Technical Articles
How to test OData Services registered in SAP Cloud Platform, serverless runtime
In the blog post SAP Cloud Platform Extension Factory now includes OData Provisioning service (Cloud Foundry) we have seen how you could register an OData service from a Business Suite system. Now let us continue from there and see how to test the registered service via Postman.
Assumption
- You have followed the blog post SAP Cloud Platform Extension Factory now includes OData Provisioning service (Cloud Foundry) to register an OData Service.
- You have installed Cloud Foundry CLI tool.
- You have created a space in the Cloud Foundry Org. where Extension Center is subscribed
- Postman has been used as a REST Client
Option 1: Using Password Grant based Authentication
Note: Password Grant based Authentication works only with SAP Identity Service Provider
Step 1: Create an instance of “Authorization and Trust Management (XSUAA)” application plan
- Go to Sub-account where Extension Center is subscribed → Subscriptions → Extension Center → Role Templates → Note the Scope references for the role ODPAPIAccess.
This will be used in the field “XSAPP Name” while creating the xs-security.json in the next steps. You may refer the help documentation for more information on Application Security Descriptor Configuration.
- Create xs-security.json as below
{
"xsappname": "<Instance Name>",
"tenant-mode": "dedicated",
"foreign-scope-references": ["<XSAPP Name>.ODPAPIAccess"],
"oauth2-configuration": {
"token-validity": 900,
"refresh-token-validity": 604800
}
}- Create an instance of “XSUAA” application plan in the space which is under the org where Extension Center is subscribed, using the below command
cf cs xsuaa application <Instance Name> -c xs-security.json
Step 2: Create a service-key for “XSUAA” instance created in Step 1
- Create a service-key for the “XSUAA” instance created in Step 1
cf create-service-key <Instance Name> <Service Key Name>- Get the details of the service-key
cf service-key <Instance Name> <Service Key Name>- Note the fields “url”, “clientid” and “clientsecret” secret in the above Service Key
Step 3: Get the OAuth2 Bearer token via password grant flow
In Postman execute a POST request on the below URL with Basic Authentication
https://<Authentication End point>/oauth/token?grant_type=password&response_type=token&username=<Business User>&password=<Password>
- Pass the authentication as Basic Authentication with Username = “clientid” and Password = “clientsecret”
- Authentication End point = “url” from the service key
- Business User = Email ID of the user which has been assigned the role ODPAPIAccess
- Password = Password of the Business User
Note the field “access_token” from the response.
Step 4: Execute OData Service Runtime
Note the Service URL of the OData Service from the Extension Center
Enter GET on the “Service URL” in Postman with authentication as Bearer Token.
Bearer Token = “access_token” noted from Step 3.
The response will contain the Service Document of the registered service.
Now that the authentication is successful and you are able to successfully get the response for the Service Document of the registered service, you may proceed with testing of other OData operations (for e.g. GET, POST, PUT, DELETE etc.) on the service.
Option 2: Using Client Credential based Authentication
Step 1: Create a Service-key for the Serverless Runtime instance
- Go to the space where the “Serverless Runtime” instance has been created. Create a service-key for this service instance.
- Note the fields “token_url”, “client_id” and “client_secret” secret in the above Service Key
Step 2: Get the OAuth2 Bearer token via client credential flow
In Postman execute a POST request on the below URL with Basic Authentication
https://<token_url>/oauth/token?grant_type=client_credentials&response_type=token
- Pass the authentication as Basic Authentication with Username = “client_id” and Password = “client_secret”
- Note the field “access_token” from the response.
Step 3: Execute OData Service Runtime
Note the Service URL of the OData Service from the Extension Center
Enter GET on the “Service URL” in Postman with authentication as Bearer Token.
Bearer Token = “access_token” noted from Step 2.
The response will contain the Service Document of the registered service.
Now that the authentication is successful and you are able to successfully get the response for the Service Document of the registered service, you may proceed with testing of other OData operations (for e.g. GET, POST, PUT, DELETE etc.) on the service.
Hi Sai, thanks it worked for me! Excellent blog.
Best Regards, Yevgen
Hey,
thank you for the exzellent blog post. I just wondered, is it possible to access an Odata Service with client_credential flow instead of password flow?
Regards,
Simon
Hi Simon,
Yes. Now the Client Credential flow is also supported. Could you try it out.
Best Regards
Harish
Hi Harish,
I just tried it, but I get an error: Failed to retrieve user information
As a first step I get the access token using the client credentials flow:
POST /oauth/token HTTP/1.1
Host: xxx.authentication.eu10.hana.ondemand.com
Authorization: Basic [xxx]
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
And then I call an API using the aquired bearer token:
GET /odata/SAP/Z_SOMESERVICE HTTP/1.1
Host: xxx.eu10.services.xfs.cloud.sap
Authorization: Bearer [access token]
which returns 403: Failed to retrieve user information.
Any ideas?
Best regards,
Simon
Hi Simon,
Client Credentials does not have any user context. I am wondering why the error is "Failed to retrieve user information."
Could you check if you are using the right client ID and client secret.
Best Regards,
Harish
Hi Harish,
actually it was my mistake, I mixed option 1 and option 2 unreasonably. Now it works! Thanks a lot for the help!
Best regards,
Simon
Sai Harish Balantrapu , How do you do to call this service with an app, which was developed by using SAP Business application Studio?