cancel
Showing results for 
Search instead for 
Did you mean: 

SAP API Management - Expose Integration Flow Endpoint as API

David_Davis
Participant
0 Kudos
768

Dear All,

I am working on exposing an Integration Flow Endpoint as an API using API Management. I've followed several blogs and the tutorial "Expose Integration Flow Endpoint as API." However, I am struggling to get my iFlow endpoint to work with certain policies. Could you please advise if you have a good resource or knowledge base that we can follow step-by-step to achieve this?

Here is what I have done so far:

  1. I added SAP CI as an API Provider using the service instance credentials for the "api" plan. I am using OAuth for authentication. The connection test shows as successful.
  2. My iFlow endpoint is something like https://hostname/http/permit/status. The API should handle one permit at a time and update the status using the PUT method.
  3. When I created the API Proxy, I selected the iFlow using the discover option, and all fields were automatically populated, including the Base Path.

My questions are:

  1. The API Base Path was set to /status, and I added v1 in front of it as a version number. However, I believe this should be a unique path across all APIs to avoid conflicts in the future. Can I change this path to something more meaningful, like permitstatus, considering my iFlow endpoint mentioned above? Would this help avoid conflicts with future APIs?
  2. Do I need to add any resources after this? The tutorial talks about using URL as an API provider but doesn't mention my specific case. If I add a PUT resource, what should the path prefix be? Is it "/status"? I tried using /status, but I get an HTTP 404 error when I try out the API.
  3. Additionally, while adding the proxy, the service instance credentials I used are not the same as the ones I used initially when adding CI as a provider. For the OAuth authentication, I supplied the Process Integration service plan "integration flow." When I test this provider, I get a message that indicates there is an issue. Could this discrepancy in credentials be causing problems with the proxy setup?
    • "System is up and reachable. However, the ping check responded with code : 404; Message : Not Found"
    • However, when I initially added CI as a provider and discovered the flows, the connection test was successful. I used the service plan "api" credentials here.
    • "Connection to the system was successful with response code : 200; Message : OK"
  4. I am also not sure how to check logs or traces to understand why the API test is giving a 404 error. Is there any place where I can monitor what has gone wrong? All I can find are the API analytics dashboards, which show call stats but not the reason for failure or logs. Why is there no monitoring similar to Cloud Integration here?

I feel lost amidst multiple blogs and help links, and I haven't been able to find a single place that clearly explains how to expose this endpoint with basic policies like OAuth, Allowed IPs, Exception Handling etc.

Thank you for your help and guidance.

Screenshots:

2024-05-23_07-18-44.png2024-05-23_07-19-39.png2024-05-23_07-20-17.png2024-05-23_07-20-52.png2024-05-23_07-49-23.png

View Entire Topic
mchrista
Participant

Your http path seems to be wrong. I did setup an API to CPI (Neo) a few weeks ago as well. However, I didn't configure an API Provider but linked it directly via HTTP.

Let's say, your iFlow has the following endpoint:
 - https:// <host> -iflmap.hcisbp.eu2.hana.ondemand.com/http/Status
Meaning, you configured "/Status" as path in the iFlow. 

Now, in the API Management, you need to configure it as following:
 API Base-Path: https:// <your api path >/Status
 Target-URL: https:// < your host > -iflmap.hcisbp.eu2.hana.ondemand.com/http

Hints:
All URL appendices after the api path, here "/Status", will be sent to the iFlow. Therefore, at the iFlow URL, I left out the "/Status". 
Further, I used URL as a target provider but API Provider should work as well. I just didn't have the licence. If you found the iFlow via discovery, this should be already fine. 

For your case, change the following:
 - iFlow trigger path from "/permit/status" to "/v1/permitstatus"
 - Target-End-Point url from "/http/permit/status" to "/http"

Debugging:
The whole setup can be tested via postman.
For the CPI, just call the oAuth URL with credentials to get a token. Then find the correct path for the iFlow. 
For API Management, activate debugging in the API Portal and send a request from Postman. Within the debugging, you should be able to see what is the CPI URL that is called. 

I hope that helps. 

David_Davis
Participant
0 Kudos

Thank you. It helped me a bit. I was able to call the API through Postman without any authentication as I didn't put any policies.
But I couldn't debug although I swithed it on in the API portal but there is nothing found upon refreshing or stopping debug session. How this works in general? I want to see end to end what data and paramters are going to CI and client?

mchrista
Participant
0 Kudos
Debugging in API Management is done by selecting the API and start debugging. After hit the call and press "refresh". Then you should see a lot of steps showing up that you can click through. On CPI level, there is also an http access log. In this one, you should be able to see any call as well.
mchrista
Participant
0 Kudos
One addition, did you check from Postman if you are able to call the iFlow directly without API Management. In this way, you can verify your oAuth setup is correct.
mchrista
Participant
0 Kudos
One more thing 😉 You said that you didn't configure any policies but you want to use oAuth. Did you implement at least the oAuth policies, like here? https://community.sap.com/t5/technology-blogs-by-members/oauth-2-0-authentication-for-api-management...
David_Davis
Participant
0 Kudos

Thanks. I was able to see the debug steps. But when I select them I was seeing only headers and properties. But couldn't find any payload there. Am I missing anything? How do I know which step is start and which is end?

2024-05-23_15-49-28.png

mchrista
Participant
0 Kudos

The payload is hidden due to security. You can see only url, header and properties. In the last step, bottom left, you can see the target host and path. This should point to your iFlow. As I can see from your screenshot, your API Management seems fine as all of the steps are green. Do you see any call in the CPI?

mchrista_0-1716792503885.png

Here, I forced an error in API Management by using a wrong path. The last step, "blue", shows the path:

mchrista_1-1716792601131.png

 

I can't post any screenshots in the comment section directy. Only when I edit. Is it the same for you?

David_Davis
Participant
Yes, I could see the call in CPI. But I am trying to enhance it with more policies and also red credentials dynamically etc. I will open another discussin for any new issues. With regard to the screenshots in comments, yes it is same even for me. We need to edit the comment to post any attachments.