when we are doing integration between
Cloud -
Cloud and
Cloud to On-Premise, then we have multiple types of Authentication to access the API's.
User Id and Password
Client secure url, Client ID , Client Secret and Scope
- OAuth 2.0 Authorization Code :
Atheization URL, Token URL , Client ID, Client Secret and User Name and password
client certificate
In this blog post I am going to explain the end-to-end VAT return outbound interface integration between SAP to HMRC UK government portal using the OAuth 2.0 with the Client Credentials Grant to generate Access Token.
Integration Flow Chart
Step-1 : OAuth 2.0 Access Token Configuration
The Following diagram illustrates the process to get access token
- Logon to your SAP Cloud Platform Integration web application
- Navigate to the Monitor option then we can see overview.
- Then go to Manage Security > Security Material
Here choose
Create > OAuth2 Authorization Code.
Then need to maintain the
Authorization URL,
Token Service URL,
Client ID,
Client Secret,
User Name and
scope of the your interface (for the VAT return interface scope is
write:vat)
Click on the
Deploy > Authorize > then it will redirect to the Callback URL, enter the
Credentials once enter the credentials it will show as below then click on
Grant Authority
Now successfully deployed the OAuth2.0 Access token configuration this will access later in the VAT return interface IFlow.
Step-2 End-to-End VAT return Interface IFlow
- Navigate to Design > Package > Artifacts Tab
- Choose Add > Integration Flow
Step-3
From the sender Drag the connecting arrow to connect to start action, from the Adapter Type box select the SOAP/HTTPS.
SOAP: WSDL based integration then we can go for the SOAP adapter.
HTTPS: JSON based integrations then we can go for the HTTPS Adapter, and also it will work for the xml.
- In Connection tab, enter the Address or URL details
- Enter HRMC/VAT/returns Optionally, you can enter any value of your choice, but ensure that you use “/”symbol before specifying the endpoint name
Step-4 Groovy Script
The groovy script contains the functionality to fetch an access token from the
OAuth2.0 Authorization Code credential which we have configured in the
Step-1(Security Material).
import com.sap.gateway.ip.core.customdev.util.Message;
import com.sap.it.api.securestore.SecureStoreService;
import com.sap.it.api.securestore.AccessTokenAndUser;
import com.sap.it.api.securestore.exception.SecureStoreException;
import com.sap.it.api.ITApiFactory;
def Message processData(Message message) {
SecureStoreService secureStoreService = ITApiFactory.getService(SecureStoreService.class, null);
AccessTokenAndUser accessTokenAndUser = secureStoreService.getAccesTokenForOauth2AuthorizationCodeCredential("OAuth2.0");
String token = accessTokenAndUser.getAccessToken();
message.setHeader("Authorization", "Bearer "+token);
return message;
}
getAccesTokenForOauth2AuthorizationCodeCredential("OAuth2.0"),
- you fetch the access token of the OAuth2 Authorization Code credential with name “OAuth2.0”.
- once we get token from this method then we need to pass same Access token in the header level using the below groovy syntax.
message.setHeader("Authorization", "Bearer "+token);
Step-5 Content Modifier
By using content modifier, we are passing the
Accept and
Content-type parameters in the http header request as below.
Step-6 Request-Reply
Connect the
Request Reply to
Receiver by dragging the arrow icon on
Request Reply to the
Receiver
Select the
Connection tab. In the
Address field, enter the Target endpoint/Url(
https://hostname/org/vrn/return)
Step-7
- Click Save to persist the changes to integration Flow.
- Click Deploy to deploy the integration Flow.
- Navigate to the Monitor View.
- Under the Mange Integration Content Section > Choose Start to access all the Started Artifacts that we have deployed.
- Select the integration flow > Endpoint tab then you can notice REST API URL for the integration flow.
- This URL can be used to invoke the integration flow as a REST API from any REST client like postman.
Step-8 Testing The Integration Flow Using POSTMAN
Step-9 Trace and Monitoring in SAP CPI
Navigate to the
Monitor > Manage Integration Content > Select the
Iflow >
Monitor Message Processing
- Now we can see the messages status as completed
- If you want to trace Iflow logs step-to-step then click on the trace option
- Then we can see step-to-step process logs with content.
Conclusion
Finally with this blog post you can implement the end-to-end OAuth 2.0 Token based integration with SAP Cloud Platform Integration(CPI).