cancel
Showing results for 
Search instead for 
Did you mean: 

Create SAP APIM Proxy with SAP Cloud Integration as a Provider using OAuth2ClientCredentials

anuj_dulta1
Explorer
0 Kudos

Hi All,

I am trying to create an API Proxy using SAP Cloud Integration (CI) as an API Provider using OAuth2ClientCredentials. Following is working:

  1. I managed to add SAP Cloud Integration as a Provider using Auth Type as OAuth2ClientCredentials. Connection test is Successful.
  2. I can create a new Proxy by selecting one of the Cloud Integration iFlow from CI.

Problem:

When I call the Proxy endpoint, I get the following error message when APIM is trying to call and execute CI iFlow:

I have referred to the following SAP HELP and have created the Service Instance and Service Key as needed. Given that I can connect to Cloud Integration and select the iFlow tells me that my Credentials are correct. The error suggest that the Token type is not correct, but I am not sure how and where to fix that.

Error:

www-authenticate:Bearer error="invalid_token",error_description="The token is invalid: Jwt token with audience [it!b80.MessageProcessingLocks,it!b80.WebToolingWorkspace,it!b80.TenantPartnerDirectory,it!b80.PIProvisioning,it!b80.WebTooling,it!b80.GenerationAndBuild,it!b80.WebToolingCatalog,uaa,it!b80.ESBMessageStorage,it!b80.ExternalLoggingActivation,it!b80,it!b80.TradingPartnerAgreement,it!b80.DataArchiving,sb-a255f125-85fa-4742-b14a-b1ff3c7d8198!b727|it!b80,it!b80.TradingPartnerProfile,it!b80.WorkspaceArtifactLocks,it!b80.AgreementTemplate,it!b80.IntegrationOperationServer,it!b80.MessageProcessingLog,it!b80.ConfigurationService,it!b80.Codelist,it!b80.ExternalLogging,it!b80.NodeManager,it!b80.AccessPolicies,it!b80.CompanyProfile,it!b80.Roles,it!b80.ESBDataStore,it!b80.WebToolingSettingsProductProfiles] is not issued for these clientIds: [sb-it-rt-isdev!b80,it-rt-isdev!b80].",error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

Any help would be highly Appreciated!
-Anuj

anuj_dulta1
Explorer
0 Kudos

Anyone has any idea on this please?

Cheers,

Anuj

View Entire Topic
anuj_dulta1
Explorer
0 Kudos

This is now resolved.

To execute the iFlow from APIM, the Client Id and Secret should be from service instance (service plan integration-flow). We have been doing this when we provided the OAuth details to external Systems. I missed this in this particular case.

Refer this: https://help.sap.com/docs/cloud-integration/sap-cloud-integration/oauth-authentication-with-client-c...

Following highlighted are from Service Key of type (service plan integration-flow)

Regards,

Anuj

David_Davis
Participant
0 Kudos

Hi Anuj - In this screen when you test, is the below a correct a response?

System is up and reachable. However, the ping check responded with code : 404; Message : Not Found