Skip to Content
Technical Articles
Author's profile photo Sai Harish Balantrapu

How to test OData Services registered in SAP Cloud Platform, serverless runtime

In the blog post SAP Cloud Platform Extension Factory now includes OData Provisioning service (Cloud Foundry) we have seen how you could register an OData service from a Business Suite system. Now let us continue from there and see how to test the registered service via Postman.

Assumption

Option 1: Using Password Grant based Authentication

Note: Password Grant based Authentication works only with SAP Identity Service Provider

 

Step 1: Create an instance of “Authorization and Trust Management (XSUAA)” application plan

  • Go to Sub-account where Extension Center is subscribed → Subscriptions → Extension Center → Role Templates → Note the Scope references for the role ODPAPIAccess.
    This will be used in the field “XSAPP Name” while creating the xs-security.json in the next steps. You may refer the help documentation for more information on Application Security Descriptor Configuration.
  • Create xs-security.json as below
{
	"xsappname": "<Instance Name>",
	"tenant-mode": "dedicated",
	"foreign-scope-references": ["<XSAPP Name>.ODPAPIAccess"],	
	"oauth2-configuration": {
		"token-validity": 900,
		"refresh-token-validity": 604800
	}
}
  • Create an instance of “XSUAA” application plan in the space which is under the org where Extension Center is subscribed, using the below command
cf cs xsuaa application <Instance Name> -c xs-security.json

 

Step 2: Create a service-key for “XSUAA” instance created in Step 1

  • Create a service-key for the “XSUAA” instance created in Step 1
cf create-service-key <Instance Name> <Service Key Name>
  • Get the details of the service-key
cf service-key <Instance Name> <Service Key Name>
  • Note the fields “url”, “clientid” and “clientsecret” secret in the above Service Key

Step 3: Get the OAuth2 Bearer token via password grant flow

In Postman execute a POST request on the below URL with Basic Authentication

https://<Authentication End point>/oauth/token?grant_type=password&response_type=token&username=<Business User>&password=<Password>

  • Pass the authentication as Basic Authentication with Username = “clientid” and Password = “clientsecret”
  • Authentication End point = “url” from the service key
  • Business User = Email ID of the user which has been assigned the role ODPAPIAccess
  • Password = Password of the Business User

Note the field “access_token” from the response.

 

Step 4: Execute OData Service Runtime

Note the Service URL of the OData Service from the Extension Center

Enter GET on the “Service URL” in Postman with authentication as Bearer Token.

Bearer Token = “access_token” noted from Step 3.

The response will contain the Service Document of the registered service.

Now that the authentication is successful and you are able to successfully get the response for the Service Document of the registered service, you may proceed with testing of other OData operations (for e.g. GET, POST, PUT, DELETE etc.) on the service.

 

Option 2: Using Client Credential based Authentication

 

Step 1: Create a Service-key for the Serverless Runtime instance

  • Go to the space where the “Serverless Runtime” instance has been created. Create a service-key for this service instance.
    Create%20Service%20Key
  • Note the fields “token_url”, “client_id” and “client_secret” secret in the above Service Key

Step 2: Get the OAuth2 Bearer token via client credential flow

In Postman execute a POST request on the below URL with Basic Authentication

https://<token_url>/oauth/token?grant_type=client_credentials&response_type=token

  • Pass the authentication as Basic Authentication with Username = “client_id” and Password = “client_secret”
  • Note the field “access_token” from the response.

Step 3: Execute OData Service Runtime

Note the Service URL of the OData Service from the Extension Center

Enter GET on the “Service URL” in Postman with authentication as Bearer Token.

Bearer Token = “access_token” noted from Step 2.

The response will contain the Service Document of the registered service.

Now that the authentication is successful and you are able to successfully get the response for the Service Document of the registered service, you may proceed with testing of other OData operations (for e.g. GET, POST, PUT, DELETE etc.) on the service.

 

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Yevgen Trukhin
      Yevgen Trukhin

      Hi Sai, thanks it worked for me! Excellent blog.

      Best Regards, Yevgen

      Author's profile photo Simon Jarke
      Simon Jarke

      Hey,

      thank you for the exzellent blog post. I just wondered, is it possible to access an Odata Service with client_credential flow instead of password flow?

      Regards,

      Simon

      Author's profile photo Sai Harish Balantrapu
      Sai Harish Balantrapu
      Blog Post Author

      Hi Simon,

      Yes. Now the Client Credential flow is also supported. Could you try it out.

      Best Regards
      Harish

      Author's profile photo Simon Jarke
      Simon Jarke

      Hi Harish,

      I just tried it, but I get an error: Failed to retrieve user information

      As a first step I get the access token using the client credentials flow:

      POST /oauth/token HTTP/1.1
      Host: xxx.authentication.eu10.hana.ondemand.com
      Authorization: Basic [xxx]
      Content-Type: application/x-www-form-urlencoded

      grant_type=client_credentials

      And then I call an API using the aquired bearer token:

      GET /odata/SAP/Z_SOMESERVICE HTTP/1.1
      Host: xxx.eu10.services.xfs.cloud.sap
      Authorization: Bearer [access token]

      which returns 403: Failed to retrieve user information.

      Any ideas?

      Best regards,

      Simon

       

      Author's profile photo Sai Harish Balantrapu
      Sai Harish Balantrapu
      Blog Post Author

      Hi Simon,

      Client Credentials does not have any user context. I am wondering why the error is "Failed to retrieve user information."

      Could you check if you are using the right client ID and client secret.

      Best Regards,
      Harish

      Author's profile photo Simon Jarke
      Simon Jarke

      Hi Harish,

      actually it was my mistake, I mixed option 1 and option 2 unreasonably. Now it works! Thanks a lot for the help!

      Best regards,

      Simon

      Author's profile photo Pablo Costantini
      Pablo Costantini

      Sai Harish Balantrapu , How do you do to call this service with an app, which was developed by using SAP Business application Studio?