With API Management as part of SAP Integration Suite, you can publish, promote, and monitor APIs in a secure and scalable environment.
API Management includes API in its name—so of course you need to understand what an API is first. An application programming interface (API) is an interface that allows different applications to communicate with each other and exchange data. An API can be integrated either in the form of a software development kit (SDK) or via certain open and proprietary protocols such as RFC or HTTP. In the SAP context, you will typically deal with SOAP, OData, and REST APIs.
Imagine you have hundreds of these APIs. Does that sound unrealistic to you? Nevertheless, it’s a real-world example from SAP Business Suite and SAP S/4HANA. Every SAP Fiori app makes use of one or more OData APIs. If the APIs are only consumed internally, the monitoring of APIs during operation is often neglected. If you also want to make APIs available to external developers for use in their own apps, requirements such as documentation, billing, security, and monitoring suddenly come into focus. This is exactly where API Management helps you. It enables you to centrally provide and document your interfaces and monitor their ongoing operation.
Switching on-premise SAP Fiori apps to the consumption of OData APIs via API Management makes little sense in principle as API Management is only offered in SAP Business Technology Platform (SAP BTP) and thus all network communication would run via SAP BTP. For mobile apps or SAP Fiori apps that are provided via SAP BTP, this makes a lot of sense. For us, the most serious advantage of API Management is its central monitoring. This gives you an overview of all APIs and allows you to identify errors and problems immediately.
API Management consists of two main components: the API designer and the developer portal. With the API designer, you create and model your APIs. You can create products and integrate one or more APIs from one or more providers into them. You can intervene in the data flow and, for example, check an API key or cache data. The number of requests within a certain period can also be limited with a spike arrest.
The implementation of API Management is basically very simple. All you need to do is activate the capability in SAP Integration Suite and you're ready to go. Of course, you should think about security and the planned scenarios beforehand!
Consume OData Services from an ABAP On-Premise System
The consumption of an OData Service in API Management is almost identical to that in Cloud Integration. In the first step, you must make sure that the cloud connector is connected to the subaccount where SAP Integration Suite is deployed. To do this, open the Connectivity > Cloud Connectors section in the side menu of the SAP BTP cockpit, as shown in the figure below. Check whether the desired SAP system with the HTTP protocol appears in the Exposed Backend Systems area. The displayed host is subsequently required in API Management.
For the consumption of OData services in API Management, an API provider must be created. This is a system that provides APIs. To do this, navigate to the Configure > APIs area in the SAP Integration Suite side menu (see below). Open the API Providers tab and then click Create.
In the first step, you must assign a Name for the API provider, as shown in the figure below. The name should be meaningful, such as the system ID of the underlying SAP system.
Now open the Connection tab (see next figure). Select On Premise in the Type dropdown. Enter the previously determined virtual host name for the Host attribute and the virtual port for the Port attribute. For Authentication, you can choose None or Principal Propagation.
Then, as shown in the next figure, open the Catalog Service Settings tab. In the Path Prefix field, enter “/sap/opu/odata”. This corresponds to the first part of the path used to find the service catalog. In the Service Collection URL field, enter the path to the service collection of the catalog service. You can determine this in the SAP system, for example, using Transaction SICF. Then select the Authentication Type. This is used for authentication when loading the OData services via the catalog service. In the example, we selected Basic to use basic authentication. Finally, click Save.
You should now test whether the configured settings work by performing a connection test. Click Test Connection to do this.
You should now see response code 200, as shown in the final figure. If this isn’t the case, you need to check the settings: make sure that the credentials are correct and that the user is authorized accordingly. You can now use the API provider and access any OData service provided through it.
Editor’s note: This post has been adapted from a section of the book Cloud Connector for SAP by Martin Koch and Siegfried Zeilinger.