Skip to Content
Technical Articles
Author's profile photo Avinash Vaidya

Quick hands-on with CAP and SAP BTP services


In the quest to understand Cloud Application Programming (CAP) model and Core Data & Services (CDS), I started reading blogs and trying some very good missions available in SAP tutorials. Coming from SAP Commerce background, many things were kind of new and completely different for me to start the journey in CAP and CDS.

Thanks to the great documentation provided by SAP on this topic and great developer community for sharing experiences through blogs.

When I was doing the hands on, lot of questions came to my mind and I read related material along the way. So I have provided references at various places which will help you to navigate quickly to the reference material.

Quick Recap –

What is CAP – Cloud Application Programming?

  • It is a collection of tools, languages and libraries to efficiently develop cloud services and applications to help enterprises scale. Link

What is CDS – Core Data & Service?

  • CDS is a foundation for CAP. It is a declarative approach towards programming. Link

What is BAS – Business Application Studio and how it is different from SAP Web IDE?

  • We think it is same but it is not. This blog will help you understand it.

The above links are best source of information, if you want to deep dive into CAP and CDS.

To get a flavor of how easy is to set up the BTP services, I tried to give an example of SAP HANA and SAP XSUAA, both of which are available as a service on SAP BTP. Most likely, you will surely need these two services in most of the projects as these are two pillars of enterprise applications – Persistence and Authorization.

At the end of this hands on exercise, you will accomplish below 5 tasks –

  1. Create CAP Java REST Services to create user and assign roles.
  2. Integrate with HANA database (HANA HDI on SAP BTP).
  3. Deploy the project on SAP BTP Cloud Foundry environment.
  4. Enable authentication and authorization using SAP BTP XSUAA service.
  5. Test REST APIs through REST client (POSTMAN).

Let us get started!

Task – 1 : Create a CAP JAVA REST Service

Quick Project Set Up

  1. Open BAS from your sub account.
  2. Go inside your project directory (/home/user/projects) and execute the below maven command
    mvn -B archetype:generate -DarchetypeArtifactId=cds-services-archetype \ -DarchetypeVersion=RELEASE \ -DartifactId=task-manager ​
  3. This will initialize maven archetype and create a new project with name – task-manager with standard folder structure.

Define Data Model

  1. The db folder contains data-model.cds where you define database entities/artifacts.
  2. In this I have defined two entities (Roles and Users) with columns.
    namespace sap.capire.taskmanager;
    using {
    } from '@sap/cds/common';
    entity Roles : cuid, managed {
            name   : String(50);
            active : Boolean;
    entity Users : cuid, managed {
            firstName : String;
            lastName  : String;
            email     : String;
            phone     : String;
            password  : String;
            active    : Boolean;
            userRole  : Association to one Roles;
  3. I have demonstrated to reuse some aspects (cuid, managed) exposed by cds/common. Quick look
  4. In this I have tried to defined relationship between entities using Association.
  5. Relationships can be of 2 types
    • Associations – This relationship is loosely coupled. By this, I mean, if parent is deleted, it will not affect children.
    • Compositions – This relationship is tightly coupled. By this, I mean, parent is a container for all children. If parent is deleted, it will delete all the children.
  6. There is lot to understand and learn in the CDS Definition Language (CDL). The best source of truth is here. But to get started, above 4 points are sufficient.

Define Admin Service

  1. In this section, we will define a service to expose the data model we created in above step.
  2. Think of this as a wrapper/abstraction on top of your entities.
  3. In the srv/src folder, create a file with name – admin-service.cds.
    using { sap.capire.taskmanager as db  } from '../db/data-model';
    service AdminService {
        entity Role as projection on db.Roles;
        entity User as projection on db.Users;

We completed Task 1 here!

Task – 2 : Integrate with HANA (HANA HDI on SAP BTP)

  1. Open your dev space. Go to Cloud Foundry Environment and get the API Endpoint. This is the CF environment where you will create your HANA database service.
  2. Open terminal, set API and login to your cf environment. Best place to learn cloud foundry CLI is here
  3. Add below dependency in pom.xml to enable HANA database integration through CDS.
  4. Open the file .cdsrc.json and add the deployment format as shown below
            "hana" : {
            "deploy-format": "hdbtable"
  5. As part of this project we will be relying on shared HANA instance which is HDI container. Very obvious question – What is the difference and what is HDI. Very nicely explained here
  6. Create HANA service and push database artifacts which will create tables in database schema by executing the below command in your project root directory.
    cds deploy --to hana:taskmanager-hana --store-credentials​
  7. Refer the default-env.json file in your root project directory for details about the HANA service created by above command.

Task – 3 : Deploy the project on SAP BTP Cloud Foundry environment.

  1. Create manifest.yml file in your project root directory which describes the application It will also define the services which binds to your application once deployed on cloud.
            - name: task-manager
              path: srv/target/task-manager-exec.jar
              random-route: true
                - taskmanager-hana
  2. In pom.xml and add cds cloud foundry dependency as shown below
  3. Build the application mvn clean install and push to cloud foundry with cf push command.

Task – 4 : Enable authentication and authorization using SAP BTP XSUAA service.

  1. Create file xs-security.json in your project root directory with the help of following command which will create file with a skeleton and sample values
    cds compile srv/ --to xsuaa > xs-security.json
  2. Give name of your application in the xsappname and give a name to the role_collections in the xs-security.json
      "xsappname": "task-manager",
      "tenant-mode": "dedicated",
      "scopes": [
          "name": "$XSAPPNAME.Administrators",
          "description": "Administrators"
      "attributes": [],
      "role-templates": [
          "name": "Administrators",
          "description": "generated",
          "scope-references": [
          "attribute-references": []
      "role-collections": [
          "name": "task-manager_Administrators",
          "description": "Task Manager Administrators",
          "role-template-references": ["$XSAPPNAME.Administrators"]
  3. Do not forget to add your user id in this role collection from BTP portal security section.
  4. Add XSUAA service in manifest.yml
            - name: task-manager
              path: srv/target/task-manager-exec.jar
              random-route: true
                - taskmanager-hana
                - taskmanager-xsuaa
  5. Create instance of XSUAA service on BTP CF environment
    cf create-service xsuaa application taskmanager-xsuaa -c xs-security.json​
  6. Build and push the application on CF environment.
  7. To get the details of the application execute the below command
    cf app task-manager​

Task – 5 : Test your REST APIs with POSTMAN

  1. Open terminal and execute the below command
    cf env task-manager​
  2. The above command provides the service binding details for your application.
  3. Look for the service xsuaa → credentials. Grab the attributes –
    • url
    • clientId
    • clientSecret
  4. Open POSTMAN and create collection with name – SAP BTP
  5. In the Authorization tab of the collection, enter the below details –
    • Callback URL – <Your application url>
    • Auth URL – Authorization url taken from point 3 appended with /oauth/authorize
    • Access Token URL – Authorization url taken from point 3 appended with /oauth/token
    • Client ID – clientId from point 3
    • Client Secret – clientSecret from point 3
    • Client Authentication – Select option – Send client credentials in body
  6. After entering all the above details, click on “Get Access Token“. Do not forget to save the token in the collection
  7. Now create a new post man request under the collection and set the authorization type as “Inherit auth from parent


I hope, this quick 5 minutes blog will help you to jump start your journey in CAP and BTP.  Stay curious! Keep learning!


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Sreehari V Pillai
      Sreehari V Pillai

      Good one , thanks for this .

      say I have an odata out if capm project with xsuaa . I need it to share it with a colleague for ui5 app development in his vscode .

      how would he use this api ? Ever thought of this ?


      Author's profile photo Avinash Vaidya
      Avinash Vaidya
      Blog Post Author

      Hello Sreehari V Pillai  - Thanks!

      In my series of blogs, I am planning to integrate this with some kind of UI application, either AppGyver or UI5.

      Stay tuned. I will surely update my findings in subsequent blogs.

      Author's profile photo Sreehari V Pillai
      Sreehari V Pillai

      sure. thank you

      Author's profile photo Rakesh Kumar
      Rakesh Kumar

      Hi Avinash,

      I have a question on similar scenario as task5.

      Requirement: We have added custom scope for authorization to our BTP application service built on CAPM for which we wish to access in Integration suite (IFlow). This service is xsuaa secured and requires a Bearer token for authentication.

      Issue: While testing from Postman tool, using the OAuth 2.0 Client credentials, it generates a Bearer token without a scope. But it fails, when the custom scope of this application is provided. Please find the attached screenshots for reference.

      Error seen while generating token with scope in client credentials. We wish to generate the Bearer token with a scope defined in the application. It throws invalid scope error here. Need a resolution for this issue

      Expectation: We want to generate Bearer token using OAuth 2.0 client credentials with custom scope defined in the application and be able to use this token to READ and WRITE data to BTP Service. Any suggestions if you have used OAuth 2.0?



      Postman auth using OAUTH 2.0

      Author's profile photo Avinash Vaidya
      Avinash Vaidya
      Blog Post Author

      Hello Rakesh - I have not used custom scope as of now. But couple of things, I can think of is

      1. Check your xs-security.json, if the scope is correctly defined.
      2. Refer to the CDS documentation here