Skip to Content
Product Information
Author's profile photo Shruthi M Arjun

SAP API Management: Discover APIs from Cloud Integration & manage them


SAP API Management has been supporting discovery of Integration Flows with OData Sender adapter deployed in Cloud Platform Integration for some time now. I have written about this in one of my previous blogs. As a next step in this journey, API Management will start allowing you to discover API artifacts that are deployed in Cloud Integration which could either be OData, REST or SOAP. Creation of API artifacts is a new feature in Cloud Integration & a step by step guide for the same can be found here. The procedure to discover & auto-generate the API proxies remain the same but extended to include the additional protocols.

In this blog, we do a quick recap of the procedure to see how you could manage the APIs coming from Cloud Integration. For more detailed use case description & steps please refer to my previous blog.

Step 1: Create an API Provider

Create an abstraction to your Cloud Integration tenant by creating an API Provider of type ‘Cloud Platform Integration’. Enter the coordinates and credentials to connect to the Cloud Integration Web UI tenant. You need to do this once for every new Cloud Integration tenant.

Step 2: Discover the deployed API artifacts & auto-generate API Proxies

On clicking on Discover, you can now see API artifacts of all protocols – OData, REST & SOAP. Choose the API of interest to you, provide the credentials to securely connect to the API & optionally change the details of the API Proxy before clicking on ‘Create’.

Example of SOAP API

Example of REST API


Note: Auto-generation of the resources is possible for OData APIs only as of now.

Step 3: Add Policies

Navigate to the Policy designer and add the necessary policies. Deploy your changes.

Step 4: Test your API

A quick test on the managed API could be performed either using the test console or any other client.


In this blog, we saw how to discover the API artifacts deployed in Cloud Integration and auto-generate API proxies for them. This will enable the use cases of governing the API based integrations built using Cloud Integration with the strong policy configuration capabilities of API Management.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Raffael Herrmann
      Raffael Herrmann

      Hi Shruthi M Arjun ,

      thanks for the blog post. Currently I have a problem when setting up the API provider of type Cloud Platform Integration. The setup against our NEO CPI works fine, but if I setup our CPI @ CF as API provider, the connection tests ends with a 403 (Forbidden) error.

      Do we have to assign specific roles to the S-User when setting up an API provider for a CPI tenant at Cloud Foundry?


      Author's profile photo prachetas singh
      prachetas singh

      Hi Raffael

      ESBmessaging.send role is required for the user.

      We can create a process integration runtime instance from Services->service market place.

      Use below json


      "roles": ["ESBMessaging.send"]


      And then create a service key for the instance created.

      We can use the client Id and secret from this key in API management.

      Kind Regards










      Author's profile photo Raffael Herrmann
      Raffael Herrmann

      Hi Prachetas,

      I think we are talking about different things. I’m not talking about sending data from API management to CPI IFlows, but about configuring CPI as API provider and using the discover feature. When setting up the API provider of type “Cloud Platform Integration” we have to give the CPI management url. From my understanding the role “ESBMessaging.send” corresponds to the runtime nodes.

      The problem I’m stuck is setting up the API provider. A connection test in the API provider setup page, shows a 403. (As told for a CPI on NEO it works, but for CPI on CF it fails. I don’t see what I’m doing wrong/what I’m missing.)


      Nevertheless I also tried to use the Service Keys which I setup for the CPI service instance. But using those I get a 401 (Unauthorized)...

      Author's profile photo prachetas singh
      prachetas singh

      Hi Raffael

      Seems I misunderstood your issue. We configured Iflow specific URL as API provider of type Internet which works.


      I  tried to configure CPI(CF) as API provider of type Cloud Platform Integration  but 

      getting same error: forbidden/unauthorised  


      Authentication as Oauth2ClientCredentials yields the same result.





      Author's profile photo Claudio Palladino
      Claudio Palladino

      Hi Raffael Herrmann ,

      never mind about HTTP 403 forbidden error, also I received this error, but I tried to create a new API Proxy based on API Provider, and it works properly.
      Then in the next step explained in the guide:

      You have to pass the User/password with ESB Messaging Send Role.


      Author's profile photo Raffael Herrmann
      Raffael Herrmann

      Hi Claudio,

      thanks for pointing this out! I already tried to use the discover feature, but it didn't work out. Thus I thought the 403 in connection test must be a bigger problem. But after receiving your comment I tried again and what should I say? It works! The connection test still fails, but the discover feature started to work now and the proxies are running fine. 🙂 Thanks again!

      Author's profile photo Maximiliano Colman
      Maximiliano Colman

      Hi Shruthi M Arjun,

      It is good that you can import an API from CPI, but doesn't make more sense the other way around?( generate CPI artifacts based on API specifications from SAP API Management).

      Where are the API specifications created and managed?.is there any plan to include a swagger editor in CPI?.


      Kind Regards.


      Author's profile photo Meenakshi A N
      Meenakshi A N

      Hello Sruthi,

      We have completed all below steps in api portal available under Integration Suite.

      1.Create API Provider

      2.Create API Proxies and assigned policies

      3.Create Product and published

      As a next step, we are planning to create an application.

      I m unable to create application. It gives me internal server error.

      Pls Note : All the roles are available are assigned already

      Author's profile photo Naresh Dasika
      Naresh Dasika

      Any reason why I am getting this error message?

      Author's profile photo Tyrone Scamaton
      Tyrone Scamaton

      Thanks for the great blog Shruthi!


      I am facing a small issue with a SAP Cloud Integration API Provider.  When creating this provider, and selecting OAuth2ClientCredentials as the Authentication Type, the "Discover" Button does not provide any details during the API creation process, however if I select BasicAuthentication, this "Discover" button works as you have indicated above (lists all HTTP(s) Endpoints deployed on the Cloud Integration Tenant).


      Any idea's why this may be the case? Is OAuth2ClientCredentials not supported for this feature?




      Author's profile photo Nico Loeblich
      Nico Loeblich

      Hello Together,

      maybe your configuration is running in the meanwhile, but I would like to add my practical experience.

      First of all I created an API-Provider (Name: CPI) of Type Cloud Integration.
      I used recommended Authorization Type = Basic.

      I checked what happend in my subaccount. Well, a destination (Name: APIPORTAL-CPI) was created automatically. This destination uses same Authorization Type = Basic.

      This Authorization Setup must kept synchronous between API Provider and Destination.
      Otherwise I a got same error message.

      Afterwards I was able to discover my integration flows.

      Additionally I tried OAuth2ClientCredentials, but this was not working - probably not supported.


      Author's profile photo Thomas Engelkamp
      Thomas Engelkamp

      Hi Nico,

      I think, when you add the developer and administrator role to the service used for OAuth the discovery function should also work (see Setting Up OAuth for Cloud Integration in Cloud Foundry | SAP Help Portal).



      Author's profile photo Simon Dietrich
      Simon Dietrich

      Hi Together,

      I need your help regarding the creation of an API provider for cloud itegration.
      After the global change of the URLS for new CI Instances, the connection can no longer be established.

      --> Works


      --> Doesnt Work

      With an "old" CI, the whole thing still works.
      When testing with a new CI, I always get the following error:

      Do I have to manually adjust the URL from the browser?

      Or is there any other solution ?

      Thanks in Advance

      Kind regards


      Author's profile photo Tobias Nitschmann
      Tobias Nitschmann

      I have the exact same problem. Any updates on this so far?

      Author's profile photo Simon Dietrich
      Simon Dietrich

      Hi Tobias,

      i found the solution.

      You have to create a service key with plan "api".


      You can use the highlighted URL.

      This works for me.