Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
SAP Cloud Platform Open Connectors simplifies and accelerates connectivity to third-party cloud applications. It provides robust, feature rich, prebuilt connectors to an extensible library of over 160 of the most popular third-party cloud applications.

In Easily consume data from third-party in a Fiori application using SAP Cloud Platform Open Connectors..., a simple Fiori application consuming the third-party RESTFul APIs was covered. In this blog, steps to secure and manage the third-party connectors would be showcased.

Building an enterprise application is not just about programming the core functionality, it is also about how DevOps will manage, operate the application, handle continuous development and maintenance and much more. Decoupling the actual API endpoint using SAP Cloud Platform API Management enables API Management as the access point to the actual API implementation, hiding internal information and providing specific behaviors that otherwise would need to be coded in the API itself, such as Authentication, Traffic Management or Data Transformation.


Manage APIs using SAP Cloud Platform API Management

  • Navigate to the Services tab, search for API Management service tile and click to open API Management service.

  • Click on the link Access API Portal to open API Portal.


  • Navigate to the Develop tab from the hamburger icon.

  • From API tab, click on the Create button to create an API Proxy to the third-party CRM application.


  • In Create API wizard enter your API Proxy name, URL, API Proxy Base Path as provided below and then click on Create Button





Open Connectors Hub





  • From the API Proxy details page, open up Policy designer by clicking on the more button and selecting Policies from the drop down menu.


  • SAP Cloud Platform API Management provides more than 40 policies which enables customers to govern, set the behavior of their APIs based on their enterprise needs. These XML based policies enables administrators to define the API functionalities using just simple configurations. In this scenario, the Assign Message policy would be used to set the Authorization token as required by the SAP Cloud Platform Open Connectors. This ensures that authorization token need not be specified by the application developers in a JavaScript file on client side.

  • Select PreFlow from the ProxyEndPoint and then click on the + button next to the AssignMessage Policy available under the Mediation Policies segment. This would open up the Create Policy wizard.

  • In the Create Policy wizard set the name of the Policy say setAuthorization and then click on the Add button.

  • In policy snippet window provide the policy snippet provided below. In the snippet provide your third-party CRM connectors authorization from SAP Cloud Platform Open Connectors. Refer the blog Simplify connectivity to third-party application to know more about this token.

<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns=''>

<!-- Sets a new value to the existing parameter -->
<Header name="Authorization">provide_your_authenticated_connector_token_from_SAP_Cloud_Platform_Open_Connectors</Header>
<AssignTo createNew="false" type="request">request</AssignTo>


Note:- SAP Cloud Platform API Management, also supports storing of encrypted key value maps which can be used to further securely use this authorization. More information about encrypted key value map is available in help documentation.

  • Click on the Update button to save the Policy changes.


  • Click on the Save and Deploy button to persists and activate the API Proxy.



  • With this we have now created an API Proxy which can be consumed from the Fiori application. In order to apply the changes for the Principal propagation or single sign of user refer this blog series.

Note:- Only the first part of Single Sign On from Fiori application to SAP Cloud Platform API Management blog needs to be applied. The rest of the blogs and policies for SAML assertion generation is not required for this flow. This is because the connection to the third-party applications would be via the authorization token.



Destination to SAP Cloud Platform API Management

To connect the Fiori application to SAP Cloud Platform API Management managed Open Connectors CRM APIs, the destination openconnectors needs to be updated to the API Proxy host URL. In this section steps to update the destination to the API Proxy host URL is covered.


With this have updated the openconnectors destination to connect to the API Proxy created on SAP Cloud Platform API Management.

Changes on Fiori applications

In this section, the changes required on Fiori application to remove the authorization token has been covered.

  • Open SAP Cloud Platform Web IDE Full stack service.

  • Expand the generated thirdpartydemo application from the previous blog.

  • Click on model.js from the expanded project in WorkSpace explorer and change the createDataModel function to remove the authorization token header as shown in the screen shot below.

  • Save and run the fiori application to connect securely via SAP Cloud Platform API Management.


  • This will launch the Fiori application in a new browser tab and after successful user login, data from your third-party application would be shown.


SAP Cloud Platform, API Management also offers many out of the box API Security best practices which includes security policies for Authentication and Authorization, Traffic Management and many more.

Further Reads

  • API Security Best Practices blog series.

  • Monitor and Analytics blog.

  • Enchanced developer experience blog.