Dear all,

In this article, you will come to know different ways to authenticate your SAP CPQ APIs for REST & SOAP methods. I will provide you more examples in my next blog for all the Authentication types.

Its good to know each and every authentication types for users to authenticate the API endpoint. More details, refer this link

SAP CPQ API Documentation

SAP API Business HUB - SAP CPQ APIs

---

1. REST API Authentication

• 
  

  JWT Bearer Token 🔐

  
  


• 
  

  Stateful Authentication

  
  


• 
  

  Basic Authentication

  
  


• 
  

  Token API Authentication 🔐

  
  
  
  
  • 
    

    Password Grant Authentication

    
    
  
  
  • 
    

    Client Certificate Authentication 📜

    
    
  
  
  
  


• 
  

  OAuth 2.0 JWT Assertion Profiles 🔐

  
  
  
  
  • 
    

    Generate JWT Assertion Grant Type

    
    
  
  
  • 
    

    Generate SAML Bearer Grant Type

    
    
  
  
  
  

---

2. SOAP API Authentication

• 
  

  Basic Authentication

  
  


• 
  

  Client Certificate Authentication (x509 mTLS) 📜

  
  


• 
  

  Inbound & Outbound Certificate Authentication 📜

  
  

📜	Certificate Based Authentication  - Secured and Best
🔐	Certificate + Token Based Authentication  - More Secured and Best

Note : 

If you feel SAP CPQ Help documentation, doesn't provide more information.. Kindly raise a support ticket with component - CEC-SAL-CPQ with providing the link to the page which lacks of more detailed steps that can be improved.

In this article we have shown a lot of methods of securing your APIs. All of these 2 (REST&SOAP) have their own pros & cons but the best that comes out to be is OAuth which many industries & businesses prefer when dealing with client-server scenarios. OData APIs are still not available for SAP CPQ