on 04-03-2024 11:05 AM
I created a simple OData v.4 API with Node.js CAP. Let's call it simpleapi-srv.
If I open the application route for this api in the browser I get the following error message: 401 - Unauthorized.
I therefore created another application simpleapi based on the standalone app router. If I open the application route of this app I can login with my BTP user (and sucessfully work with the API). I understand by calling the app with the standalone app router the app router handles (with the help of the xsuaa) service the SAML / OAuth flow and ensures (via re-direction) the login process.
My question:
How can I provide an API-URL to an external partner and how do I grant him corresponding authorization? So e.g. he can use the API endpoint via postman or within his custom application development (outside BTP).
Does it make sense to create a service key for simpleapi and use the OAuth credentials from the key? How do I manage authorization (scopes and roles). I assume the CDS role defintion do not have any effect for the user in the service key....?
Okay just found possible solutions here:
https://community.sap.com/t5/technology-q-a/how-to-expose-cap-api-to-external-app/qaq-p/12700180
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
74 | |
10 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.