Human Capital Management Blogs by SAP
Get insider info on HCM solutions for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Showing results for 
Search instead for 
Did you mean: 
yogananda
Product and Topic Expert
Product and Topic Expert

Previous blog : SAP Commissions(K8s) – OpenId Connect(OIDC) Setup – Part 1

In this blog, you will come to know how to authenticate OAuth token from SAP IAS (Identity Authentication Service) tenant as explained in step by step process. This process is mainly required for API Authentication to get some data out of SAP Commissions using Rest APIs.



New SAP Commissions is running on a microservice architecture – Kubernetes inside Google Cloud Platform (GCP).

This blog information content is applicable only for tenants starting with ****.app.commissions.cloud.sap

 


SAP Commissions Help Documentation for K8 APIs


Step 1 : Prepare Basic authorization header for calling IAS oauth2 token API endpoint.

From the previous blog, you have already generated client id and client secret, so by using that you need to follow the Base64 encoding for Authorization.

Go to https://www.base64encode.org/ enter your clientid:clientsceret and press encode.

Grant Type should be passed in header as Client Credentials Authentication

 

POST https://<IAS tenant>/oauth2/token?grant_type=client_credentials
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <clientid>:<clientsecret>

client_id=<clientid>

 

Step 2 (API Based approach to assign a Client ID to Commissions Admin role to IAS User) or Directly follow Step 4 without API based approach.


Internal API Documentation for Service Account  - Change to your tenant Id (ccu1) and you must be logged in to your tenant to check API Documentation

 

###

POST https://<ias>.accounts.ondemand.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <clientid>:<clientsecret>

grant_type=password&client_id=<clientId>&username=<userName>&password=<password>

 


Assign your Client Id (which is already generated from previous blog) to your Service Account, which will be Authorized for API calls

 

POST https://<SAP Commissions K8 tenant>/usersvc/CallidusPortal/services/serviceAccount/Add
Content-Type: application/json
Authorization: Bearer <id_token>

{
  "clientId": "301c7823-7ecd-X23X4-9669-d0XX998628",
  "name": "Yoga",
  "description": "Yoga is going to test something for SAP BTP"
}

 

If you see an error, then Go to Incentive Management Admin and Roles and see if you have checkmark enabled on Service Account


Step 3 ( Add Administrator role to the Client Id)

Assign Commissions group to the service account. If you want your service account to have all Commissions permissions assigned, use ‘Administrator’ as the group name.

 

POST https://<SAP Commissions K8 tenant>/usersvc/CallidusPortal/services/serviceAccount/assignGroup
Content-Type: application/json
Authorization: Bearer <id_token>

{
  "clientId": "301c7823-7ecd-X23X4-9669-d0XX998628",
  "groupNames":  [
    "Administrator"
  ]
}

 

Step 4 ( UI Based Approach to Assign Commissions Admin Role but Ignore Step 2 and Step3)

Just follow the step numbers shown in screenshot.

2024-04-01_21-18-30.png

 

Troubleshooting Steps if you face any issues in above Steps

 

### To Check what roles exist today and if Administrator role exist or Not

GET https://g000.app.commissions.cloud.sap/usersvc/CallidusPortal/services/serviceAccountRole/search
Content-Type: application/json
Authorization: Bearer {{accessToken}}


###  To Get All Sales Portal Roles
GET https://g000.app.commissions.cloud.sap/usersvc/CallidusPortal/services/manageRoleService/allRoles
Content-Type: application/json
Authorization: Bearer {{accessToken}}

 


 

SAP Commissions Kubernetes APIs Documentation

 

Try out now one sample endpoint to get your results using access token from step 1

 

GET https://<SAP Commissions K8 tenant>/mtsvc/tcmp/rest/v2/calendars
Content-Type: application/json
Authorization: Bearer <access_token>

 

3 Comments