-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- Technology
- Technology Q&A
- How to make a secure HTTP request from ABAP progra...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to make a secure HTTP request from ABAP program
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on ‎2013 Sep 19 4:06 PM
- SAP Managed Tags
- ABAP Development
- NW ABAP Web Services
Hi All,
I have a requirement to call an external webservice running on REST architecture from abap program. Since the web service is not running on SOAP protocol, I am unable to use the SOAMANAGER to configure the consumer proxy to make the call to external web service.
I am able to directly call the web service running on REST architecture by using the CL_HTTP* utility class by passing the url with parameters for consuming the web service. But I need to make sure the HTTP request is encrypted before it leaves the SAP system.
Please provide some inputs on encrypting the HTTP request from ABAP program.
Regards,
Manjiyil
Need more details?
Request clarification before answering.
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
In the CL_HTTP* Utility, use mode parameter value 2 which is for HTTPS.
HTTPS is an encrypted transmission protocol for web services.
regards,
Ashish Rawat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Joseph,
Not sure I really understood the question, but if I did, can't you make an HTTPS call instead of HTTP?
Regards,
Custodio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Custodio,
We are concatenating the appid and token along with URL for calling the webservice. I was wondering is there any way to garble the app_id and token when making the https request, so it is secure, or if we transmit via HTTPS instead of HTTP is it encrypted already.
If I write some encryption logic, should the webservice server also implement the decryption logic to accept the request and respond.
I have attached the code for your reference:
*-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*
* Declarations
DATA lo_client TYPE REF TO if_http_client.
DATA lo_conv TYPE REF TO cl_abap_conv_in_ce.
DATA lv_result_url TYPE string.
DATA lv_bin TYPE xstring.
DATA lv_response TYPE string.
DATA lwa_layout TYPE slis_layout_alv.
DATA lt_data TYPE srt_xml_data_tab.
* Create HTTP CAll URL
CALL METHOD cl_http_client=>create_by_url
EXPORTING
url = 'http://example/calculate.xml'
proxy_host = 'web.proxy.com'
proxy_service = '4999'
IMPORTING
client = lo_client
EXCEPTIONS
argument_not_found = 1
plugin_not_active = 2
internal_error = 3
OTHERS = 4.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during URL creation'.
ENDIF.
* Disabling the proxy authentication
lo_client->propertytype_logon_popup = lo_client->co_disabled.
* Pass proxy authentication details
lo_client->authenticate(
EXPORTING
proxy_authentication = abap_true
username = 'joseph'
password = 'abcd' ).
lo_client->request->set_method( if_http_request=>co_request_method_get ).
* Construct the URL
CONCATENATE
'http://example/calculate.xml?'
'app_id=abc'
'&token=xyz'
INTO lv_result_url RESPECTING BLANKS.
* Set URL to request
cl_http_utility=>set_request_uri( request = lo_client->request uri = lv_result_url ).
* Send the HTTP request
CALL METHOD lo_client->send
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during HTTP send'.
ENDIF.
* HTTP call receive
CALL METHOD lo_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during HTTP receive'.
ENDIF.
* Get Response data
lv_bin = lo_client->response->get_data( ).
CALL FUNCTION 'SRTUTIL_CONVERT_XML_TO_TABLE'
EXPORTING
xdoc = lv_bin
IMPORTING
data = lt_data.
lwa_layout-colwidth_optimize = abap_true.
CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
i_structure_name = 'SRT_XML_DATA'
is_layout = lwa_layout
TABLES
t_outtab = lt_data
EXCEPTIONS
program_error = 1
OTHERS = 2.
IF sy-subrc <> 0.
* Implement suitable error handling here
ENDIF.
CALL METHOD lo_client->close
EXCEPTIONS
http_invalid_state = 1
OTHERS = 2.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error closing HTTP call'.
ENDIF.
*-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*
Please suggest what changes I need to make the code secure.
Regards,
Joseph M
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I am calling the HTTPS url from Internet explorer and I'm able to see the xml output.I'm am constructing the url based on the below code:
* Construct the URL
CONCATENATE
'https://example/calculate.xml?'
'app_id=abc'
'&token=xyz'
INTO lv_result_url RESPECTING BLANKS.
I downloaded the SSL certificates from the web service site and installed in STRUST transaction. I'm passing the certificate id when calling the method:
* Create HTTP CAll URL
CALL METHOD cl_http_client=>create_by_url
EXPORTING
url = 'https://example/calculate.xml''
proxy_host = 'web.proxy.com'
proxy_service = '4999'
ssl_id = 'WSSE'
IMPORTING
client = lo_client
EXCEPTIONS
argument_not_found = 1
plugin_not_active = 2
internal_error = 3
OTHERS = 4.
But when the method receive is called using the below code, I am getting a HTTP_COMMUNICATION_FAILURE
* HTTP call receive
CALL METHOD lo_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4.
I debugged the receive method and found that error 'ICM_HTTP_SSL_ERROR' is being raised inside the method. I followed the steps mentioned in existing threads on resolving the errors like soft restarting the ICM server. But it is not resolving my issue.
Since I'm passing the app_id and token when constructing the url, I'm not sure what authentication should be used when calling HTTPS. We are not entering user id and password. app_id and token uniquely identifies and returns the result when called from internet explorer. I have installed the certificate as well in STRUST. Please provide guidance on how I can proceed on this issue.
Regards,
Joseph M
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I got the HTTPS to work by creating HTTP destination in SM59
* Declarations
DATA lo_client TYPE REF TO if_http_client.
DATA lo_conv TYPE REF TO cl_abap_conv_in_ce.
DATA lv_result_url TYPE string.
DATA lv_bin TYPE xstring.
DATA lv_response TYPE string.
DATA lv_httpcode TYPE i.
DATA lv_reason TYPE string.
DATA lwa_layout TYPE slis_layout_alv.
DATA lt_data TYPE srt_xml_data_tab.
CALL METHOD cl_http_client=>create_by_destination
EXPORTING
destination = 'HTTPS_DEST_1'
IMPORTING
client = lo_client
EXCEPTIONS
argument_not_found = 1
destination_not_found = 2
destination_no_authority = 3
plugin_not_active = 4
internal_error = 5
OTHERS = 6.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during URL creation'.
ENDIF.
lo_client->request->set_method( if_http_request=>co_request_method_get )."co_request_method_post ).
* Construct the URL without https:// ......(remaining details are maintained in SM59)
CONCATENATE '?app_id=abc'
'&token=xyz'
'¶m1=p1'
INTO lv_result_url RESPECTING BLANKS.
* Set URL to request
cl_http_utility=>set_request_uri( request = lo_client->request uri = lv_result_url ).
* Send the HTTP request
CALL METHOD lo_client->send
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
http_invalid_timeout = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during HTTP send'.
ENDIF.
* HTTP call receive
CALL METHOD lo_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error during HTTP receive'.
ENDIF.
* get status of the response
CALL METHOD lo_client->response->get_status
IMPORTING
code = lv_httpcode
reason = lv_reason.
* Get Response data
lv_bin = lo_client->response->get_data( ).
CALL FUNCTION 'SRTUTIL_CONVERT_XML_TO_TABLE'
EXPORTING
xdoc = lv_bin
IMPORTING
data = lt_data.
lwa_layout-colwidth_optimize = abap_true.
CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
i_structure_name = 'SRT_XML_DATA'
is_layout = lwa_layout
TABLES
t_outtab = lt_data
EXCEPTIONS
program_error = 1
OTHERS = 2.
IF sy-subrc <> 0.
* Implement suitable error handling here
ENDIF.
CALL METHOD lo_client->close
EXCEPTIONS
http_invalid_state = 1
OTHERS = 2.
IF sy-subrc <> 0.
MESSAGE e000(z_xyz) WITH 'Error closing HTTP call'.
ENDIF.
SM59 Settings:
url: https://example.com/search.xml?app_id=abc&token=xyz¶m1=p1
1.Connection Type: G
2.Target host: example.com
3.Path prefix: /search.xml
4.Provide company proxy details
5.SSL certificate: DFAULT SSL Client(standard)
STRUST Settings:
Download and install SSL certificate under
1. System PSE
2. SSL client SSL Client (standard)
3. Add to ACL list
SMICM Settings:
1. Make sure HTTPS port is activated
I was able to call REST web service using these settings successfully. for some reason HTTP POST method was not working, I guess webservice needs to be configured to handle it.
Regards,
Joseph M
Bluesky- From Clicks to Conversations: Reimagining Customer Onboarding Through Agentic AI in Technology Blog Posts by SAP
- Currency Conversion in SAP ABAP Using CONVERT_TO_LOCAL_CURRENCY with Custom F4 Help in Technology Blog Posts by Members
- Request for SAP Cloud ALM backup and recovery process details in Technology Q&A
- Creating a Custom F4 Help for Currency Fields in ABAP Using F4IF_INT_TABLE_VALUE_REQUEST in Technology Blog Posts by Members
- PartnerEdge Build: SAP Transportation Management (TM) Not Appearing in Price List in Technology Q&A
| User | Count |
|---|---|
| 8 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.