Showing results for 
Search instead for 
Did you mean: 

Express Node.js Multi-tenant back end application with XSUAA with basic authentication.


Hi community,

I'm exploring the XUAA functionality from last 2 weeks and still haven't figured it out how to achieve my use case.

Task: Create Express REST APIs for /login and /signup. In the signup API the password and email should be stored in Hana database. The API should be multi tenant aware.

[DO NOT USE CDS(as we are moving our database from MongoDB to Hana Databse and only service layer need to be changed (I think))].

Solution I found after reading documentation: XUAA(for Authentication and scopes) and AppRouter (for tenant request switching).

My Problems:

  • As my password is saved in Hana Database, I don't know how to fetch them and use passport and XSUAA. I have done this in MongoDB but not sure how this SAP CF works, Haven't seen any examples on this as well.
  • App router(sort of front-end application) is used for tenant switching. Is it not possible to do that in the Express APIs itself? So i don't have to depend upon the front-end application. How can test my tenant aware applcation with postman? Is it even possible in the first place ?
  • Do I have to use XSUAA for doing basic authentication and achieving multitenancy? As I am using basic authentication it can be implemented with "passport" very easily.

Asking for Suggestions:

  • Should I use Basic Authentication? Or should I implement OAuth2?
  • If I implement OAuth2, how do I use the credentials stored in my Hana Database (Multi-tenant)?
  • Can I use CDS(not Odata) in my express just to handle authentication and multi-tenancy?


Accepted Solutions (1)

Accepted Solutions (1)


Hi Community,

I have figured it out all. I'm writing the answer for someone who is looking for this kinds stuff.

If you are starting with CAP project, that's cool. I started also started from there, however overtime I got bored of it. As I have experience in mongodb with express.js the development experience was not quite smooth for me. I choose different route.

Below is my multitenant development pipeline using express-api:

1. Either use CAP CDS for creating database tables or use .hdbtables artifacts. If your use case is simple the CAP is good choice but if you want to do some searching and recommendation stuff then go for .hdbtables. I used hdbtables for my project(I generally write cds code and then compile it for hana so that I don't have to write hdbtable artifact all by myself[ lazy developers ]).

2. Use Yo saphanaacademy if you don't know about it then checkout the playlist Developer Onboarfing on sap hana academy youtube channel. This will give you a boilerplate code.

3. Use sap-hdbext-promisified library developed by Thomas Jung.

4. You'll get into some issues for injecting db connection as a middlware in saphanaacademy's generated code. Write your own middleware which can create connection and close connection for that request (that's how you'll achieve multitenancy) credentials will be provided by service manger. If you don't know what service manager is then read the documentation. Just understand the concept. At this point you have create a server capable for serving multi tenant database backend.

5. sap-hdbext-promisified will make things easy to write HANA SQL query. try out some examples. That's it multitenant application is ready to deploy.

Ofcouse, is this a very abstracted information however you'll be able to develop the backend using these steps. I'll write is proper blog so that things get more clearer picture of the process.

I'm thinking to build a opensource library like sap-hdbext-promisified developed by Thomas or like Mongoose for MongoDB , As a developer I find writing the raw query a very painful experience. Having this sort of ORM at disposal is a good.

If anyone is open to contribute please connect:

This is my personal experience, it might be horribly wrong in terms for development pipeline. Let me know if you have better way to approch this problem.


Answers (0)