Showing results for 
Search instead for 
Did you mean: 

IoT Application Enablement API call - How to Bypass Account selection screen

Former Member
0 Kudos


Good Morning. Hope you are doing great.

I am trying to read all Things using following API in my application code.$top=20000&$count=...

But it is asking to choose one of the account as below screenshot.

How to skip this page and access the API directly ?

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hello Aristatle,

thank you for your question. There are several ways for accessing the IoT Application Enablement API and the correct answer to your question needs your use case. But I try to point out the different ways.

For testing purpose (with user context) - the easiest way would be to use postman with the interceptor plugin for chrome - you have to login to the IoT Application Enablement Launchpage via Chrome with the activated Interceptor and Postman will use the established session to authenticate your requests. In this case you will use the link you mentioned in your question. These kind of requests which come from a Browser will always go via the approuter (https://<subdomain of tenant> with a specific route (e.g. /appiot-mds, /business-partner, ...) to the needed micro service.

Calling IoT AE API from an own App deployed in Cloud Foundry (with user context) - if you already have an UI application running on SAP CP Cloud Foundry part and want to access IoT AE API you need to define the role templates in your xs-security.json (for your XSUAA Service Instance) with the IoT AE scopes your application / requests need. In this case, IoT AE needs to trust your application (specify which scopes are granted to your application). If the trust setup is done properly and the scopes are defined in your role templates and assigned to the users, you can pass the JWT (Java Web Token) created by the OAuth client of your AppRouter. Depending on your use case, you can add routes to your App Router to the micro services (backend apps) of IoT AE (forwarding JWT = true) for UI consumption or send your requests from your backend application to the IoT AE micro services. In both cases the requests don't go over the mentioned URL instead you have to call directly the backend app url - e.g. for Thing Services).

With one of our next releases we will provide service broker to avoid the trust setup between the applications - via the service broker, IoT AE can be bound to your backend application you will get the credentials and service endpoints to create JWT for the authentication.

Calling IoT AE API from SAP CP Neo Stack (with user context) - in case you have a neo application and want to call the IoT AE API it is necessary to create the trust between your Account on Neo, your identity zone in XSUAA on Cloud Foundry and your SCI tenant. When the trust is setup properly you create destinations to each IoT AE micro service you want to use with the authentication type "OAuth2SAMLBearerAssertion". All credentials and information needed are give during the IoT AE Onboarding process of your tenant via Email (including a documentation for the destination setup).

Calling IoT AE API from another Cloud / App (WITHOUT user context) - in case you have an application running in the cloud and want to push or pull data from IoT AE via a job we provide an OAuth client (iotas_consumer) which supports the OAuth client credential Flow. The credentials are send during the onboarding process of your tenant via email (see description of Neo stack setup above). As the client credential flow has only Scopes (meaning functional authorizations) and no user context, the instance based authorization will have no effect on the requests. The requesting application has to take care which users are authorized to see specific instances or not (if the data is shown on to an user).

Please let me know if this summary is helpful for you.

Kind regards,


Former Member
0 Kudos

Thanks for the detailed answer Matthias.

We are going with "Calling IoT AE API from SAP CP Neo Stack (with user context)" scenario. We have requested to enable the IoT AE to our CF space. Meanwhile we are using the iotae-handson (tigerair tutorial) account to test our PoC.

Can you please provide all credential and information related to iotae-handson tenant to configure the destination.

attached the destination configuration detail page for you reference.

We need following information to configure destination.

1. Audience

2.Client Key

3.Token Service URL

4.Token Service User:

5.Token Service Password

6.System User