SAP Zero to Hero

BEGINNER  SAP POSDM|CAR|CSI  SAP PO  SAP BTP & CPI 

SAP SALES & DISTRIBUTION ABAP SAP FIORI

Search … 
[SAP CPI] – HOW TO CALL
EXTERNAL REST API WITH
ACCESS TOKEN AND CSRF RECENT
TOKEN IN CPI POSTS
 May 12, 2022  Huy NguyenDuc  CPI - [SAP
Integration Scenarios, CPI - Tips & Troubleshooting, SAP
S/4HANA
CPI  5 comments
CLOUD] – KEY
Hello guys, in this article I want to share one USER
scenario which in there I used some my EXTENSIBILITY
understand about CSRF-token, access token, send WITH CUSTOM
header value from outside into caller http LOGIC & FIELD
WEBSERVICE. November 27,
2023
First, kindly take look scenarios [SAP CPI] –
HOW TO USE
Scenario 01 MIGRATION
ASSESSMENT
We have one REST API which use access token to
TOOL November
access. We want call this API, we will have do
18, 2023
some action below:
[SAP
Step 1: Call to URL TOKEN to get access token. S/4HANA
In this article, for example TOKEN will get from CLOUD] –
EXTENSIONS
 service key. Endpoint : WITH PROCESS
https://<Host>/oauth/token AUTOMATION
Step 2: Use access token in step 1 to call REST September 27,
API. In this article endpoint : 2023
https://<host>/http/restapi [SAP
S/4HANA
CLOUD] –
DEVELOPER
EXTENSIBILITY
IN S/4 HANA
CLOUD
September 19,
2023
Configuration for Scenario 01 [SAP S/4
HANA CLOUD] –
For simple in this article, I will use integration flow
HOW TO SEND
in CPI to create one REST API and call it from
DATA FROM
another integration.
S/4HANA
Step 1 : Create integration flow with type is REST CLOUD TO
API EXTERNAL BY
OUTPUT TYPE
August 6, 2023

CATEGORIES
ABAP
Common
topics
SAP
SAP BASICS
SAP GUI
SAP IDOC
SAP CLOUD
CONNECTOR
 SAP CPI
CPI –
Integration
Scenarios
CPI – Tips &
Troubleshootin
g
SAP FIORI
SAP IDOC
SAP MM
MM-
Inventory
MM-Master
Data
MM-
Material
In this scenario, we do not use CSRF Protected. Resource
Planning
Save and deploy this REST API
MM-
Purchasing
Test this API from POSTMAN, we need to check
MM-Tips &
this API run OK.
Troubleshootin
g
SAP POS DM
| CAR
CAR Fiori
Apps
CAR-Books
As we see, this API need authorize by OAUTH2
CAR-
with grant type is Client Credentials. So, we need
Demand Data
call to token provider to get access token.
Foundation
All information of token provider will be get from CAR-
service key with type Process Integration Runtime. Inventory
 Visibility
CAR-
Ommnichann
el Article
Availability
CAR-
Omnichannel
Promotion
Pricing
CAR-On-
Shelf
Availability
CAR-POS
Step 2 : Create integration flow call REST API in
DTA
Step 01
CAR-Tips &
In this step, we will create new integration flow will Troubleshootin
call REST API in step 01. We also focus that, REST g
API use access token to call, so in integration flow CAR-
we need call to token provider to get access token Unified
and after that will use this access token to call Demand
REST API. All this things, we will action on Forecast
integration flow. SAP
Consumer
Step 2.1 : Create integration flow with sender Sales
adapter is HTTP Intelligence
SAP POSDM-
CAR
SAP PP
SAP Process
Integration (old)
SAP Process
Orchestration
SAP PO –
Integration
We will have two ways to call REST API which use concepts
OATHAU2 for credentials. First way, we will create SAP PO-
OAUTH2 Client Credential in CPI and use it to call Integration
direct to REST API. The second way, we will call scenarios
manual to Token provider to get access token, and SAP PO-
after that use this access token to call REST API Tips &
Troubleshootin
Step 2.2: First way – Create OAUTH2 client g
Credential in CPI SAP Sales &
Distribution
Go to Security Material in section Manage
IS Retails
Security
IS-
Business
Process/Busi
ness
Scenario
IS-
Configuratio
n

Manufacturing
Create button -> OAuth2 Client Credentials
M-
Business
Process/Busi
ness
Scenario
M-
Configuratio
n
SD-Tips &
Troubleshootin
g
SAP.BASIS
 Uncategorized

ARCHIVES
November
2023
September
(1) – (2) – (3) : Get from service key because this 2023
REST API created from SAP CPI for example. In August 2023
fact, API owner will provide these information. July 2023
(4) : Send as Request Header for example in June 2023
this article. In fact, base on configure of API May 2023
Owner. April 2023
February
Next, We will use component Request Reply to 2023
call direct REST API with Authentication Type is January 2023
OAuth2 Client Credentials and input name of December
Oauth2 client credentials above in here 2022
November
2022
October 2022
September
2022
August 2022
July 2022
June 2022
May 2022
April 2022
Step 2.2: Second way – Use access token to call March 2022
REST API November
2021
The first, we try call API which provided by Token
October 2021
Provider by POSTMAN to understand how to
September
2021
Token provider will provide information August 2021
July 2021
Token URL May 2021
client_id : in this article, get it from service key. April 2021
In fact, this value partner will provide March 2021
client_secret : in this article get it from service January 2021
key. In fact this value partner will provide November
Content-type : x-www-form-urlencoded 2020
response_type : token October
grant_type : client_credentials 2020
June 2020
May 2020
April 2020
March 2020
January 2020
December
2019
OK, let configure this on SAP CPI integration flow
November
Step 2.2.1: Add content modifier and add header, 2019
body October 2019
September
Add content modifier 2019
August 2019
July 2019
June 2019
May 2019
March 2019
February
Add header 2019
grant_type : client_credentials January 2019
response_type : token October 2018
Content-Type : application/x-www- September
form-urlencoded 2018
client_id
client_serect
 Next, because this REST API use content-type =
x-www-form-urlendcoded. So we will create
body for request with syntax :
Key1=Value1&Key2=Value2&Key3=Value3

Step 2.2.2: Add request reply call to REST API of

token provider with http adapter to get access
token

Configure for HTTP

(1) : Url of token provider

(2) : Method of API token provider. In this case
use POST
 (3) : Headers which we want to send from
outside into to this process. In this case, It is
Content-Type which defined in before
component ( Content Modifier)

Step 2.2.3: Add Content modifier to get access

token payload response

In this time, Run this integration from POSTMAN

we will receive access token in payload response.

Step 2.2.3: Call to REST API with access token in

2.2.2

Next, use value of access token in 2.2.2 to call

REST API. Because REST API use authorization
with type OAUTH2, so we have to add one header
with syntax :

Key : Authorization
Value : Bearer <access_token>

For example

OK, let configure on integration flow

Add JSON to XML converter component to

convert payload JSON to XML

Add Content modifier to create string look like :

Bearer <access_token>
 Add content modifier component and create
new header with name : Authorization

Add request reply component to call HTTP

REST API and transfer header authorization
into there

(1) : Endpoint of REST API

(2 : Method
(3) : Header from before step

In this time, we call integration flow from

POSTMAN we will receive data from REST API
success.
OK, good ! To this time, we have already
configured done scenario: How to call HTTP REST
API with access token which provide by Token
provider with CLIENT_ID and CLIENT_SECRET.
Next, we try to go deeper this scenario when REST
API use more CSRF-TOKEN

Step 2.3: (Extension) – Rest API use more CSRF-

TOKEN

For example in this article, go to REST API which

create in step 1. At HTTP adapter sender, check
into check box CSRF Protected

In this time, call this API we will receiver 403 HTTP

status code Forbidden
And call from integration flow consume which
created in step 2, we will receive 500 http status
code

Check log in CPI, we also receiver status code 403

OK, let’s go to config

Step 2.2.1: Add more header with name x-csrf-

token at component after get access token

Step 2.2.2: Add Request reply component and

call to REST API with method GET and send 2
headers x-csrf-token and Authorization into there
Step 2.2.3: Add Request reply component and
call to REST API with method POSTand send 2
headers x-csrf-token and Authorization into there

After this step, we have to add one more

important config. If not config we still receiver 403
forbidden although send X-CSRF-TOKEN into
header.

Step 2.2.4: Switch HTTP Session Reuse to On

Exchange

In this step, we have to switch HTTP Session

Reuse from default to On Exchange. Click
anywhere outside flow, choose tab Runtime
Configuration, change value of HTTP Session
Reuse

OK, Now we test API from POSTMAN and receive

200 HTTP status and payload

Summary
In this article I shared step by step one scenario
call external REST API with authorization by use
Oauth2. Access token will be gotten from Token
provider by Client ID, Client Secret, Token URL. If
external REST API also use more one token called
X-CSRF-TOKEN to protect API, We also can get
more CSRF token and call REST API with access
token. Thanks for your reading and hope this
article useful. If have any advise, kindly leave your
comment on this. Thanks.

Joseph.

ACCESS TOKEN CSRF TOKEN SAP CPI

« [SAP CPI] – HOW TO [SAP CPI] – HOW TO

FILTER FILE WHEN USE XI RECEIVER
WORKING WITH SFTP ADAPTER TO CALL
ABAP PROXY IN SAP
CPI »

5 COMMENTS

Sandeep says:
May 13, 2022 at 9:25 pm

Excellent blog.
Please keep blogging on more on CPI .

 Like

Reply

SAP Zero2Hero says:

May 16, 2022 at 1:14 pm

Thanks Sandeep

 Like
 Reply

katetsan says:
June 13, 2022 at 2:31 pm

That’s REALLY helpful to learn CPI as beginner!!

I’m trying to integrate with SharePoint and CPI,
and getting oauth token via cpi.
However, I did not get the token successfully.
Wondering if you have any experience of the
integration with M365 and CPI?

Thanks in advance

 Like

Reply

khushi says:
February 17, 2023 at 5:34 pm

i have same case in which token need to be

fetched from webservice and use this token along
with other data in body we will get 2nd response
from webservice ,will this same above described
iflow will work?

 Like

Reply

Akash Dutta says:

September 7, 2023 at 9:24 am
how to pass json body dynamically in CPI at the
time of consuming External Rest API’s

 Like

Reply

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how

your comment data is processed.