Skip to Content
Technical Articles

OAuth Setup for Cloud Integration in Cloud Foundry Environment

Cloud Integration capability of SAP Cloud Platform Integration Suite supports end-to-end process integration across cloud-based and on-premise applications (cloud-cloud and cloud-on-premise integration) making cloud integration simple and reliable.

Follow this tutorial to set up SAP Cloud Integration Suite in trial environment and create product details REST API as an integration flow.


In the tutorial Request Product Details with an Integration Scenario steps to create the service instance and keys for Process Integration Runtime service is captured.  The service keys will provide you with client id and secret. client id can be used as user name and secret can be used as password if you would like to connect to your integration flows of Cloud Integration via Basic Authentication.  Alternatively you can leverage the client id , secret and token URL from the service keys file to get the OAuth access token and then connect to your integration flow of Cloud Integration via OAuth access token approach.  In this blog, steps to invoke an integration flow from Cloud Integration via OAuth access token in Cloud Foundry environment has been showcased.

  • Logon to your SAP Cloud Platform trial
  • Service Instances and Keys are created at Cloud Foundry Spaces level. Navigate to your Cloud Foundry Space where Process Integration Runtime service instance keys has been created. In the SAP Cloud Platform trial a default space named dev is automatically created when you will enable the trial environment. Refer step 1 of this tutorial for creating service instance and key for Cloud Integration.

  • Navigate to Services -> Service Instances to view all your created Services instances. Select the service instance for the Process Integration Runtime

  • Select the service keys and then select View from the icons with three vertical dots.

  • From the keys file, copy the value for clientid, clientsecret and tokenurl. The value of clientid and clientsecret can be used as client identifier and secret while fetching the OAuth access token. The value of the tokenurl can be used as your OAuth token issuer URL.

For testing the flow, any test console / client like Postman can be used. In this blog, postman has been used.

  • In the postman, copy tokenurl from your service instance -> keys file and append ?grant_type=client_credentials . Select POST method. In Authorization tab, select Basic Auth from drop down. Enter clientid and clientsecret from service instance -> keys file as Username and Password in Postman.

  • Select Send to get an OAuth access token to invoke your Cloud Integration flow with OAuth access token. Copy value of the access_token attribute from the response.

  • Follow this tutorial to create an integration flow that exposes a product details information as a REST API. To get your integration flow endpoint, navigate to your Integration Suite account. Logon to your SAP Cloud Platform trial. Select Subscription and search and select Integration Suite. Click on Go to Application

  • It will launch the Integration Suite launch pad in a new browser tab. Select Design, Develop and Operate Integrate Scenarios. 

  • From the Cloud Integration workspace. Navigate to the Monitor view. In the Monitor view, under the Manage Integration Content section, choose Start to access all the started artifacts that you have deployed. You will also see the integration flow that you have deployed here.

  • Select your integration flow and in the Endpoints tab you can notice your REST API your for your integration flow. This URL can be used to invoke your integration flow as a REST API from any REST client like postman.

  • In the postman, enter the endpoint of your integration flow. Then, select the POST operation from the dropdown list. Select the Authorization tab and choose Bearer Token in the Type dropdown list. In the token field enter the value of the received access_token from the OAuth token issuer endpoint.

  • Select the Body tab and choose raw radio button. In the form below, enter
  "productIdentifier": "HT-2000"
  • Choose Send to invoke your integration flow using OAuth authentication


With this you have connected to your integration flow using OAuth client credentials grant type approach.

More blogs on SAP Cloud Platform Integration Suite available in SAP Community.

You must be Logged on to comment or reply to a post.
  • Divya,

    Thanks for the nice and informative blogs for the beginners.

    Can you please let me know how to use the OAuth token for different users?

    Since the endpoint will be the same to get the token but how to get a different client id and secret?

    Is there anyway to do that without creating multiple multiple instances?

    Would be nice to have such a blog where multiple users can use the OAUTH URL with different client secret and client id?



    • Hi Muhammad,

      Thanks for the kind words on the blog.

      To get different client id and secret, you will have to create separate service instances. The OAuth token URL will remain the same in this case and by creating separate service instances you can get your separate client id and secret.

      Thanks and Best Regards,


  • Many thanks for the confirmation Divya.

    Your blogs are very nice and informative.

    Would be nice to have a blog around HANA DB connectivity with SAP CPI to upsert and get the data.

    I have managed to create multiple instances and they are generating different client and secret but need to know if there is any limit in create multiple service instance?

    Is this a standard process to create multiple instance to give different client id and secret to different users/clients?

    Is there any other way to generate different client id / secret?

    I just need to know if there is any other way to give authorization to the users/clients without creating multiple S-User to send the message to SAP CPI with ESBMessaging.send?

    Hope you will help.

    Many thanks,