Whether you are an SAP Commerce Cloud developer or a functional analyst you are going to need to test an API at some point. In order to call most API's you will need to be authorized first. In SAP Commerce Cloud, OAuth 2.0 is how it's done. It's the default authorization framework for the Omni Commerce Connect (OCC) REST API's and it helps protect resources without sharing credentials with a third party system.
The goal of this blog post is to get you familiar with OAuth 2.0 and how to authorize against an API. No coding will be required. All you need is an SAP Commerce Cloud system and Postman. Postman is a free API testing tool. If you have another preferred API testing tool feel free to use that instead.
In the coming steps, we will walk through creating an OAuth client in SAP Commerce Cloud, generating an access token, and finally using the token to make an HTTP GET request using Postman.
If you haven't worked with access tokens in the past, the classic metaphor is that of a hotel room key/card. When you arrive, you typically go to the front desk where you are given a room key as part of the check-in process. The room key says nothing about who you are or how you checked in. It's simply a mechanism for accessing your room. An access token functions the same way. The token is sent along with the API call to let the system know you are authorized to use the API. A room key also expires at the end of your scheduled stay. An access token similarly also expires after a set period of time.
Configuring an OAuth Client
To configure an OAuth client, you have 2 options. The first is to use the Backoffice. The second option is to use ImpEx. We'll look at both options.
Option 1: Configure an OAuth Client via Backoffice
Navigate to the Backoffice: https://<YOUR DOMAIN>:9002/backoffice
In Backoffice, navigate to System --> OAuth --> OAuth Clients
Click the arrow next to the create icon and select OAuth Client Details in order to create a new client
Enter the OAuth client id: <YOUR CLIENT ID>
Enter the OAuth client secret: <YOUR PASSWORD>
Enter the OAuth authorities: ROLE_TRUSTED_CLIENT
Enter the OAuth authorized grant types: client_credentials
Enter the OAuth resource ID’s: hybris
Enter the Scopes: extended
Option 2: Configure an OAuth Client via ImpEx
The quickest way to add a new OAuth client is to use ImpEx.
Navigate to HAC: https://<YOUR DOMAIN>:9002/console/impex/import
In the Import Content text area add the following ImpEx and then click the Import Content button.
If using a system prior to the 2005 release, change "occ" to "rest" in the url path
Click the Authorization tab.
Under Type, select OAuth 2.0
Make sure the token you created is displayed in the Access Token field
Keep in mind the token will expire after some time so you will need to create a new one if it does
Click the Send button.
If all goes well you should get a 200 OK HTTP response and data returned.
That's it, you've successfully called an SAP Commerce Cloud OCC API using an OAuth 2.0 access token. As you can see, there's not too much to it. There are other ways to do the same thing such as using cURL and the Swagger UI.Perhaps, topics for future blog posts. Next, explore the Swagger UI to see what other API's are available on your system and practice calling them.