cancel
Showing results for 
Search instead for 
Did you mean: 

How to use OAuth 2.0 authorization while using SAP S/4 Hana cloud API.

peter_munt4
Participant
0 Kudos

Hi experts,

I want to use SAP S/4 Hana Cloud APIs and have them called from a 3rd Party application / website etc.  So, I have set up the S4HC Communication Arrangements etc and found the APIs to use and just using POSTMAN I have used Basic authorization to just check if these are the ones needed. But there is a need to use OAuth 2.0 for better security.

I have read the blog Maintain Assignment of Document Info Record to Mai... - SAP Community

and although I can get an OAUTH2 Token via POSTMAN as described in that that blog it would NOT be practical if I wanted a 3rd Party application to call the APIs - as the Token access requires a scope approval popup from S4HC.

I have read the document https://help.sap.com/doc/6ce62b6bdda340ffbeae3f138c3cb71b/SHIP/en-US/Set_Up_Authentication_for_SAP_S... which lists all available ways to Authenticate to SAP S/4HANA Cloud. 

But I still do not know of the way that a 3rd Party application could call my APIs via OAUTH - that guide seems to be talking about SAP BTP but we don't have the API management part turned on - is there another way that just involves S4HC without all that mucking about with scope approval popups etc. ?

Can anybody give me some guides on how to do this more effectively.

By the way we only have a 2 tier SAP landscape with QAS and PROD (so no DEV 🙄) and we only have SAP BTP Integration Suite and do not have the API Management part of BTP (for financial reasons no doubt  🤑). 

Thanks

View Entire Topic
Jerry_Lowery
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Peter,

I don't have the exact answer, but technically, I believe the authentication happens in the identity provider, not S/4HANA Cloud.

Are you using SAP Cloud Identity for your provider?

I would investigate the possibility to generate the credentials in your Cloud Identity and then setup your communication system with those and your 3rd party app.

https://help.sap.com/docs/identity-authentication/identity-authentication/configure-client-to-call-i...

 

Thank you

Jerry

peter_munt4
Participant
0 Kudos

Hi Jerry

we are using SAP Cloud Identity Services as our IAS.   We have Microsoft Azure > SAP Cloud Identity Services > S4HC.

I had set up all the required communication arrangement details and it works - except that the popups for scope would not be acceptable for a 3rd Party application that want to call our S4HC APIs.

on that link that you sent me what do they mean by subject_token and how do I obtain one of those ? Do you know?

Also

Our S4HC URL is https://my<number>.s4hana.ondemand.com/

are they also suggesting to obtain a token you use https://my<number>.s4hana.ondemand.com/oauth2/token..... and that you also repeat the client_id and secret not only in the request parameters but also in the authenication header.