Personal Insights
Unboxing SAP Analytics Cloud Embedded Edition.
I started writing this unboxing brief more than a year ago. And that writing process had been very much comparable to shooting scenes in different studio spaces and then going through the post-production assembly process to get the final product. A movie production starts typically with storyboarding. A storyboard is a graphic representation of how the video will unfold, shot by shot, scene after scene. A storyboard is like a roadmap when you want to make a video. Disclaimer:
Good to know:
|
SAP Analytics Cloud, embedded edition. Qu’est-ce que c’est ?
![]() |
SAP Analytics Cloud Embedded edition is an analytical service and business applications oriented story boarding tool available on SAP Business Technology Platform [Cloud Foundry runtime]. |
![]() |
eSAC allows you to assemble your data sets into models and eventually tell your story. Furthermore, thanks to the intrinsic app2app integration capabilities one can subsequently combine eSAC assets with the resources from other service providers (cf example with Google Maps beside) in your business applications. |
Feature Scope Description SAP Analytics Cloud, Embedded Edition on SAP BTP
![]() |
The eSAC [FSD] is the official product functionality description as it is released and supported by SAP at any given point in time. The SAP Analytics Cloud, embedded edition service documentation is here. |
Unboxing eSAC. It’s all APIs…
![]() |
You need to be a kind of a developer persona in order to be able to unbox it. First you need to create an eSAC service instance in your SAP BTP sub-account. Then you will need to create service key as depicted on the left (cf Appendix for details). |
1. Let’s cut the ribbon and get the SAP Analytics Cloud tenant management API access token.
The access to the eSAC BTP configuration service APIs is OAuth-protected. That means, in order to gain access to the eSAC tenant configuration |
![]() |
First, all we need to do is to issue the token oauth POST request using the uaa (user access authorization) credentials as shown below:
HTTP method: | POST |
Authentication method: | basic authentication |
Username: | value of credentials attribute uaa.clientid |
Password: | value of credentials attribute uaa.clientsecret |
curl --user 'uaa.clientid':'uaa.clientsecret' --header "Content-Type: application/json" --request POST <uaa.url>/oauth/token?grant_type=client_credentials
Next, we will need to pass this token in the authorization header in a subsequent curl call to the eSAC tenant config endpoint.
For instance the below curl call would return the current configuration of the eSAC tenant:
curl -H 'Authorization: Bearer <access token>' -H 'Content-Type: application/json' <sac-embedded-edition-service-config.url>/api/v1/tenant/<tenant_uuid>
Good to know:
|
2. Let’s get access to the eSAC cockpit.
As a reminder, you must have added an OAuth client using sac_embedded_edition_service_config
to allow us to get access to the SCIM endpoint to manage users programmatically.
That OAuth client will be required to obtain another bearer access token to get access to SCIM endpoint.
AddOAuthClient.json:
{
"AddOAuthClient":[
{
"name":"<AddOAuthClient_name>",
"apiAccessEnabled":"true",
"apiRoles":[
"PROFILE:sap.epm:SCIM_Public_API"
]
}
]
}
// adding an AOuth client to the eSAC tenant
curl -H 'Authorization: Bearer <access_token>' -H 'Content-Type: application/json' <sac-embedded-edition-service-config.url>/api/v1/tenant/<tenant_uuid>/config -d @AddOAuthClient.json
You will need to rerun the command to get the current configuration of the eSAC tenant as to be able to retrieve the clientid and clientsecret of the SCIM OAuth client
Eventually you will be able to use the eSAC SCIM endpoint to manage users, stories, etc…
Please see appendix for more details…
After adding a new user (that must exist on the SAML IDP side) we can start using the sac embedded edition service url to log into the eSAC cockpit. You may need to use either the email address or the login name of the newly created user. |
![]() |
Let’s create a story… | ![]() |
…and here it comes…on the home page | ![]() |
Conclusion
Personally, I consider eSAC to be one of the crown jewels on SAP BTP. (And there is so much synergy with the other BTP service like API Management and Destination service.) The latest version 1.1 of eSAC service offers some additional functionality as compared to version 1.0. Please refer to help pages for more details. Despite the fact the supported connectivity is still limited to SAP HANA live connections, the eSAC version 1.1 adds HANA Extended Connectivity aimed at the consumption of business ready content in CDS views in HANA HDI containers [link]. |
__________
Appendix
Unboxing notes
The issued token grants access to the SAP Analytics Cloud tenant management API, namely to the sac_embedded_edition_service_config
endpoint:
{"access_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vb3JjYXN0YXJraWxsZXIuYXV0aGVudGljYXRpb24u
.............................(truncated).............................................
vk6Qqir357LDZN3OZKmEYh5n8dwGlNuvgq8V_HBNIZFA7o75BOTbtddVVtyHF8ozSIuaV5W5MNS1iY_L0gBWlKk91LTzYBw","token_type":"bearer","expires_in":43199,"scope":"uaa.resource","jti":"fbdab069f2d54cb5b8e05639060d02f2"}
FYI: here goes its decoded representation (jwt.ms or jwt.io):
![]() |
![]() |
As aforementioned, you could copy the relevant API packages from API Business Hub to your APIM (API Management – part of SAP Integration Suite) tenant and then implement all the logic without writing a single line of code.
eSAC Configuration and REST APIs
Learn how to configure your SAP Analytics Cloud tenant and how to use SAP Analytics Cloud, embedded edition REST APIs.
|
![]() |
SAC tenant APIs for Stories/Users/Groups/Resources/Metadata management | ![]() |
Adding a new user
Creating a user… | ![]() |
Let’s double check the user got created.Retrieving a user with the userid | ![]() |
Good to know:
|
eSAC service details
![]() |
Service Availability:The eSAC service is available to qualifying partners and customers through the cloud credits payment mechanism (CPEA – or Cloud Platform Enterprise Agreement). More importantly, it is a native Cloud Foundry (CF) service which means it obeys all the rules any other CF service must obey. |
![]() |
Service Provisionning:From the moment you have allocated the service quota to your CF sub-account you can start creating eSAC service instances. When you create an eSAC service instance a single SAP Analytics Cloud tenant gets self-provisioned on the spot. |
![]() |
Service Scalability:An eSAC tenant is locked down to merely officially supporting the SAP HANA live data sources (SAP HANA cubes or CDS views in HDI containers) and has a capacity limit of up to 150 concurrent sessions. |
![]() |
Service Credentials:The service credentials exposed via service binding or at service key creation give access to all APIs required to manage and monitor the SAP Analytics Cloud tenant, the eSAC users and user groups (teams). |
![]() |
Service Deletion:On deletion of an eSAC service instance the associated SAP Analytics Cloud tenant will be de-provisioned. In other words all the assets and configuration will be lost. Thus it is advised to export all the valuable assets either via Content Network or through a package Transport/Deployment. |
A few notes on technical capabilities and restrictions of the service
|
For the reader interested, we recently recorded two video tutorial series on the topic