CRM and CX Blogs by SAP
Stay up-to-date on the latest developments and product news about intelligent customer experience and CRM technologies through blog posts from SAP experts.
Showing results for 
Search instead for 
Did you mean: 


Whether you are an SAP Commerce Cloud developer or a functional analyst you are going to need to test an API at some point. In order to call most API's you will need to be authorized first. In SAP Commerce Cloud, OAuth 2.0 is how it's done. It's the default authorization framework for the Omni Commerce Connect (OCC) REST API's and it helps protect resources without sharing credentials with a third party system.

The goal of this blog post is to get you familiar with OAuth 2.0 and how to authorize against an API. No coding will be required. All you need is an SAP Commerce Cloud system and Postman. Postman is a free API testing tool. If you have another preferred API testing tool feel free to use that instead.

In the coming steps, we will walk through creating an OAuth client in SAP Commerce Cloud, generating an access token, and finally using the token to make an HTTP GET request using Postman.

Access Tokens

If you haven't worked with access tokens in the past, the classic metaphor is that of a hotel room key/card.  When you arrive, you typically go to the front desk where you are given a room key as part of the check-in process. The room key says nothing about who you are or how you checked in. It's simply a mechanism for accessing your room. An access token functions the same way. The token is sent along with the API call to let the system know you are authorized to use the API. A room key also expires at the end of your scheduled stay. An access token similarly also expires after a set period of time.

Configuring an OAuth Client

To configure an OAuth client, you have 2 options. The first is to use the Backoffice. The second option is to use ImpEx. We'll look at both options.

Option 1: Configure an OAuth Client via Backoffice

  1. Navigate to the Backoffice: https://<YOUR DOMAIN>:9002/backoffice

  2. In Backoffice, navigate to System --> OAuth --> OAuth Clients

  3. Click the arrow next to the create icon and select OAuth Client Details in order to create a new client

  4. Enter the OAuth client id: <YOUR CLIENT ID>

  5. Enter the OAuth client secret: <YOUR PASSWORD>

  6. Click Next

  7. Enter the OAuth authorities: ROLE_TRUSTED_CLIENT

  8. Enter the OAuth authorized grant types: client_credentials

  9. Enter the OAuth resource ID’s: hybris

  10. Click Next

  11. Enter the Scopes: extended

  12. Click Done

Option 2: Configure an OAuth Client via ImpEx

The quickest way to add a new OAuth client is to use ImpEx.

  1. Navigate to HAC: https://<YOUR DOMAIN>:9002/console/impex/import

  2. In the Import Content text area add the following ImpEx and then click the Import Content button.

INSERT_UPDATE OAuthClientDetails; clientId[unique=true] ; clientSecret ; resourceIds ; scope ; authorizedGrantTypes ; authorities
; <YOUR CLIENT ID> ; <YOUR PASSWORD> ; hybris ; extended ; client_credentials ; ROLE_TRUSTED_CLIENT

You now have an OAuth Client that can be used to generate an access token. The next step is going to be to generate the access token in Postman.

Generate Access Token via Postman

Before we query the API we need to generate an access token. There are several ways to do this. Here we will demonstrate doing it via Postman.

  1. Create a new request tab in Postman by clicking File -- > New Tab

  2. Click on the Authorization tab

  3. Set the Type to OAuth 2.0

  4. Click Get New Access Token button

  5. Enter the following token information:

    • ŸToken Name: Hybris Token (name this whatever you'd like, it's only used within Postman)

    • ŸGrant Type: Client Credentials

    • ŸAccess Token URL: https://<YOUR DOMAIN>:9002/authorizationserver/oauth/token

    • ŸClient ID: <YOUR CLIENT ID>

    • ŸClient Secret: <YOUR PASSWORD>

    • ŸScope: extended

    • ŸClient Authentication: Send as Basic Auth header

  6. Click the Request Token button

You now have a token that can be used to query the API’s.

Call API - GET

Assuming you have your OAuth token you are now ready to make an API call. For this particular example we get a list of groups for the specified customer.

  1. Create a new request tab in Postman by clicking File -- > New Tab

  2. Select GET from the select menu next to the URL field.

  3. Add a URL (e.g. - https://<YOUR DOMAIN>:9002/occ/v2/powertools/users/

    • If using a system prior to the 2005 release, change "occ" to "rest" in the url path

  4. Click the Authorization tab.

  5. Under Type, select OAuth 2.0

  6. Make sure the token you created is displayed in the Access Token field

    • ŸKeep in mind the token will expire after some time so you will need to create a new one if it does

  7. Click the Send button.

If all goes well you should get a 200 OK HTTP response and data returned.


That's it, you've successfully called an SAP Commerce Cloud OCC API using an OAuth 2.0 access token. As you can see, there's not too much to it. There are other ways to do the same thing such as using cURL and the Swagger UI.  Perhaps, topics for future blog posts. Next, explore the Swagger UI to see what other API's are available on your system and practice calling them.

1 Comment