SAP API Management: Discover APIs from Cloud Integration & manage them
SAP API Management has been supporting discovery of Integration Flows with OData Sender adapter deployed in Cloud Platform Integration for some time now. I have written about this in one of my previous blogs. As a next step in this journey, API Management will start allowing you to discover API artifacts that are deployed in Cloud Integration which could either be OData, REST or SOAP. Creation of API artifacts is a new feature in Cloud Integration & a step by step guide for the same can be found here. The procedure to discover & auto-generate the API proxies remain the same but extended to include the additional protocols.
In this blog, we do a quick recap of the procedure to see how you could manage the APIs coming from Cloud Integration. For more detailed use case description & steps please refer to my previous blog.
Step 1: Create an API Provider
Create an abstraction to your Cloud Integration tenant by creating an API Provider of type ‘Cloud Platform Integration’. Enter the coordinates and credentials to connect to the Cloud Integration Web UI tenant. You need to do this once for every new Cloud Integration tenant.
Step 2: Discover the deployed API artifacts & auto-generate API Proxies
On clicking on Discover, you can now see API artifacts of all protocols – OData, REST & SOAP. Choose the API of interest to you, provide the credentials to securely connect to the API & optionally change the details of the API Proxy before clicking on ‘Create’.
Example of SOAP API
Example of REST API
Note: Auto-generation of the resources is possible for OData APIs only as of now.
Step 3: Add Policies
Navigate to the Policy designer and add the necessary policies. Deploy your changes.
Step 4: Test your API
A quick test on the managed API could be performed either using the test console or any other client.
In this blog, we saw how to discover the API artifacts deployed in Cloud Integration and auto-generate API proxies for them. This will enable the use cases of governing the API based integrations built using Cloud Integration with the strong policy configuration capabilities of API Management.
Hi Shruthi M Arjun ,
thanks for the blog post. Currently I have a problem when setting up the API provider of type Cloud Platform Integration. The setup against our NEO CPI works fine, but if I setup our CPI @ CF as API provider, the connection tests ends with a 403 (Forbidden) error.
Do we have to assign specific roles to the S-User when setting up an API provider for a CPI tenant at Cloud Foundry?
ESBmessaging.send role is required for the user.
We can create a process integration runtime instance from Services->service market place.
Use below json
And then create a service key for the instance created.
We can use the client Id and secret from this key in API management.
I think we are talking about different things. I’m not talking about sending data from API management to CPI IFlows, but about configuring CPI as API provider and using the discover feature. When setting up the API provider of type “Cloud Platform Integration” we have to give the CPI management url. From my understanding the role “ESBMessaging.send” corresponds to the runtime nodes.
The problem I’m stuck is setting up the API provider. A connection test in the API provider setup page, shows a 403. (As told for a CPI on NEO it works, but for CPI on CF it fails. I don’t see what I’m doing wrong/what I’m missing.)
Nevertheless I also tried to use the Service Keys which I setup for the CPI service instance. But using those I get a 401 (Unauthorized)...
Seems I misunderstood your issue. We configured Iflow specific URL as API provider of type Internet which works.
I tried to configure CPI(CF) as API provider of type Cloud Platform Integration but
getting same error: forbidden/unauthorised
Authentication as Oauth2ClientCredentials yields the same result.
Hi Raffael Herrmann ,
never mind about HTTP 403 forbidden error, also I received this error, but I tried to create a new API Proxy based on API Provider, and it works properly.
Then in the next step explained in the guide:
You have to pass the User/password with ESB Messaging Send Role.
thanks for pointing this out! I already tried to use the discover feature, but it didn't work out. Thus I thought the 403 in connection test must be a bigger problem. But after receiving your comment I tried again and what should I say? It works! The connection test still fails, but the discover feature started to work now and the proxies are running fine. 🙂 Thanks again!
Hi Shruthi M Arjun,
It is good that you can import an API from CPI, but doesn't make more sense the other way around?( generate CPI artifacts based on API specifications from SAP API Management).
Where are the API specifications created and managed?.is there any plan to include a swagger editor in CPI?.
We have completed all below steps in api portal available under Integration Suite.
1.Create API Provider
2.Create API Proxies and assigned policies
3.Create Product and published
As a next step, we are planning to create an application.
I m unable to create application. It gives me internal server error.
Pls Note : All the roles are available are assigned already
Any reason why I am getting this error message?
Thanks for the great blog Shruthi!
I am facing a small issue with a SAP Cloud Integration API Provider. When creating this provider, and selecting OAuth2ClientCredentials as the Authentication Type, the "Discover" Button does not provide any details during the API creation process, however if I select BasicAuthentication, this "Discover" button works as you have indicated above (lists all HTTP(s) Endpoints deployed on the Cloud Integration Tenant).
Any idea's why this may be the case? Is OAuth2ClientCredentials not supported for this feature?
maybe your configuration is running in the meanwhile, but I would like to add my practical experience.
First of all I created an API-Provider (Name: CPI) of Type Cloud Integration.
I used recommended Authorization Type = Basic.
I checked what happend in my subaccount. Well, a destination (Name: APIPORTAL-CPI) was created automatically. This destination uses same Authorization Type = Basic.
This Authorization Setup must kept synchronous between API Provider and Destination.
Otherwise I a got same error message.
Afterwards I was able to discover my integration flows.
Additionally I tried OAuth2ClientCredentials, but this was not working - probably not supported.
I think, when you add the developer and administrator role to the service used for OAuth the discovery function should also work (see Setting Up OAuth for Cloud Integration in Cloud Foundry | SAP Help Portal).
I need your help regarding the creation of an API provider for cloud itegration.
After the global change of the URLS for new CI Instances, the connection can no longer be established.
--> Doesnt Work
With an "old" CI, the whole thing still works.
When testing with a new CI, I always get the following error:
Do I have to manually adjust the URL from the browser?
Or is there any other solution ?
Thanks in Advance
I have the exact same problem. Any updates on this so far?
i found the solution.
You have to create a service key with plan "api".
You can use the highlighted URL.
This works for me.