Skip to Content
Technical Articles
Author's profile photo Divya Mary

Part 2: Connect to on-premise APIs from SAP Cloud Platform API Management Cloud Foundry Environment

SAP Cloud Connector enables you to securely connect applications on SAP Cloud Platform with your on-premise systems. Using SAP Cloud Connector, you can manage your on-premise APIs via SAP Cloud Platform API Management. In this blog, steps to connect SAP Cloud Connector to your SAP Cloud Platform Cloud Foundry environment and its usage from SAP Cloud Platform API Management is covered.

SAP Cloud Platform API Management is not yet available in Cloud Foundry trial environment and therefore this steps can be tried out from a production account.  For SAP Cloud Platform Integration Suite, you can also follow this blog to enable the API Management capabilities.


  • Subscribed to API Management, API portal tile in Cloud Foundry ( details in this blog).
  • Alternatively you have enabled API Management capabilities from Integration Suite ( details in this blog)
  • Installed and configured SAP Cloud Connector ( details in this tutorials)

Connect your SAP Cloud Connector to SAP Cloud Platform sub account

To connect SAP Cloud Platform API Management to an on-premise system via the Cloud Connector, you will need to configure the SAP Cloud Platform sub-account where API Management, API portal service is enabled/subscribed in SAP Cloud Connector.

  • Logon to SAP Cloud Platform and navigate to your SAP Cloud Platform sub-account.
  • Navigate to Overview tab and copy the sub-account ID available in the Subaccount Details section.


SAP Cloud Platform Overview page

  • Log on to the Cloud Connector administration console.
  • Select Connector tab and then select Add Subaccount


Add a new subaccount in SAP Cloud Connector

  • In the Add Subaccount dialog, select your SAP Cloud Platform Region from the drop down, paste your previously copied Subaccount ID, optionally provide a Display Name, enter your SAP Cloud Platform cockpit administrator’s email address and password, optionally provide a Location ID. Finally click Save.

Connect Cloud Connector with your on-premise system


To access your on-premise system from SAP Cloud Platform via SAP Cloud Connector, you will need to provide a mapping between your internal on-premise system host/port to a virtual host in the Access Control section. After the access control is set up you can use the virtual host on SAP Cloud platform to allow applications to connect to services on your on-premise system. In this blog, access to SAP Gateway system was enabled.

  • In the Cloud Connector Administration console, expand the name of your sub account and select Cloud To On-Premise tab. Select the plus ( + icon) in the section Mapping Virtual to Internal System.

  • In the Add System Mapping select your Back-end system type and select Next.

  • Select your protocol HTTPS, select Next.

  • Enter your Internal Host and Port, select Next.

  • Enter your Virtual Host and Port, select Next.

  • Select your Authentication type or Principal type between SAP Cloud Connector and your target system. In this blog, None was selected so that the authentication value passed by the client is passed as if to the target SAP Gateway. Select Next.

  • Select which field should be used in the Request Header. You can chose between Use Virtual Host or Internal Host. Select Next.

  • Finally click Finish to create the necessary mapping between Virtual host & Internal host

  • Next you will need to allow access to the service paths in each of your SAP Gateway services.  Select + button next to the Resources section.

  • Add in the URL paths and also select the option to access path & all sub-paths and select Save.  In the blog, since the connection is for SAP Gateway OData APIs the URL path value was set to /sap/opu/odata.

  • You can select on the highlighted icons to check on the status of the newly added virtual host & internal host mapping.

  • You can also check the status of your SAP Cloud Connector connection by navigating your SAP Cloud Platform cockpit , selecting the sub-account which was used in the connection from SAP Cloud Connector. Select Cloud Connectors under Connectivity.


Create API Provider in SAP Cloud Platform API Management for connecting to on-premise APIs

API Providers features of SAP Cloud Platform API Management enables you to provide your technical configuration details like host, port, authentication type and discovery API URL.

  • Navigate to your API Management, API portal service available within your SAP Cloud Platform Cloud Foundry environment ( available under Subscription tab).
  • Navigate to Configure tab and then select Create.


  • Enter name for your API Provider say SAPGatewayTest

  • In the Connection tab, select On-Premise as the Type, enter your virtual host and port from SAP Cloud Connector, enter the Location ID ( if specified on SAP Cloud Connector during connectivity to SAP Cloud Platform sub-account). For the authentication type you can select None or Principal Propagation. In this blog , None was selected therefore the client connecting to API Proxy should provide the target endpoint credentials. In the upcoming blogs, Principal propagation configuration will be covered.

  • For discovering of OData APIs from SAP S/4HANA or SAP Gateway system, you can additionally maintain the catalog service information. In Catalog Service Settings, enter your Service Collection URL.  Based on the SAP Gateway & SAP S/4HANA system the endpoint could be either /sap/opu/odata/IWFND/CATALOGSERVICE;v=2/ServiceCollection or /sap/opu/odata/IWFND/CATALOGSERVICE/ServiceCollection
  • Select Basic from the Authentication type and enter your SAP Backend user name and password and select Save. This credentials will be used only for discovery of OData APIs and will not be used during the actual API Proxy execution.

  • To check on your configured value, you can select Test Connection.


Create API Proxy in SAP Cloud Platform API Management for connecting to on-premise APIs

API Proxy enables you to create a facade layer over your actual target endpoint and add policies like Quota, Spike Arrest, message validation and more.

  • Navigate to Develop tab, then select API and click Create.

  • Select the newly created API Provider and select Discover

  • Search & select the on-premise OData service that you would like to manage with SAP API Management

  • Enter a title, description, base path your API Proxy and select Create.

  • This will generate the OpenAPI documentation for your selected on-premise OData API service. Select Deploy to activate the API Proxy. This will generate your API Proxy endpoint URL


  • Select your API Proxy URL and then open it in new browser tab to quick connectivity to your On-Premise API

  • You will be promoted to enter your target or back-end credentials and after a successful login you will see the data from your on-premise back-end via SAP Cloud Platform API Management.



Stay tuned, more blogs on API Management in Cloud Foundry environment to come:

To learn more about SAP Cloud Platform API Management, visit us at SAP Community.


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Swathi Vuddala
      Swathi Vuddala

      Hi Divya

      Very detailed and useful blog.  Will try out this !

      Thank you very much.


      Swathi Vuddala

      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Swathi,

      Thanks for your kind words on the blog.

      Best Regards,


      Author's profile photo David Nguyen
      David Nguyen

      Hi Divya,


      Isn't true that SAP API Management will not be available after Jan 1, 2021?




      Author's profile photo Rahul Singhavi
      Rahul Singhavi

      Hi Divya,


      Thanks for detailed explanation.

      When principal propagation blog will be available?




      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Rahul,

      Thanks for your suggestion on the principal propagation blog. The part 3 of the blog would be on the principal propagation and hopefully soon it would be available as well. In terms of the steps to enable principal propagation at a high level it would be as follows :-

      • Enable the entitlement to use the API Management, api portal service in your cloud foundry space, select the on-premise connectivity plan.
      • Create a service instance of this API Management service from the service market place and then select plan of on-premise connectivity.
      • Create or Edit the API Provider and select Principal Propagation for the authentication type from the drop down.

      Thanks and Best Regards,


      Author's profile photo Ramesh Vodela
      Ramesh Vodela


      Thanks for this blog

      When I try this in Cloud Foundry Trial Account under the Connectivity tab there is only Destination Option but not the option you have mentioned to check connector connection. Does this mean we can't try out the cloud connector in the Trail environment?

      I created the Destination for on Prem SAP but it fails while a similar destination in NEO works along with all APIs.

      Best regards


      Author's profile photo Boonsom La-orrattanasak
      Boonsom La-orrattanasak

      Hi Divya,

      same as mine, I could not find "Cloud Connector" under Connectivity, but it used to work with my id which is Neo environment.

      have you solve this problem?




      Author's profile photo Ramesh Vodela
      Ramesh Vodela


      It appears to me that SAP has resolved some issues in the trial version.  you can look at this



      Author's profile photo Markus Feifel
      Markus Feifel

      Hi Divya,


      if I try to create an API Provider with type "on-premise" I´m always getting this error;

      Unable to Configure API Provider 
      [Request ID: a914cb19-f69e-4575-a364-1da911ecae76]
      dest: Name or service not known_ON_PREM

      Do you have any idea or suggestion to solve this problem?

      In Cloud Cockpit trial account in a Cloud Foundry subaccount I subscribted to "Integration Suite" and activated API Management.

      When setting a "on-premise" connection in a iFlow in Integration Suite everything goes fine.

      Best regardes,


      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Markus,

      Thanks for bringing this issue on trial to our notice. This issue has been reported to our DevOps team, so will keep you posted on the progress soon.

      Thanks and Best Regards,


      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Markus,

      The issue for trial is fixed now.  Kindly retest and let us know if this issue continues to persist for your account.

      Thanks and Best Regards,


      Author's profile photo Lokesh Bangalore
      Lokesh Bangalore

      Hello Divya,

      I am getting same error when I try to create API Provider with on-premise Cloud Connector.

      [Request ID: 42afcf77-4319-4def-9010-2705b140cc28]
      dest: Name or service not known_ON_PREM

      What was the root-cause and resolution for this error?  Please share details for the benefit of others who  may encounter the same issue.


      Thank you and Best Regards


      Author's profile photo Peter Alexander
      Peter Alexander

      Dear Divya,


      I have the same problem when I am try to configure an API Provider based on the cloud connector. I tried  with an factoryaccount and the integration suite plan trial (Frankfurt) and standard ( Netherland).

      Unable to Configure API Provider

      [Request ID: 3c65d43b-bcae-4e04-af5a-def03c5e8a15]
      An internal error occurred, contact SAP administrator for details


      Beside that the Test Connection Button is not activ.

      Best regards





      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Peter,

      Kindly create an incident on the component OPU-API-OD-OPS so that our DevOps team can assist you in resolving this issue.

      Thanks and Best Regards,


      Author's profile photo Rohit Mahajan
      Rohit Mahajan

      Hi Divya,


      Need your Help

      When trying to test the API, using CDS view. I am getting error.



      {"fault":{"faultstring":"Unsupported Encoding \"br\"","detail":{"errorcode":"protocol.http.UnsupportedEncoding"}}}
      Best Regards,
      Author's profile photo Divya Mary
      Divya Mary
      Blog Post Author

      Hi Rohit,

      Kindly check if you are able to call your API from the test console of SAP API Management or from any external API test tooling like Postman by passing in the additional header named Accept-Encoding with value gzip,deflate . If this helps, then you can assign this header value using the AssignMessage policy.

      In case the issue continue to happen kindly raise a customer incident on the component OPU-API-OD-OPS.

      Thanks and Best Regards,



      Author's profile photo Radar Lei
      Radar Lei

      Hi Divya,

      If there’s a big tenant solution which means one CPI tenant connects to several customers' backend systems, is ‘Connect to On-Premise APIs via SCP API management’ still a recommended way or it is better not use the SCP API management to expose the API from on-premise system?

      Thanks and Best regards,

      Author's profile photo Elijah Martinez
      Elijah Martinez

      Hi Radar,

      This question is more of an EA question, and based on the expectation, quantity and usage the decision could be made.

      Many customers put in place SAP API Management as the default for all API exposures within their organization, cloud or onprem, to serve as a centralized security and discovery point for APIs.

      API Management doesn't necessary need to be exclusive to CPI - CPI can be a connectivity point for multiple backend systems, and then expose the connections/aggregations as APIs in to SAP API Management. This is part of the coming roadmap for "Low Code API development" between CPI and APIM.

      Or if no aggregation, encryption, transformation, etc. is required APIs can be brought directly into API Management. Again however, these are all possibilities that would need to be evaluated on a case by case basis.


      Author's profile photo Ramesh Vodela
      Ramesh Vodela


      I was trying this on the Cloud Foundry Trial account - When I click on Test connection Step I got the message

      System is up and reachable. However, the ping check responded with code : 405; Message : Method Not Allowed

      When I checked the log in the cloud connector I found exception occurred with this message.

      sap.core.connectivity.tunnel.client.notification.NotificationClientEventHandler#Thread-29# #Unexpected exception while establishing tunnel connection for tunnel: account:///4d66160b-e6ad-4a7c-9208-9857f24a8b9c/RCloudConn
      io.netty.resolver.dns.DnsResolveContext$SearchDomainUnknownHostException: Search domain query failed. Original hostname: '' failed to resolve

      Best regards



      Author's profile photo ENRICO BARSALI

      I have the same issue, did you solve it?

      Author's profile photo Deepika B
      Deepika B

      Hi Divya,

      In order to connect to my On premise systems I have used cloud connector and SAP BTP , in BTP when I defined the destination a technical user ( Communications user in the backend) has been given and the related resources include IDENTITY_MODIFY FM as well.

      All of a sudden all the users in the backend got modified by this user, and roles were removed. The FM has caused this ..> Please let me know your thoughts on this.



      Author's profile photo Keerthana Jayathran
      Keerthana Jayathran

      Hi Divya Mary ,

      I have set up the cloud connector and created an api provider but when trying to create api using API Provider created and clicking on discover button ,I am getting the error,Unable to discover the system.Could you please help me with this.

      Note: This is in trial account.After creating API Provider and doing Test Connection i didn't get any response message  but when i do the inspect i could see 200 Ok .

      Thanks & Regards,

      Author's profile photo Parvezalam Khan
      Parvezalam Khan


      while trying to test API I'm getting 502

      Any help would be great assist

      Thanks, Parvez