Using Cloud Integration APIs with Tools on Cloud F...

fatihpense · ‎07-13-2021

There are resources on this topic, but it was hard to understand for me at the first sight, and there were questions about how to use tools like CPI Explorer in the CF environment.

This is my attempt to create a clear post for referring basis teams. Also, you can find more detailed documentation at the bottom of the article.

I like text with pictures! So, let's start.

Steps

Services > Instances and Subscriptions > Create

Process Integration Runtime

api

Give it a cli-friendly name, click "Next".

"password" lets you use client_id and client_secret as basic auth. But it doesn't work with "api" plan. (For "integration-flow" plan, you can give it to clients that call HTTP endpoints in the flows.)

If you choose JSON here is a list of available roles, you can edit the text and paste it. You can switch between Form and JSON views, they keep the same values.

{

    "grant-types": [

        "client_credentials",

        "password"

    ],

    "redirect-uris": [],

    "roles": [

        "WorkspacePackagesTransport",

        "WorkspacePackagesRead",

        "QueuesActivate",

        "AccessAllAccessPoliciesArtifacts",

        "AccessPoliciesEdit",

        "AccessPoliciesRead",

        "AuthGroup_Administrator",

        "AuthGroup_BusinessExpert",

        "AuthGroup_ContentPublisher",

        "AuthGroup_IntegrationDeveloper",

        "AuthGroup_ReadOnly",

        "AuthGroup_TenantPartnerDirectoryConfigurator",

        "CatalogPackageArtifactsRead",

        "CatalogPackagesCopy",

        "CatalogPackagesRead",

        "CredentialsEdit",

        "DataStorePayloadsRead",

        "DataStoresAndQueuesConfig",

        "DataStoresAndQueuesDelete",

        "DataStoresAndQueuesRead",

        "HealthCheckMonitoringDataRead",

        "MessagePayloadsRead",

        "MessageProcessingLocksDelete",

        "MessageProcessingLocksRead",

        "MonitoringArtifactsDeploy",

        "MonitoringDataRead",

        "QueuesRetry",

        "SecurityMaterialDownload",

        "SecurityMaterialEdit",

        "TraceConfigurationEdit",

        "TraceConfigurationRead",

        "WorkspaceArtifactLocksDelete",

        "WorkspaceArtifactLocksRead",

        "WorkspaceArtifactsDeploy",

        "WorkspacePackagesConfigure",

        "WorkspacePackagesEdit"

    ]

}

Just click "Create"

Wait for a while.

When you click on the instance, a pane on the right appears. Click "Create" under Service Keys.

Just give it a name and click "Create"

You will need client_id, client_secret, and tokenurl.

Get "tokenurl" at the bottom:

That is all.

Example client: CPI Explorer

Tenant management hostname is the same with "url" in the JSON, or the URL where integration developers work.

Enter client_secret:

Resources

Related SAP documentation

Setting Up OAuth Inbound Authentication with Client Credentials Grant for API Clients, Cloud Foundry Environment
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/20e26a837a8449c4b8b934b07f...

If you are using another Identity Provider:
Setting Up Basic Inbound Authentication of an IdP User for API Clients, Cloud Foundry Environment
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/57f104d5b6064720bdca826c66...

Creating OAuth Client Credentials for Cloud Foundry Environment
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/50b63c69028643b18016d67950...

Managing User Roles, Cloud Foundry Environment
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/4e86f0dcb41f49e99ea43e82a0...

List of all permissions:
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/fda781c59e4b46a390ce5b409f6...