Skip to Content
Personal Insights
Author's profile photo Piotr Tesny

S/4HANA Cloud SOAP APIs with SAP API Management

SAP Extensibility Explorer for SAP S/4HANA Cloud

Implementing S/4HANA Cloud APIs with APIM

The current task is to implement the Warehouse Shipping Advice SOAP API using SAP API Management

Why so? That way both the integration flows (CPI) and SOAP API calls (APIM) can be managed within the same SAP integration suite framework.


  • S/4HANA Cloud public tenant with admin access.
  • SAP BTP sub-account with SAP Integration Suite with access to SAP API Management portal. APIM is part of SAP Integration Suite and is available with SAP BTP trial account.


  • This is not a tutorial. Working knowledge of S/4HANA Cloud communication arrangements as well as being acquainted with APIM are assumed across this blog.
  • For security reasons the showcased  SOAP APIs have been implemented with mTLS client certificate authentication method.
  • Please note all the code snippets below are provided “as is”.
  • All the x509 certificates, bearer access and/or refresh tokens and the likes have been redacted.
  • Images/data in this blog post is from SAP internal sandbox, sample data, or demo systems. Any resemblance to real data is purely coincidental.
  • Access to online resources referenced in this blog may be subject to a contractual relationship with SAP and a S-user login may be required.

Good to know:

Putting it all together

Step1. [APIM] Let’s take a closer look at the this inbound SOAP API namely: WAREHOUSESHIPPINGADVICE_IN

Good to know:

  • SAP API Management is integrated with API Business Hub. Each SOAP web service has its own vignette/ curriculum vitae that you can retrieve directly from the API hub through the APIM discovery option.
  • The vignette describes the business explorer scope item and the communication scenario this API belongs to.


Step2. [S4HC] Let’s create the communication arrangement for the COMM_0440

If you have a communication system with communication users that cover the available authentication methods this will take only a couple of minutes to get done as depicted below:

Good to know:

  • This is a mandatory and one-off operation.
  • mTLS Client Certificate authentication implies using the communication (technical) user identity to establish a password-less and encrypted communication between a client application and a S4HC backend.


Step3. [APIM] Create a SOAP API or copy an existing one.

Select the API Provider with the x509 keypair and have it linked to the API proxy. As the API Provider already designates the S/4HANA Cloud tenant host the URL below has to be a relative one.

Congrats. You’ve just created a SOAP API. Before you can start using it you need to adjust the policy and the API endpoint resources in the policy and resource editors.


Step4. [APIM] Let’s append the API endpoint to the proxy path.


Step5. [APIM] Let’s fix the APIM policy:


Good to know:

  • When calling an inbound SOAP API a unique MessageId must be provided in the soap envelope. This requirement is part of Web Services Addressing (WS-Addressing) a transport-neutral mechanism. You may further refer to the following SAP note 2694433 – Error SRT_CORE141 While Executing WebService in SOAP for additional insight into this requirement.
  • Technically speaking a MessageId is a GUID identifier.
  • An UUID can be generated natively with APIM using a cryptographically strong pseudo random number generator  static function, namely createUuid().
!-- -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns=''>
  <AssignTo createNew="false" type="request">request</AssignTo>
  • For the sake of convenience, I hard-coded a sample soap envelope payload into the AssignMessage policy.
  • I borrowed the soap envelope from a fantastic blog by Arvin Wu, namely Using Postman call SAP S/4HANA Cloud SOAP API and simulate outbound SOAP call integration flow, that I recommend be read.
  • Please note the MessageId uuid is part of the xml payload in the policy below.
  • If you decided to remove the payload from the policy that you can either assign the MessageId as a header or alternatively as a query parameter.
<!-- This policy can be used to create or modify the standard HTTP request and response messages
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns=''>
		    <!-- -->
		    <Header name="Accept-Encoding">gzip,deflate</Header>
		    <Header name="Content-Type">text/xml</Header>
		    <Header name="Accept">*/*</Header>
            <Header name="Application-Interface-Key">saptest0</Header>
            <!-- <Header name="MessageId">{sapapim.uuid}</Header> -->
        <!-- <QueryParams>      
            <QueryParam name="MessageId">{sapapim.uuid}</QueryParam> 
        <Payload contentType="text/xml">
    <soap:Envelope xmlns:soap="" xmlns:dec="" xmlns:wsa="">
                    <ActualGoodsMovementDateTime timeZoneCode="GMTUK" daylightSavingTimeIndicator="false">2020-12-02T05:00:00Z</ActualGoodsMovementDateTime>
                    <ActualDeliveryQuantity unitCode="PCE">1</ActualDeliveryQuantity>
                    <ActualDeliveredQtyInBaseUnit unitCode="PCE">1</ActualDeliveredQtyInBaseUnit>
	<AssignTo createNew="false" type="request">request</AssignTo>


Step5. Sending the shipping advice back to S/4HANA Cloud…..

Good to know:

  • The API proxy can be use in any 3rd party client application without the need to worry about the authentication details at all…
  • The SOAP API endpoint in the API proxy can be protected with either OAuth or an apiKey via the APIM built-in Product Publication mechanism.



In a nutshell, SAP API Management (APIM) can be seen as a fast track, low code convenience tool making API prototyping and publishing a relatively straightforward task.

The security with cloud native applications is paramount.

And precisely SAP APIM allows to encapsulate and obfuscate the underlying security mechanism and protect the public API endpoints. And that’s not a bargain…





APIM’s API Provider

Quovadis_x509 keystore contains the public (a CA-signed x509 certificate) and private key pair.

Moreover, the CA authority used to sign the x509 certificate must be known to the S/4HANA Cloud tenant.



S/4HANA Cloud Communication Arrangement

The public key has been uploaded and assigned to the communication user of the communication system used with our communication arrangement, as depicted below:

Good to know:

  • You may opt to deactivate the password of a communication user to be used with the mTLS client certificate authentication.




Line-up of Supply chain APIs

API Description API Technical name Related scope items
Warehouse – Read (A2X) API_WAREHOUSE 3W0
Warehouse Inbound Delivery – Read (A2X) API_WHSE_INBOUND_DELIVERY 3BR
Warehouse Outbound Delivery Order – Read, Update (A2X) API_ APIs for Warehouse Management 3BS, 3W0
Warehouse Storage Bin – Read (A2X) API_WAREHOUSE_STORAGE_BIN 3BS, 3W0
Warehouse Shipping Advice – Receive from Warehouse(B2B)



Outbound Delivery (A2X) API_OUTBOUND_DELIVERY_SRV_0002 BD9



Additional resources


How to find an API on SAP S/4HANA OP (EN) | SAP Blogs


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo MALIPEDDI PRATHISH REDDY

      Hi Piotr Tesny,


      I like your blog and I gained more knowledge on Soap API in APIM.

      I have a doubt Can we use S/4HANA Cloud public tenant with admin access for the BTP sub-account?


      Do we have to purchase a new Global account for BTP (APIM) ?

      Thanks and Regards,


      Author's profile photo Joao Tiago Ribeiro
      Joao Tiago Ribeiro


      If you have BTP sub-account Admin Access you can check the capabilities added to the Integration Suite.

      With the new release, you can find the capabilities directly when opening the Integration Suite application from BTP Application List in the sub-account view.

      Give it a try to confirm if you have access to manage capabilities and add the APIM.

      Thank you

      Tiago Ribeiro

      Author's profile photo Piotr Tesny
      Piotr Tesny
      Blog Post Author


      Thanks for reading my blogs;

      Not sure if I can answer your question in full.

      SAP API Management (APIM) is part of SAP Integration Suite. The best is to look up all available commercial details and service plans  in the public discovery portal.

      If I understand well from your message your already have access to a BTP sub-account delivered together with SAP  S/4HANA Cloud public tenant.

      If this is the case please get in touch with your SAP sales representative to work out the best option for you to procure a SAP Integration Suite tenant;

      I hope that helps; kind regards; Piotr