This guide explains how to connect SAP API Management (APIM) with SAP Cloud Integration (CPI) using an API Proxy URL secured by OAuth 2.0 authentication.

NorthWind Link: https://services.odata.org/northwind/northwind.svc/ 

1. Create API Provider.

2. Create API Proxy - To Generate an OAuth Authentication Token.

3. Add Policy - To generate OAuth 2.0 Authentication.

<OAuthV2 async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
   <ExternalAuthorization>false</ExternalAuthorization>
   <Operation>GenerateAccessToken</Operation>
   <GenerateResponse enabled="true"/>
       <SupportedGrantTypes>
           <GrantType>client_credentials</GrantType>
       </SupportedGrantTypes>
   <Tokens/>
</OAuthV2>

4. Create API Provider.

5. Add Policies to the API Proxy created to call the OData. 

Verify API Key - To verify the key which you are going to pass while calling the API.

<!--Specify in the APIKey element where to look for the variable containing the api key--> 
<VerifyAPIKey async='true' continueOnError='false' enabled='true' 
xmlns='http://www.sap.com/apimgmt'>
	<APIKey ref='request.header.apikey '/>
</VerifyAPIKey>

OAuth 2.0 - To verify the OAuth Token generated.

<OAuthV2 async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
   <ExternalAuthorization>false</ExternalAuthorization>
   <!-- valid values are GenerateAccessToken, GenerateAccessTokenImplicitGrant, GenerateAuthorizationCode ,
    RefreshAccessToken , VerifyAccessToken , InvalidateToken , ValidateToken  -->
   <Operation>VerifyAccessToken</Operation>
   <GenerateResponse enabled="true"/><SupportedGrantTypes/>
   <Tokens/>
</OAuthV2>

Assign Message:

<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="true" enabled="true" xmlns='http://www.sap.com/apimgmt'>
    <Remove>   
     	<Headers>      
			<Header name="Authorization"></Header>   
          </Headers>
     </Remove> 
	<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
	<AssignTo createNew="false" type="request"></AssignTo>
</AssignMessage>

Update >> Save >> Deploy

6. Create Product & Add both the API Proxies.

7. Create a Subscription for the Product created.

Copy the API URL, KEY and Secret for future use.

8. Create an Integration Flow.

Content Modifier: Pass Authentication Details in Header

• client_secret: from the subscription 
• client_id: from the subscription 
• response_type: token
• grant_type: client_credentials
• Content-Type: application/x-www-form-urlencoded

Body: grant_type=${header.grant_type}&client_id=${header.client_id}&client_secret=${header.client_secret} 

Request Reply - HTTP 1: For Token Verification.

Content Modifier 2: For the Passing of Authorisation and API Key.

Content Modifier 3: Pass Bearer Token

Header: Bearer ${header.Access_Token_Value}

Request Reply - HTTP 2: Pass the endpoint URL of the API Proxy.

It's time to test.

For Token generation:

OAuth 2.0

Hit Send >> 200 OK

Debug >>

Trace:

The integration between SAP Cloud Integration and SAP API Management using OAuth 2.0 has been configured and tested successfully.