Skip to Content
Technical Articles
Author's profile photo Enric Castella Gonzalez
Enric Castella Gonzalez
November 26, 2020 4 minute read

How to access the SCP management APIs

Hi!

The power of the community has no limits, few dais ago I needed to create a question in Q&A. A few hours later Gregor Wolf helped me with my doubts!

Here you can see the question: https://answers.sap.com/questions/13162634/get-token-in-sap-foundry-for-api-apicfeu10hanaonde.html

Before we start, let’s review the current options for consulting information about our cloud accounts:

  • SAP CF CLI and SAPCP CLI: Two command console clients to manage and obtain information from the cloud environment.
    • SAP CF CLI: https://developers.sap.com/tutorials/cp-cf-download-cli.html
    • SAPCP CLI: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/7c6df2db6332419ea7a862191525377c.html
  • SAP Cockpit: Anyone who has entered the trial account will have spent hours in the cockpid. It is an online graphic tool that allows the management of cloud accounts.
  • API: We can use to automate our cloud processes.

Now let’s see the APIs.

Audit Logs Management

This API allows us to know the information related to the configuration modifications of the cloud environment.

To do this we need to create an “Audit Log Viewer” instance:

We will follow this configuration:

And we need to create a Key:

In the wizard we add the name we want in Service key name:

Once the Key is created, we can see the data that we will need to be able to call the API. In red the important data:

To carry out a quick test, we will remove the activity logs from our trial subaccount, for this we will call the following URL:

https://auditlog-management.cfapps.eu10.hana.ondemand.com/auditlog/v2/auditlogrecords

And using postman:

In authorization we will mark the “Oauth 2.0” protocol. Once selected we will click on the button “Get New Access Token”. In the token generation screen we will add the following data obtained in the previous step:

  • Access Token URL = URL + “/oauth/token”
  • Client ID = clientid
  • Client Secret = clientsecret

With the previous step we will have the Bearer available, with it we can now execute the query:

If you want more information here you have the official link:

https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/f92c86ab11f6474ea5579d839051c334.html

New SCP-specific administration APIs

These new APIs allow us to manage the platform just like using the cockpit. The activation procedure is very similar to the previous one but this time we will create the service “Cloud Management (Beta) (cis)”

As in the previous case, we will add a Key to be able to access the APIs:

In this case we will have more endpoints, each one dedicated to one of the areas to be managed:

With the list of endpoints we can access the official documentation concatenating at the end of the URL “/swagger-ui.html”. For example, you can see the definition of the account information:

As in the previous case, to obtain the API data in POSTMAN we will use the “Oauth 2.0” protocol and we will get the bearer token. In this case we will use the “Password Credentials” option and add our user in the cloud.

We already have the subaccount data:

Cloud foundry API standard

The information about the standard API is published in https://apidocs.cloudfoundry.org/

Getting the endpoint

To access the API, we need the endpoint that we can obtain in the same cockpit:

Getting authentification

To obtain the authentication, we will make a GET call to the entity “/ info” to obtain the login information. For the Frankfurt trial account https://api.cf.eu10.hana.ondemand.com/info.

From the result we will keep the “Authorization_endpoint” field.

The next point will be to obtain the bearer token. To do this, we will use the URL extracted in the previous step

  • Parameters: we will add the literal “password”.

  • Header: We will add the Basic authorization type with the literal Y2Y6

  • Body: With “x-www-form-urlencoded” format, your username and password

When executing the request, we already have our token to be able to interact with the API. We are interested in the “access_token”

 

Obtaining the information

To obtain the entities to use, we can check the official API and / or make a call to the input API that will return the version of the API and the available entities:

For example, we can see how the deploys are. We will use the Bearer token in the POSTMAN authorization option.

https://deploy-service.cfapps.eu10.hana.ondemand.com/api/v1/spaces/<<SpaceID>>/operations?state=RUNNING&state=ERROR&state=ACTION_REQUIRED

I hope you find it useful 🙂

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.