
Whether you are an SAP Commerce Cloud developer or a functional analyst you are going to need to test an API at some point. In order to call most API's you will need to be authorized first. In SAP Commerce Cloud, OAuth 2.0 is how it's done. It's the default authorization framework for the Omni Commerce Connect (OCC) REST API's and it helps protect resources without sharing credentials with a third party system.
The goal of this blog post is to get you familiar with OAuth 2.0 and how to authorize against an API. No coding will be required. All you need is an SAP Commerce Cloud system and Postman. Postman is a free API testing tool. If you have another preferred API testing tool feel free to use that instead.
In the coming steps, we will walk through creating an OAuth client in SAP Commerce Cloud, generating an access token, and finally using the token to make an HTTP GET request using Postman.
If you haven't worked with access tokens in the past, the classic metaphor is that of a hotel room key/card. When you arrive, you typically go to the front desk where you are given a room key as part of the check-in process. The room key says nothing about who you are or how you checked in. It's simply a mechanism for accessing your room. An access token functions the same way. The token is sent along with the API call to let the system know you are authorized to use the API. A room key also expires at the end of your scheduled stay. An access token similarly also expires after a set period of time.
To configure an OAuth client, you have 2 options. The first is to use the Backoffice. The second option is to use ImpEx. We'll look at both options.
The quickest way to add a new OAuth client is to use ImpEx.
INSERT_UPDATE OAuthClientDetails; clientId[unique=true] ; clientSecret ; resourceIds ; scope ; authorizedGrantTypes ; authorities
; <YOUR CLIENT ID> ; <YOUR PASSWORD> ; hybris ; extended ; client_credentials ; ROLE_TRUSTED_CLIENT
You now have an OAuth Client that can be used to generate an access token. The next step is going to be to generate the access token in Postman.
Before we query the API we need to generate an access token. There are several ways to do this. Here we will demonstrate doing it via Postman.
You now have a token that can be used to query the API’s.
Assuming you have your OAuth token you are now ready to make an API call. For this particular example we get a list of groups for the specified customer.
If all goes well you should get a 200 OK HTTP response and data returned.
That's it, you've successfully called an SAP Commerce Cloud OCC API using an OAuth 2.0 access token. As you can see, there's not too much to it. There are other ways to do the same thing such as using cURL and the Swagger UI. Perhaps, topics for future blog posts. Next, explore the Swagger UI to see what other API's are available on your system and practice calling them.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
4 | |
3 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |