SAP Commissions Rest API JWT authentication from SAP Advanced Workflow

1 – Introduction

The SAP Commissions REST API allows 2 types or authentications:

• Basic Authentication
• JWT Token Authentication

And from SAP Workflow you can choose what type of authentication you want to use for your project.

This post will give you an overview and a detailed explanation about how SAP Commissions Rest API JWT Authentication can be used from your SAP Advanced Workflow project when you require an integration with Commissions application.

2 –  Login to Sales Performance Home 

To be able to apply what is explained in this blog you will need to have Administration permissions in SAP Sales Performance Portal, Commissions and Advanced Workflow.

First, you need to login with your Administrator user to Sales Performance Portal:

Sales Performance Home Page

2 – Workflow Home Page

From here click the Workflow link in the Applications menu:

Workflow Menu

This will take you to the Workflow Home Page:

Workflow Home Page

3 – Create your new Key Pair

First thing you need to do is create a new Key Pair from Workflow:

1. Go to Setup > Development > Key Pairs
2. Click on Add New
3. Enter a Key Pair Alias (required) (i.e.: public_jwt_key.pub)
4. Click on Save to save the new Key Pair

Key Pair

4 – Create a new Public Key file

Now that you created the Key Pair in Workflow you need to create a Public Key file (with *.pub extension):

1. File Name: (i.e.: public_jwt_key.pub)
2. File Content: <<Copy the Key Pair that you created before from Workflow>>

5 – Create a new COMP Admin User

After you have created your new Public Key file now you need to create the COMP Admin user that you will use for the JWT authentication:

1. Go back to Commissions application
2. Go to Security > Users
3. Create a new user
4. Assign the Administrator role
5. Save your changes

Create a COMP Admin User

6 – Set up the Authentication Type

Once you have created your new COMP Admin User you need to change the Authentication Type for this new user to “JWT Authentication” and upload the Public Key file created before:

1. Go back to Sales Performance Home
2. Go to User Administration > Users
3. Find the user created before
4. Click on Manage User Data tab
5. Select Authentication type: JWT Authentication
6. Upload Public Key File (use the file created before)
7. Save your changes

Set up JWT Authentication Type

7 – Create a Workflow Groovy script 

Finally and after you created the COMP Admin user with the JWT Authentication type now you can create a new Workflow Groovy script to test the authentication using a JWT token instead of the Basic authentication type:

1. 1. Go back to Workflow
   2. Go to Setup > Development > Scripts
   3. Create a new Script with the following content:

        def headers = new HashMap()
      
        headers.put('Content-Type', 'application/json')
      
        headers.put('Domain', 'XXXX') //Your domain or tenant (i.e. 1234)
      
        def url = 'https://XXXX.callidusondemand.com/CallidusPortal/services/Authentication/isAuthenticated'
      
        def payload = new HashMap()
      
        payload.put('aud', url)
      
        payload.put('sub','JWTRestAPIUser') //Your user Id
      
        def httpClient = resp.createHttpClient()
      
        def jwt = httpClient.generateJwtToken('public_jwt_key.pub', payload) //The Key Pair Name
      
        def authHeader = 'Bearer '+ jwt
      
        headers.put('Authorization', authHeader)
      
        def response = httpClient.executeHttpGet(url, headers)
      
        out << "Token Authentication: " + response.getContent()

   4. Validate your script
   5. The authentication is successful if you get this output message:

      Token Authentication: {}

   6. The authentication is unsuccessful if you get this output message:

       Token Authentication: com.callidus.ws.exception.UserAuthenticationException
      

      

      Workflow Groovy Script

8 – Conclusion

From SAP Advanced Workflow you can create scripts to integrate with SAP Commissions using the Commissions REST API and you can select what type of authentication you prefer to use.

If you choose JWT Authentication this blog can help you with all the needed configuration and it shows you a script that you can use for your testing.

More information about the SAP Commissions REST APIs can be found in this link:

https://[TENANT].callidusondemand.com/APIDocument/

where [TENANT] is your tenant id.

You can also find additional information about SAP Advanced Workflow under this other link:

https://help.sap.com/viewer/product/Advanced_Workflow/