Technical Articles
Trigger OAuth2-secured Kyma APIs from SAP Open Connectors
Want to make use of webhook- or polling-based events coming from SAP Open Connectors by triggering the functionality that you deployed in SAP BTP, Kyma runtime? “SAP Open Connectors simplifies and allows you to build seamless integrations with over 150 non-SAP applications using pre-built connectors.”
Let me elaborate on how you would set up a Formula which forwards the event payload to an OAuth-secured API within Kyma. There are many use cases with a vast number of connectors and I used one of them to react to a new envelope being created in DocuSign. The flow looks like this:
Flow: From Open Connectors to Kyma
Prerequisites
- You must have an instantiated Open Connector and activated events.
- You must have an API set up in Kyma and secured with OAuth. Have a look at Gaurav‘s blog post, section “Set up an extension in SAP BTP, Kyma runtime.”
Set up the Formula
Eventing trigger
Open the Formulas section in SAP Open Connectors and select Build New Formula. Click on the trigger and then Edit it. Add Trigger and select an event. Select New Instance Variable and provide a name. I used docusign
. After saving it, you need to select that instance variable from the Connector Instance Variable drop-down list. Afterward, you can Save this setup and delete the manual trigger on the parent screen. Clicking on Cancel closes this screen.
Prepare the OAuth token request
// "CE" is a custom library that provides some common functionality that is available ootb in Open Connectors.
// The function encodes a string in base64.
var credentials = CE.b64('CLIENTid:CLIENTsecret');
done({
headers: {
'Authorization': 'Basic ' + credentials
},
formData: {
'grant_type': 'client_credentials',
'scope': 'read'
}
});
Request the OAuth token
Add another, HTTP Request step to the flow. I called it getToken
. You will need to use the following fields to receive the OAuth-token:
Method: POST
HTTP/S URL: https://oauth2.{CLUSTER_URL}/oauth2/token
Headers: ${steps.setTokenRequestParameters.headers}
Form: ${steps.setTokenRequestParams.formData}
Set the parameters to call the API
Now it’s time for another, JS Script step to prepare the actual API call. It sets the header information for the HTTP call. I used the name setAPIParameters
and the script looks like this:
done({
headers: {
'Authorization': `Bearer ${steps.getToken.response.body.access_token}`,
'Content-Type': 'application/json'
}
});
done()
is the callback function that you will need to call at the very end of your script. It takes one part of the response from the previous HTTP request as it includes the OAuth token.
Finally, call the Kyma API
The last step is yet another HTTP Request which takes the headers composed in the previous step and sends the event payload of the original trigger as the body to call the API created in the Kyma runtime. I called it triggerKyma
and it has the following attributes:
Method: POST
HTTP/S URL: your OAuth2-secured API
Headers: ${steps.setAPIParameters.headers}
Body: ${trigger.event}
Closing
At the end, this is how my Formula looks like:
Final setup of my Formula
Summing up, this is only the beginning. You can take it from here and compile a better suited body sent to the Kyma API.
You might want to expand the Formula and call back the API of the Open Connector to get context details of the event.
Furthermore, you will want to have additional steps for OnFailure, particularly for the HTTP requests.