Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

Credential Management

You can store credentials for accessing external systems via scripting in Setup ->  Security --> Credential Management.

This page contains all credentials that are currently stored in the environment. When you store a credential entry, you can cite its name in the script sent to an external system, to perform user authentication, instead of using more complex authentication methods.

A single credential entry consists of a name, identifier, and a password or a client secret.

  • Name - The value used for distinguishing one credential entry from others.

  • Identifier - A unique identifier of a credential, usually consisting of a username and a domain name.

  • Secret - A password or a client secret. Once the creation of an entry is complete, the secret becomes encrypted and can no longer be seen by you or other administrators.

  • Active - Status of a credential entry. You can temporarily make a credential entry inactive, preventing its use for authentication in scripts.

AuthorizedRestClient Scripting Helper

This helper can be used along with a credential entry name to make basic authentication calls, or for requesting access tokens from external systems (currently only OAuth2 and Client Credential grants are supported.

AuthorizedRestClient.Delete (credentialsStoreEntryName, uri)
AuthorizedRestClient.Delete (credentialsStoreEntryName, uri, headers)
AuthorizedRestClient.DeserializeJson (input)
AuthorizedRestClient.Get (credentialsStoreEntryName, uri)
AuthorizedRestClient.Get (credentialsStoreEntryName, uri, headers)
AuthorizedRestClient.GetClientCredentialsGrantOAuthToken (clientCredentialsEntryName, uri)
AuthorizedRestClient.GetPasswordGrantOAuthToken (passwordEntryName, clientCredentialsEntryName, uri)
AuthorizedRestClient.GetPasswordGrantOAuthToken (passwordEntryName, uri)
AuthorizedRestClient.Patch (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.Patch (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.Post (credentialsStoreEntryName, uri)
AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters)
AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters)
AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.Post (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.Put (credentialsStoreEntryName, uri)
AuthorizedRestClient.Put (credentialsStoreEntryName, uri, headers)
AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters)
AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.Put (credentialsStoreEntryName, uri, parameters, headers)
AuthorizedRestClient.SerializeToJson (obj)

Go to ScriptWorkbench to try from your end

Sample Example for AuthorizedRestClient for Serialize and Deserialize
yoga_example1 = AuthorizedRestClient.SerializeToJson('{"name":"Yogananda", "age":30, "car":null}')

yoga_example2 = AuthorizedRestClient.DeserializeJson('{"name":"Yogananda", "age":30, "car":null}')

Example 2 : Calling OAuth Token


you need to encode the special characters if there is anything in Client Secret

example : "r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD++4="

Encode the client secret as below. Replace + by %2B and = by %3D


Now if you run the script it should work without any errors.