Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to authenticate Cloud Platform API

Go to solution
tobias_mitter2
Explorer

on ‎2020 Mar 17 6:52 AM

3,412

Hello,

we want to use the cloud foundry platform api (http://v3-apidocs.cloudfoundry.org/version/3.81.0/index.html) to do some automation.

The API is OAuth2 protected. In order to authenticate, we would need to create an oauth client and use the credentials to get a token. We did not find any way to do that.

How can we access the api?

There is one way for testing we found, as according to the cloud foundry documentation you can get an oauth token with the CLI command "cf oauth-token". That is the only way we found to actually being able to call the api, but this is only ok for some quick testing, but for a live scenario we need a REST way to get a token.

Cloud Foundry documentation describes some way to create a client, but this does not work on SAP Cloud Foundry, as we don't have access to tools and infrastructure.

Thanks and regards,

Tobias

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 24 8:26 AM
0 Likes

Perhaps you can describe better what "some automation" means in detail. Because there is a way to retrieve the Audit Logs using an API for the Cloud Foundry Environment.

Accepted Solutions (1)

Accepted Solutions (1)

tobias_mitter2
Explorer
‎2020 Apr 06 12:25 PM
0 Likes

So I am going to answer this myself. It seems there is no solution yet, but there is one coming.

See this: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/3670474a58c24ac2b082e76cbbd...

Just stumbled over it by accident. When I look at the supported scopes though, it seems it is only a part of the whole api. It doesn't even say which api (v2 or v3), it might even be that SAP is building a facade around it...have to check it out some time. Hope this helps.

Show replies
Show replies
mike_zaschka
Active Participant
‎2022 Jan 04 5:06 PM
0 Likes

Hi tobias.mitter2,

did you find a solution in the meantime?
I am stuck with the same problem. The token obtained from the CLI (cf oauth-token) is working fine to access the Cloud Controller API (v2 and v3), but I am not able to get a valid access-token from any authorization endpoint, including the Cloud Management Service.

Kind Regards,

Mike

tobias_mitter2
Explorer
‎2022 Jan 05 8:04 AM

Hello Mike, as we are still not on feature set b, we could not move forward here. Regards, Tobias

Answers (2)

Answers (2)

mike_zaschka
Active Participant
‎2022 Jan 11 12:25 PM

With the help of SAP:

The CF Cloud Controller API is currently not connected to XSUAA and thus it is not possible to obtain a token from there. Instead you have to directly call the CF UAA service and use a valid user (no service key) and the following parameters. You should then get a valid token with cloud_controller.read and cloud_controller.write scopes.

Endpoint

https://login.cf.eu20.hana.ondemand.com/oauth/token (BTP region dependent)

Basic Authentication
user: cf
password: (empty - no password)

Parameters:

username: <BTP user email>
password: <BTP user password>
client_id: cf
grant_type: password
response_type: token

An example CURL call:

curl -v -XPOST -H"Application/json" -u "cf:" --data "username=<BTP user email>&password=<myPassword>&client_id=cf&grant_type=password&response_type=token" https://login.cf.eu20.hana.ondemand.com/oauth/token
Show replies
Show replies
danfqa
Explorer
‎2023 Sep 21 2:39 PM
0 Likes

Hello Mike! Could you please inform me about the CF User and where I can locate it? From what I gather, it's distinct from the BTP Cockpit user email. Also, how can I obtain the CF client_id? I'm attempting to execute the CURL example call on CF CLI, but I'm encountering an unauthorized error. Thanks for your assistance!

marco_spyker
Explorer
‎2025 Jan 09 8:49 AM
0 Likes

Hi @mike_zaschka,
hi all  and a Happy New Year 2025!

We have been struggling with this topic, as well, with some “sleepless nights” and accidentally found this community post and we are very happy to say, that you have provided this information to us – thanks.

Now, with providing a valid user, configured in the BTP (email / password) we have managed to get valid access-tokens.

Because your answer here is 3 years old, maybe you (or some one else here) can give information, if accessing the Cloud Foundry can be managed differently. If we rely on this approach, this would mean, we would need some kind of a technical user on the BTP platform and from security perspective, can we some avoid providing passwords in plain text?

Thanks a lot in advance,

M.Spyker

gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 17 2:52 PM
0 Likes

HI Tobias,

maybe you start with a search at api.sap.com with the keywords cloud foundry. From there you should find more documentation.

Best regards
Gregor

Show replies
Show replies
tobias_mitter2
Explorer
‎2020 Mar 23 12:20 PM
0 Likes

Hi Gregor,

thanks but we have searched and tried basically everything. I am on and off this topic for half a year now. There is no documentation from SAP regarding this topic. At the moment I believe I haven't overlooked anything, that's why I finally postet the question here in the hope that we are not the only ones trying to use this api for some analytics and automation and maybe somebody else digged out some info.

Best regards,

Tobias

gregorw
SAP Mentor
SAP Mentor
‎2020 Mar 23 12:55 PM
0 Likes

Hi Tobias,

according to the current release notes SAP Cloud Platform is running on Cloud Foundry 12.33.0. Maybe the Cloud Foundry API's are helpful for you:

https://apidocs.cloudfoundry.org/12.33.0/

Keep us posted about your progress.

Best regards
Gregor

Ask a Question