cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP UI5 Application to Pass User ID on headers to external API through destination

vinoth_sukumar
Explorer

on ‎2023 Dec 01 6:43 PM

0 Kudos
1,019

Hi,

I'm looking to call an external API from a UI5 application in BTP and the requirement is to pass the user ID to the headers/query parameters or body of the API.

But, we need to make this user ID being passed without being visible in the console of the browser.

API works based on basic authentication which is configured on the destination.

Is there a way to achieve this?

I'm wondering if any additional properties in the destination could help to pass the user Id or email to the API, that way front-end app or the browser won't know about the details.

Please share.

Thanks,

Vinoth

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 01 11:23 PM
0 Kudos

Are you using standalone or managed approuter to serve the application?

vinoth_sukumar
Explorer
‎2023 Dec 04 9:20 AM
0 Kudos

Hi Gregor,

It is a standalone application.

Thanks,

Vinoth

Accepted Solutions (0)

Answers (4)

Answers (4)

shahidkakkat
Explorer
‎2024 May 16 2:14 PM
0 Kudos

Hi Vinoth,

I am also trying to send user ID to external API,Can you please let me know how you solved this ?

Thanks

Show replies
Show replies
quovadis
Product and Topic Expert
Product and Topic Expert
‎2023 Dec 07 7:09 PM
0 Kudos

Hello vinoth.sukumar ,

You might want to have a look at the following blogposts of mine, especially that you rely on the SAP managed approuter as I do:

Long story short you can have all the things like the user id embedded in the JWT token being passed in the Authorization header of your API.

I hope that helps; Piotr

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 07 8:08 PM
0 Kudos

Can you point to the section where you describe this case? Haven't found it.

vinoth_sukumar
Explorer
‎2023 Dec 08 10:57 AM
0 Kudos

Hi Piotr,

Thanks for sharing, It was helpful to understand Kyma, but we don't have Kyma in our environment, anything similar is possible with CF?

Thanks,

Vinoth

gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 09 8:05 PM
0 Kudos

Hi Piotr,

Vinoth was asking for:

"pass the user ID to the headers/query parameters or body of the API."

You suggest that the backend app should evaluate the JWT or?

CU
Gregor

quovadis
Product and Topic Expert
Product and Topic Expert
‎2023 Dec 11 2:45 PM
0 Kudos

Hi Gregor, indeed the backend application should be relying on a JWT token (passed to it in the Authorization header); Thx; Piotr

gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 05 8:59 PM
0 Kudos

As you can't extend managed Approuter you have you either use SAP API Management, Cloud Integration or a custom CAP application to achieve this requirement.

Show replies
Show replies
vinoth_sukumar
Explorer
‎2023 Dec 08 10:56 AM
0 Kudos

Hi Gregor,

Thanks, I think adding another layer as you mentioned is the only way to achieve this, or perhaps another option is to consider enabling principal propagation authentication with the back end service, as our external API is connected via cloud connector, any thoughts?

I was hoping to send dynamic values from the additional properties to header or query parameters, Additional parameter "sap.query" in destination has no effect | SAP Community. Is it possible to send dynamic values to headers?

Thanks,

Vinoth

gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 09 8:24 PM
0 Kudos

Based on the documentation of approuter - Destination service only:

URL.headers.<header-name>

and not:

URL.query.<header-name>

which seems to be only supported by SAP Cloud SDK.

gregorw
SAP Mentor
SAP Mentor
‎2023 Dec 04 10:09 PM
0 Kudos

Then you should check the documentation: Extending Application Router

Show replies
Show replies
vinoth_sukumar
Explorer
‎2023 Dec 05 9:29 AM
0 Kudos

Hi Gregor,

Apologies, we are using Managed App router for HTML5 applications, which are accessed from work zone standard edition tiles.

Regards,

Vinoth

Ask a Question