes = attachment.getContent();
}//end of for
}//end of if
outputstream.write(attBytes);//write mainayload file
}//end of try
catch(Exception ex){
trace.addWarning(“Exception Raised…! “+ex);
}
}//end of transform
Below is the ID configuration.
Microsoft Graph Endpoint URL:
The authorization URL is same as mentioned before.
The endpoint URL to put files to OneDrive looks in the format: PUT https://graph.microsoft.com/v1.0/users/{user-id}/drive/root:/{path-relative-to-root}:{file-name}/content
The Postman request looks something like below.
The ECC proxy request contains payload & attachment.
The result will have the file (attachment in ECC req) placed in respective path in OneDrive.
Reference: https://docs.microsoft.com/en-us/onedrive/developer/rest-api/concepts/upload?view=odsp-graph-online
I Hope this will be helpful and I welcome your feedback?
Excelent. Very helpfull. This opens up a lot of possibilities like put/get operations in Sharepoint or Azure Blob Storage.
Priyanka Anagani can you please detail a bit more on how did you pass the PDF binary from SAP ECC to SAP PO ?
Thanks
Hi Eurico,
Thank you for your feedback!!
To pass the PDF to PO proxy, you need to get the PDF binary data in XString variable & create spool. Please refer
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=240189709
https://wiki.scn.sap.com/wiki/display/ABAP/PDF+files+in+SAP#PDFfilesinSAP-WhatpossibilitiesdoesSAPoffertogeneratePDFfiles?
Your ABAP team would be able to help you in getting the PDF attached to proxy. After that, in PO we just need to swap the payload with attachment & mark the data format as binary in REST receiver channel.
--Priyanka
Excellent Blog. Thanks Priyanka for sharing and appreciate your efforts.
Thanks for the blog Priyanka.
So, in your case, is ECC sending two calls to Azure? One to get the token and then to upload the file to the cloud drive?
Thanks,
Vijay Konam (VJ)
Hi Vijay,
It was a single call from ECC Proxy with payload & attachment to upload file as you see in the screenshot. OAuth is configured in channel so that the channel gets the token before making put/get request to OneDrive. No need of a separate call to get the OAuth token. Hope it is clear.
--Priyanka
Awesome. I once rejected this kind of requirement. Thank you for sharing the use case.
Regards,
Gautham Paspala
Hi Priyanka,
You have given 13 permissions (application and delegated).
Can you please provide a list of the same.
I have added the below permissions:
Please let me know if these are enough for the connectivity.
Thanks
Swetanshu
Hi Swetanshu,
You mainly need File read & write permissions with Admin Consent Granted to be able to read from/write to onedrive. Remaining all permissions are optional. If you still want to have a look, here is the list.
–Priyanka
Hi Priyanka,
Our requirement is to post a file in One Drive.
Can you please help with ESR configurations and also confirm if we need to install the certificates and java mapping for that?
Thanks
Swetanshu
Hi Swetanshu,
In my example, I was getting the file as proxy attachment and hence I used java mapping. If your payload directly contains the file to be placed in OneDrive, you don't need java mapping.
You need to load the leaf, intermediate & root certificates in NWA as I mentioned in the article.
--Priyanka
Hi Priyanka,
Thank you for this great article.
Why is the Leaf certificate or even Intermediate necessary when talking to the Graph API?
Leaf certificates are only valid for 1 year, and we would have to monitor that. Is it also possible to add just the trusted root?
Kind regards, Jef
Hi Jef,
It's been many months I logged in to SCN and hence could not respond.
As I was getting certificate rejected error, I had to install all the certificates. We've enabled alert notification for certificate expiry so it did not become a problem for us.
--Priyanka
Hi Priyanka,
We have one such requirement, I have a doubt if REST adapter can handle files of size more than 20MB and also keen to know if this can be achieved through SOAP adapter which can handle files bigger in size
Hi Philomena,
Handling of file size is always depends on your system infrastructure. However, as I know, there is no such limitation for REST. But, for uploading files to OneDrive, there is a limitation at Microsoft graph API end. The API that I described above was to handle small files up to 4mb in size.
For transmitting the large files, MS Graph provides a different API and I explained how large files can be transmitted in my new article. Please check
https://blogs.sap.com/2021/08/31/resumable-upload-of-large-files-to-microsoft-onedrive-via-sap-po/
--Priyanka