Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Consume Ariba APIs using Postman

beatrizacalesco
Advisor
Advisor
‎2024 Apr 15 9:31 PM
5,318

What is an API?

API stands for Application Programming Interface. It's groups a set of rules, protocols, and tools that allows different software applications to communicate with each other.

APIs disposes of methods and data formats that developers can use to interact with a particular software component or service.

APIs can be seen as messengers that can get or set data and, in the process, takes, process and return information.

APIs are used extensively in software development to enable different systems to work together, access each other's functionality, and share data securely and efficiently.

 

SAP Ariba APIs

Ariba REST APIs are constantly being developed and improved by SAP Solution Team, available for consumers and developers in https://developer.ariba.com/api.

In this portal, it's possible to identify all available APIs based on their respective fronts of operation, which vary depending on the SAP Ariba solution:

  • Business Network
  • Catalog
  • General
  • Procurement
  • Strategic Sourcing
  • Supplier Management

The portal also provides information regarding each API: the description of its purpose, mandatory and optional parameters, call URLs, Standard Rate Limits, as well as all necessary documentation for its consumption. Besides, all the documents and information can also be found in: SAP Ariba APIs | SAP Help Portal.

It's also important to mention that while many Ariba APIs are currently available for consumption, it doesn't guarantee that all the necessary information will be readily accessible. Some fields and data may not be included in the available APIs, so it's crucial to conduct an analysis before implementing the API in a real-world scenario (in ABAP, BTP, CPI, etc.).

In such cases, leveraging Postman calls can be beneficial for this initial check as a complement to the documentation.

 

Consuming Ariba API using Postman

Prerequisites:

  • Postman app installed;
  • Customer must have "OAuth Client Id", "OAuth Secret", "Base64 Encoded Client and Secret" and "Application Key" related to the API to be consumed – since this data is crucial for the process since they control the security of each call.

That information must be provided to you by the Customer’s Administrator.

But, in the case where a customer hasn’t requested or has never used this API before, some steps are needed:

beatrizacalesco_0-1713212235911.png

beatrizacalesco_1-1713212235913.png

  • Click in Submit button.
  • The application will be created (the Application Key will be already generated by the system):

beatrizacalesco_2-1713212235919.png

  • In the upper menu button, click in Actions > Ask your admin to request API access

beatrizacalesco_3-1713212235919.png

Choose:

  • The API you want to consume (for this example, Master Data)
  • The tenant it’s applied for (for this example, Procurement)
  • The customer realm

beatrizacalesco_4-1713212235924.png

  • Click in Submit button and this step will be completed:

beatrizacalesco_5-1713212235925.png

beatrizacalesco_6-1713212235927.png

When the entire process and approvals are completed, you should have all the necessary information for consuming the API. This is how the workflow should look like:

beatrizacalesco_7-1713212235929.png

 

Steps to call API using Postman

  • Enter in the Ariba Develop Portal and access the API to be consumed.

Along with the provided documentation, you can also download the Swagger* for this API.

(*Swagger simplifies the process consuming RESTful APIs, making it easier for developers to understand and work with APIs effectively, working with a pre-built expected project that can be simply imported in Postman, for example)

beatrizacalesco_8-1713212235935.png

Download the API Spec (Swagger).

  • Open Postman app and import the Swagger

beatrizacalesco_9-1713212235936.png

A popup will be opened. Click in Upload Files:

beatrizacalesco_10-1713212235938.png

Search for the downloaded Swagger in your local directory and click in Import:

beatrizacalesco_11-1713212235941.png

The project will be imported in Postman:

beatrizacalesco_12-1713212235942.png

Check the Collection in the left side of Postman:

beatrizacalesco_13-1713212235945.png

  • Authorization / Access Token
    1. What is Access Token

Before consuming the API, it’s necessary to get the Access Token for it.

Basically, it’s a credential that represents the authorization of a specific user/call to access resources on a specific server. When a user or application wants to access an API, they typically need to authenticate themselves to ensure that they have the authorization to get/change any data related to the process encoded by the API.

Access tokens usually have a limited lifespan and may need to be refreshed periodically to maintain the access available.

There are several methods for generating this token, each demonstrating a different approach. There's no difference between them in terms of results, but the choice will depend on personal criteria for usage.

  • If you want to generate the token with:
    1. ClientID and ClientSecret > Then use grant_type = client_credentials
    2. oAuthbase64 > Then use grant_type = openapi_2lo

This difference will be demonstrated visually in the next steps

 

  1. Creating “Access Token” call in Postman
  • Create a New Folder in your API Collection. Name it as “Authorization”:

beatrizacalesco_14-1713212235947.png

  • Create a “Request” inside the Authorization folder:

beatrizacalesco_15-1713212235950.png

  • Now, add the token URL available in the Ariba Develop Portal and complement it with /v2/oauth/token

beatrizacalesco_16-1713212235953.png

Postman Request must look like:

beatrizacalesco_17-1713212235954.png

Now, here is where it should be decided which token option is going to be used (1-By Client ID and Secret or 2-By oAuthBase64)

OPTION 1 = By Client ID and Client Secret

In Postman, select “Params” tab and set:

  grant_type = client_credentials

       client_id = <your client ID>

client_secret = <your client secret>

beatrizacalesco_18-1713212235957.png

OPTION 2 = By oAuth64

In Postman, select “Params” tab and set:

grant_type = openapi_2lo

beatrizacalesco_19-1713212235959.png

In “Headers” tab, set:

Content-Type = application/json

Authorization = Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (your oAuthbase64)

beatrizacalesco_20-1713212235962.png

For both options the result must be the same: the token must be returned

beatrizacalesco_21-1713212235967.png

 

  • Consume API

It is possible for an API to contain multiple endpoints, each performing different actions. For example, within a "Customers API," you might find one endpoint for querying data, another for retrieving addresses, and yet another for updating values for a specific customer.

The same applies to Ariba APIs. Both in the portal and in the imported Swagger, various consumption possibilities of the API are available. It is up to the analyst and the client to determine what best fits the business needs.

In this example of Master Data API, notice that three different endpoints are available:

beatrizacalesco_22-1713212235969.png

For demonstration purpose only, we are going to consume the first endpoint: GET ENTITY TYPES

  • Open the folder related to the endpoint and click in the request

beatrizacalesco_23-1713212235972.png

  • Click in “Auth” tab and select the option “Bearer Token”

beatrizacalesco_24-1713212235974.png

  • Insert the token retrieved in the previous step

beatrizacalesco_25-1713212235978.png

  • In Ariba Develop Portal, check all the obligatory fields expected for this endpoint:

beatrizacalesco_26-1713212235983.png

  • If needed, complement the Postman project with any parameter missing. Also, insert the Application Key (API Key) and the customer realm:

beatrizacalesco_27-1713212235986.png

  • After, click in “Send” button. This action will trigger the request to the server.
  • If all the information is provided correctly, the API will return the response in the Body along with the data:

beatrizacalesco_28-1713212235991.png

I hope it helps everyone!

Regards

 

3 Comments
Bruno-Franzini
Product and Topic Expert
Product and Topic Expert
‎2024 Apr 17 1:23 PM

Hi Beatriz,

Well done, and very good job for sharing such a piece of information !!

 

Kind regards

Bruno Franzini

sheilla_melo
Product and Topic Expert
Product and Topic Expert
‎2024 Oct 01 2:35 PM
0 Kudos 
Very useful, thanks for sharing.

 

AravindB1
Discoverer
‎2025 Feb 16 4:18 PM
0 Kudos

Great Blog. Thanks for sharing the input.

Is it a good practice to send the client ID and credentials in the Params tab, as they will appear in the URL? Instead, it is better to include the client credentials in the Body using x-www-form-urlencoded format.

Labels in this area
Popular Blog Posts