Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
gabbi
Product and Topic Expert
Product and Topic Expert
1,203

Kyma


project "Kyma" enables you to extend applications in a cloud-native fashion using side-by-side extensibility. Mostly those extensions can be implemented using lambdas in Kyma using Javascript as the programming language.

Compass


Compass is a central, multi-tenant system that allows you to connect Applications and manage them across multiple Kyma Runtimes. Using Compass, you can control and monitor your Application landscape in one central place. It can be run standalone as well as a part of the Kyma runtime using open source project Kyma.

apigee


apigee is an API gateway management tool offered by Google to exchange data across cloud services and applications. One can expose their enterprise APIs using apigee's API Gateway and leverage all the API Gateway benefits without the need to implement them.

 

Connecting apigee to Kyma


Why


There could be business scenarios where we need to connect to apigee's API Gateway to implement extensions or orchestration flow that encompasses multiple SAP, non-SAP systems as well as Enterprise APIs exposed via API Gateway.

I could have an extension and orchestration logic that might be making API calls to

  • One or more SAP Systems

  • Enterprise APIs served by apigee API Gateway

  • One or more non-SAP Systems



What


One missing piece of the puzzle is to set up the connectivity between apigee's API Gateway and Kyma Runtime



 

Compass to the rescue


This is where compass comes into the picture.

Using the compass, we can establish connectivity

  • without writing any additional code

  • without requiring to deploy any connectors or add-ons


The following section will provide detailed step-by-step instructions to

  • Configure Kyma to enable compass (at present it is disabled by default)

  • Use compass to set up connectivity with apigee API Gateway


Steps


We will use an API exposed via apigee API gateway with OAuth as an authentication mechanism and set up its connectivity with Kyma.

So that developers can write code to call the API without required to write code to get OAuth token.

All authentication steps will be taken care of by Kyma Application Gateway thus making the developer's life easier and making the system more secure.

apigee configuration



  • Set up a test apigee account or use one you already have.

  • Set up an endpoint using OAuth

  • Set the policy for an access token with grant_type as a form parameter.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="GenerateAccessTokenClient">
<!-- This policy generates an OAuth 2.0 access token using the client_credentials grant type -->
<Operation>GenerateAccessToken</Operation>
<!-- This is in millseconds, so expire in an hour -->
<ExpiresIn>3600000</ExpiresIn>
<SupportedGrantTypes>
<!-- This part is very important: most real OAuth 2.0 apps will want to use other
grant types. In this case it is important to NOT include the "client_credentials"
type because it allows a client to get access to a token with no user authentication -->
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<GrantType>request.formparam.grant_type</GrantType> <!--changed this part -->
<GenerateResponse/>
</OAuthV2>


  • Added AssignMessage to send numeric values as Json Numbers/Integers. This is required as by default apigee token response sends all numeric values as JSON Strings. This causes the Kyma Oauth client to fail to parse. See this apigee community thread.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="expires_in_to_int">
<DisplayName>expires_in_to_int</DisplayName>
<Properties/>
<Set>
<Payload contentType="application/json">
{
"refresh_token_expires_in" : {oauthv2accesstoken.GenerateAccessTokenClient.expires_in},
"api_product_list" : "{oauthv2accesstoken.GenerateAccessTokenClient.api_product_list}",
"organization_name" : "{oauthv2accesstoken.GenerateAccessTokenClient.organization_name}",
"issued_at": {oauthv2accesstoken.GenerateAccessTokenClient.issued_at},
"client_id" : "{oauthv2accesstoken.GenerateAccessTokenClient.client_id}",
"access_token" : "{oauthv2accesstoken.GenerateAccessTokenClient.access_token}",
"application_name" : "{oauthv2accesstoken.GenerateAccessTokenClient.application_name}",
"scope" : "{oauthv2accesstoken.GenerateAccessTokenClient.scope}",
"expires_in" : {oauthv2accesstoken.GenerateAccessTokenClient.expires_in},
"refresh_count" : {oauthv2accesstoken.GenerateAccessTokenClient.refresh_count},
"status" : "{oauthv2accesstoken.GenerateAccessTokenClient.status}"
}
</Payload>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="true" transport="http" type="response"/>
</AssignMessage>

 

Kyma configuration



 

  • Create an application via Compass






 

  • Set up an API with Oauth access

    • client_id,

    • client_secret,

    • token url of the form https://{your environment}.apigee.net/oauth/client_credential/accesstoken







Calling API exposed via apigee


Follow the standard steps to consume an API from a namespace.

  • Bind the application with the namespace.




 

  • API will be available in the service catalog




 

  • Add it once




 

  • Create a lambda to make API call



Source Code


The lambda and other related artifacts can be referred from the Github repository.