Solved: How to Store API Tokens in SAP ABAP?

javier_alonso · 3 weeks ago

I am consuming a REST API directly in SAP. The API uses oAuth athorization, however, I cannot use the oAuth 2.0 Client AS ABAP because the API only supports password Grant Type, which is not supported by the oAuth Client as far as I know.

Due to that fact, I am implementing the API calls via HTTP Destinations (SM59) to securely store the Client ID and Client Secret. Now I would like to handle the token expiration time to avoid generating a new token for each API call.
I don't really know how to store the Bearer Token in a safely way. I was thinking about a Database Table with the token (encoded in some way) and the VALID FROM - VALID TO timestamps.

I would like to know if there is an standard or better approach.

thomas_mller13

That depeds on what you mean by safely. Endusers shouldn't have the possibility to access the DB. If that is safe enough, you can store the file in the DB. I am doing this with the MS Azure keys and I have seen that at SAP in that way too. Otherwise it is difficult or not possible, because every encryption needs a key. And the key has again to be stored somewhere.

Tomas_Buryanek

For one custom development (API call with oAuth 2.0) I have done exactly this, what you say.

Save token with validity timestamp in the Z* DB table.

I made simple custom logic, when the validity is close to end (with some threshold), or already expired, then I am calling API to get new token and update it in the DB table.

If I remember I searched for other possible places. For example TVARVC, but token did not fit in the field (too long). AFAIK there is no designated spot provided by SAP for tokens.

How to Store API Tokens in SAP ABAP?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Need to send E-Mail for the same partner.

Re: Is offline mobile apps achievable with SAP Bui...

BW Query Error: Validity table row not found

Re: SAP Cyrstal Reports 2020 64 bit and Oracle 19c...

Data binding issue in sap UI5