Technical Articles
SAP CPQ – Keeping credentials safe at Credential Management
Credential Management
You can store credentials for accessing external systems via scripting in .
This page contains all credentials that are currently stored in the environment. When you store a credential entry, you can cite its name in the script sent to an external system, to perform user authentication, instead of using more complex authentication methods.
A single credential entry consists of a name, identifier, and a password or a client secret.
-
Name – The value used for distinguishing one credential entry from others.
-
Identifier – A unique identifier of a credential, usually consisting of a username and a domain name.
-
Secret – A password or a client secret. Once the creation of an entry is complete, the secret becomes encrypted and can no longer be seen by you or other administrators.
-
Active – Status of a credential entry. You can temporarily make a credential entry inactive, preventing its use for authentication in scripts.
AuthorizedRestClient Scripting Helper
This helper can be used along with a credential entry name to make basic authentication calls, or for requesting access tokens from external systems (currently only OAuth2 and Client Credential grants are supported.
| AuthorizedRestClient.Delete (credentialsStoreEntryName, uri) |
| AuthorizedRestClient.Delete (credentialsStoreEntryName, uri, headers) |
| AuthorizedRestClient.DeserializeJson (input) |
| AuthorizedRestClient.Get (credentialsStoreEntryName, uri) |
| AuthorizedRestClient.Get (credentialsStoreEntryName, uri, headers) |
| AuthorizedRestClient.GetClientCredentialsGrantOAuthToken (clientCredentialsEntryName, uri) |
| AuthorizedRestClient.GetPasswordGrantOAuthToken (passwordEntryName, clientCredentialsEntryName, uri) |
| AuthorizedRestClient.GetPasswordGrantOAuthToken (passwordEntryName, uri) |
| AuthorizedRestClient.Patch (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.Patch (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.Post (credentialsStoreEntryName, uri) |
| AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters) |
| AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters) |
| AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.Put (credentialsStoreEntryName, uri) |
| AuthorizedRestClient.Put (credentialsStoreEntryName, uri, headers) |
| AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters) |
| AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters, headers) |
| AuthorizedRestClient.SerializeToJson (obj) |
Sample Example for AuthorizedRestClient for Serialize and Deserialize
yoga_example1 = AuthorizedRestClient.SerializeToJson('{"name":"Yogananda", "age":30, "car":null}')
yoga_example2 = AuthorizedRestClient.DeserializeJson('{"name":"Yogananda", "age":30, "car":null}')Example 2 : Calling OAuth Token
|
Note: you need to encode the special characters if there is anything in Client Secret example : “r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD++4=“ Encode the client secret as below. Replace + by %2B and = by %3D r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD%2B %2B 4%3D Now if you run the script it should work without any errors. |
References
https://help.sap.com/viewer/884885f05e6b4c8082254d4d9d63f19b/2108/en-US/a98bd55e59954fd5be117c6a94a02a15.html