Skip to Content
Technical Articles
Author's profile photo Marco Dorn

Trigger OAuth2-secured Kyma APIs from SAP Open Connectors

Want to make use of webhook- or polling-based events coming from SAP Open Connectors by triggering the functionality that you deployed in SAP BTP, Kyma runtime? “SAP Open Connectors simplifies and allows you to build seamless integrations with over 150 non-SAP applications using pre-built connectors.”

Let me elaborate on how you would set up a Formula which forwards the event payload to an OAuth-secured API within Kyma. There are many use cases with a vast number of connectors and I used one of them to react to a new envelope being created in DocuSign. The flow looks like this:


Flow: From Open Connectors to Kyma


  1. You must have an instantiated Open Connector and activated events.
  2. You must have an API set up in Kyma and secured with OAuth. Have a look at Gaurav‘s blog post, section “Set up an extension in SAP BTP, Kyma runtime.”

Set up the Formula

Eventing trigger

Open the Formulas section in SAP Open Connectors and select Build New Formula. Click on the trigger and then Edit it. Add Trigger and select an event. Select New Instance Variable and provide a name. I used docusign. After saving it, you need to select that instance variable from the Connector Instance Variable drop-down list. Afterward, you can Save this setup and delete the manual trigger on the parent screen. Clicking on Cancel closes this screen.

Prepare the OAuth token request

Afterwards, add a JS Script step. This will set the parameters for an HTTPS request to receive the OAuth token. I called it setTokenRequestParameters and here is what it looks like:

// "CE" is a custom library that provides some common functionality that is available ootb in Open Connectors.
// The function encodes a string in base64.
var credentials = CE.b64('CLIENTid:CLIENTsecret');

  headers: {
    'Authorization': 'Basic ' + credentials
  formData: {
    'grant_type': 'client_credentials',
    'scope': 'read'

Request the OAuth token

Add another, HTTP Request step to the flow. I called it getToken. You will need to use the following fields to receive the OAuth-token:

Method: POST
HTTP/S URL: https://oauth2.{CLUSTER_URL}/oauth2/token
Headers: ${steps.setTokenRequestParameters.headers}
Form: ${steps.setTokenRequestParams.formData}

Set the parameters to call the API

Now it’s time for another, JS Script step to prepare the actual API call. It sets the header information for the HTTP call. I used the name setAPIParameters and the script looks like this:

  headers: {
    'Authorization': `Bearer ${steps.getToken.response.body.access_token}`,
    'Content-Type': 'application/json'

done() is the callback function that you will need to call at the very end of your script. It takes one part of the response from the previous HTTP request as it includes the OAuth token.

Finally, call the Kyma API

The last step is yet another HTTP Request which takes the headers composed in the previous step and sends the event payload of the original trigger as the body to call the API created in the Kyma runtime. I called it triggerKyma and it has the following attributes:

Method: POST
HTTP/S URL: your OAuth2-secured API
Headers: ${steps.setAPIParameters.headers}
Body: ${trigger.event}


At the end, this is how my Formula looks like:


Final setup of my Formula

Summing up, this is only the beginning. You can take it from here and compile a better suited body sent to the Kyma API.
You might want to expand the Formula and call back the API of the Open Connector to get context details of the event.
Furthermore, you will want to have additional steps for OnFailure, particularly for the HTTP requests.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.