Skip to Content
Technical Articles

Part 2: Connect to on-premise APIs from SAP Cloud Platform API Management Cloud Foundry Environment

SAP Cloud Connector enables you to securely connect applications on SAP Cloud Platform with your on-premise systems. Using SAP Cloud Connector, you can manage your on-premise APIs via SAP Cloud Platform API Management. In this blog, steps to connect SAP Cloud Connector to your SAP Cloud Platform Cloud Foundry environment and its usage from SAP Cloud Platform API Management is covered.

SAP Cloud Platform API Management is not yet available in Cloud Foundry trial environment and therefore this steps can be tried out from a production account.  For SAP Cloud Platform Integration Suite, you can also follow this blog to enable the API Management capabilities.

Prerequisites

  • Subscribed to API Management, API portal tile in Cloud Foundry ( details in this blog).
  • Alternatively you have enabled API Management capabilities from Integration Suite ( details in this blog)
  • Installed and configured SAP Cloud Connector ( details in this tutorials)

Connect your SAP Cloud Connector to SAP Cloud Platform sub account

To connect SAP Cloud Platform API Management to an on-premise system via the Cloud Connector, you will need to configure the SAP Cloud Platform sub-account where API Management, API portal service is enabled/subscribed in SAP Cloud Connector.

  • Logon to SAP Cloud Platform and navigate to your SAP Cloud Platform sub-account.
  • Navigate to Overview tab and copy the sub-account ID available in the Subaccount Details section.

SAP%20Cloud%20Platform%20Overview%20page

SAP Cloud Platform Overview page

  • Log on to the Cloud Connector administration console.
  • Select Connector tab and then select Add Subaccount

Add%20a%20new%20subaccount%20in%20SAP%20Cloud%20Connector

Add a new subaccount in SAP Cloud Connector

  • In the Add Subaccount dialog, select your SAP Cloud Platform Region from the drop down, paste your previously copied Subaccount ID, optionally provide a Display Name, enter your SAP Cloud Platform cockpit administrator’s email address and password, optionally provide a Location ID. Finally click Save.

Connect Cloud Connector with your on-premise system

 

To access your on-premise system from SAP Cloud Platform via SAP Cloud Connector, you will need to provide a mapping between your internal on-premise system host/port to a virtual host in the Access Control section. After the access control is set up you can use the virtual host on SAP Cloud platform to allow applications to connect to services on your on-premise system. In this blog, access to SAP Gateway system was enabled.

  • In the Cloud Connector Administration console, expand the name of your sub account and select Cloud To On-Premise tab. Select the plus ( + icon) in the section Mapping Virtual to Internal System.

  • In the Add System Mapping select your Back-end system type and select Next.

  • Select your protocol HTTPS, select Next.

  • Enter your Internal Host and Port, select Next.

  • Enter your Virtual Host and Port, select Next.

  • Select your Authentication type or Principal type between SAP Cloud Connector and your target system. In this blog, None was selected so that the authentication value passed by the client is passed as if to the target SAP Gateway. Select Next.

  • Select which field should be used in the Request Header. You can chose between Use Virtual Host or Internal Host. Select Next.

  • Finally click Finish to create the necessary mapping between Virtual host & Internal host

  • Next you will need to allow access to the service paths in each of your SAP Gateway services.  Select + button next to the Resources section.

  • Add in the URL paths and also select the option to access path & all sub-paths and select Save.  In the blog, since the connection is for SAP Gateway OData APIs the URL path value was set to /sap/opu/odata.

  • You can select on the highlighted icons to check on the status of the newly added virtual host & internal host mapping.

  • You can also check the status of your SAP Cloud Connector connection by navigating your SAP Cloud Platform cockpit , selecting the sub-account which was used in the connection from SAP Cloud Connector. Select Cloud Connectors under Connectivity.

 

Create API Provider in SAP Cloud Platform API Management for connecting to on-premise APIs

API Providers features of SAP Cloud Platform API Management enables you to provide your technical configuration details like host, port, authentication type and discovery API URL.

  • Navigate to your API Management, API portal service available within your SAP Cloud Platform Cloud Foundry environment ( available under Subscription tab).
  • Navigate to Configure tab and then select Create.

 

  • Enter name for your API Provider say SAPGatewayTest

  • In the Connection tab, select On-Premise as the Type, enter your virtual host and port from SAP Cloud Connector, enter the Location ID ( if specified on SAP Cloud Connector during connectivity to SAP Cloud Platform sub-account). For the authentication type you can select None or Principal Propagation. In this blog , None was selected therefore the client connecting to API Proxy should provide the target endpoint credentials. In the upcoming blogs, Principal propagation configuration will be covered.

  • For discovering of OData APIs from SAP S/4HANA or SAP Gateway system, you can additionally maintain the catalog service information. In Catalog Service Settings, enter your Service Collection URL.  Based on the SAP Gateway & SAP S/4HANA system the endpoint could be either /sap/opu/odata/IWFND/CATALOGSERVICE;v=2/ServiceCollection or /sap/opu/odata/IWFND/CATALOGSERVICE/ServiceCollection
  • Select Basic from the Authentication type and enter your SAP Backend user name and password and select Save. This credentials will be used only for discovery of OData APIs and will not be used during the actual API Proxy execution.

  • To check on your configured value, you can select Test Connection.

 

Create API Proxy in SAP Cloud Platform API Management for connecting to on-premise APIs

API Proxy enables you to create a facade layer over your actual target endpoint and add policies like Quota, Spike Arrest, message validation and more.

  • Navigate to Develop tab, then select API and click Create.

  • Select the newly created API Provider and select Discover

  • Search & select the on-premise OData service that you would like to manage with SAP API Management

  • Enter a title, description, base path your API Proxy and select Create.

  • This will generate the OpenAPI documentation for your selected on-premise OData API service. Select Deploy to activate the API Proxy. This will generate your API Proxy endpoint URL

 

  • Select your API Proxy URL and then open it in new browser tab to quick connectivity to your On-Premise API

  • You will be promoted to enter your target or back-end credentials and after a successful login you will see the data from your on-premise back-end via SAP Cloud Platform API Management.

 

 

Stay tuned, more blogs on API Management in Cloud Foundry environment to come:

To learn more about SAP Cloud Platform API Management, visit us at SAP Community.

 

6 Comments
You must be Logged on to comment or reply to a post.
    • Hi Rahul,

      Thanks for your suggestion on the principal propagation blog. The part 3 of the blog would be on the principal propagation and hopefully soon it would be available as well. In terms of the steps to enable principal propagation at a high level it would be as follows :-

      • Enable the entitlement to use the API Management, api portal service in your cloud foundry space, select the on-premise connectivity plan.
      • Create a service instance of this API Management service from the service market place and then select plan of on-premise connectivity.
      • Create or Edit the API Provider and select Principal Propagation for the authentication type from the drop down.

      Thanks and Best Regards,

      Divya

  • Divya

    Thanks for this blog

    When I try this in Cloud Foundry Trial Account under the Connectivity tab there is only Destination Option but not the option you have mentioned to check connector connection. Does this mean we can’t try out the cloud connector in the Trail environment?

    I created the Destination for on Prem SAP but it fails while a similar destination in NEO works along with all APIs.

    Best regards

    Ramesh