I would like to share my experience with you all for SAP-GMAIL integration using Google & Gmail API’s in SAP PI/PO. I Implemented it for one of my clients, it was kind of unique requirement. So sharing complete details for the same.
There are 2 major sections of this blog post:-
a) Step by Step configuration in Google Developer Console for activating Gmail API. (Follow Same blog post)
b) Development of Interfaces in SAP PI/PO for SAP-GMail integration using Json Web Token (JWT). (Follow below URL)
Note:- This can be implemented in CPI too with the same design solution, only technical difference will be Java code will be replaced by Groovy Script.
- Developer account needs to be created on google for using Google API services.
- Super Admin user account is also required for providing required authorization to use Gmail API’s.
a) Step by Step configuration in Google Developer Console for activating Gmail API.
Below steps will guide you for all configuration required in Developer and Admin Google Console.
I assume everyone reading this blog has Google Account. If Not, please create one. Open GCP – https://cloud.google.com/ . Then click on “Go to Console” which leads to Developer Console.
Direct link for Developer Console https://console.cloud.google.com/. Once you login, Go to Projects.
Click on New Project
Provide Details like Project Name, Organization & Location and create it. For my case I have given project name as “SAP-Gmail-Integrate”.
Once Project created we need to perform two major steps.
I) Enabling Gmail API & II) Creating Service Account for OAuth2.
I) Enabling Gmail API :-
Select your created project then Go to GCP Navigation Bar -> APIs & Services -> Library
Search ‘Gmail’ in search bar then select Gmail API.
Click on Enable button, by enabling Gmail API it allows use of Gmail API for your current project.
As per my requirement I am going to use three APIs under “users.messages”.
1) List, 2) Get & 3) Trash.
Under Each API there is one section called “Authorization Scopes”, we have to note down each mentioned scopes from above mentioned three API’s, this scopes will be required later on OAuth steps.
II) Creating Service Account for OAuth2 :-
For Step by Step activation of Service Account we can refer official blog given by google in following link OAuth2 blog URL (Also you can follow below steps for better & quick understanding)
Go to -> IAM & Admin -> Service Accounts
It will popup below page where there are 3 steps you have to perform as given below.
a) Service Account Detail (Name & ID), b) Grant this Service Account to Project, c) Grant Users access to service account
I have already performed above all steps, giving glimpse below for the same steps after creation of service account.
a) It gives email id and Unique ID for your service account.
b) For permissions, by default service account will get assigned with Owner role, also I have added one more account i.e. my primary corporate Gmail account which I used for creation of this service account.
c) In next step Create private key, there are 2 options given by google
1) Create new key with format “Json” or “P12”
2) Upload own created private key in p12 format
For my project I have created a new Json private key and downloaded to PC.
Next Step is to register your APP for OAuth Consent Screen
Go to -> APIs & Services -> OAuth Consent Screen
Here we have to fill details for below three things:-
a) OAuth Consent Screen : (Register your Project for OAuth)
b) Scopes : (Here we have to add Gmail API’s Scopes)
c) Test Users : (Here we can add test user ids for testing)
- Next Step is to delegate domain-wide authority to a service account.
- Login to Admin Console with Super admin user & Go to -> Security -> API Controls
In the Domain wide delegation pane, select Manage Domain Wide Delegation.
Click Add new -> Mention Service Account Client ID & Gmail OAuth Scopes (comma-delimited).
You can find your service account client ID in Google Console page -> APIs & services -> Credentials.
This completes part I of configuration on Google Developer & Admin Console.
What you learned?
This blog helped you for complete configuration required on GCP portal, which is the prerequisite for Interface development.
For further development in SAP PI/PO or CPI, please keep handy below details:-
Email Address of Service Account, Gmail Scopes, Json Private key
For next part of blog post follow below URL:-
Also please let me know your feedback or queries in comment box.