There are already some blogs out there outlining ways to test your APIs developed on SAP BTP ABAP Environment e.g. using cookies from ABAP Development Tools (see here) or other SAP BTP APIs using the OAuth 2.0 password grant (see here).
With this blog I want to add another option that Postman offers and that is possible to be used with SAP BTP ABAP Environment: The OAuth 2.0 Authorization Code Grant
What you need:
What you get:
In the SAP BTP Cockpit navigate to your BTP ABAP Environment service instance and create a service key for it, which contains the required OAuth 2.0 credentials for the Authorization Code grant.
1. In Postman start off with an empty request and navigate to the Authorization pane
2. Choose OAuth 2.0 as Authorization Type, select Add authorization data to Request Headers and scroll down to Configure a New Token
3. Provide a Token Name, select Authorization Code as Grant Type and enter http://localhost:8080 as Callback URL (port doesn't really matter, but needs to be filled)
4. Now fetch the url, clientid and clientsecret values from the uaa section of your SAP BTP ABAP Environment service key
5. Use the URL from the service key and append /oauth/authorize for the Auth URL and /oauth/token for the Access Token URL
6. Finally use the clientid and clientsecret values for the Client ID and Client Secret fields respectively
7. Use the Get New Access Token button at the bottom to start the authentication flow, which depends on your concrete trust configuration
8. Once authenticated you can Use the Token for your Postman request
Use the URL of the SAP BTP ABAP Environment instance from your service key (not the one from the uaa section) to call any API your user has authorizations for
With this blog I want to add another option that Postman offers and that is possible to be used with SAP BTP ABAP Environment: The OAuth 2.0 Authorization Code Grant
What you need:
- Postman
- Service key of your SAP BTP ABAP Environment service instance
- An API you want to test and have access to with your Business User
What you get:
- Quick way to test your ABAP APIs without including them in communication scenarios of IAM Apps / business catalogs (provided you do this in your development system)
- Access to the API with your own user without the need for a technical user
- Support for most authentication flows that your Identity Provider might require (e.g. 2-Factor)
Get the Service Key
In the SAP BTP Cockpit navigate to your BTP ABAP Environment service instance and create a service key for it, which contains the required OAuth 2.0 credentials for the Authorization Code grant.
SAP BTP ABAP Environment Service Key
Prepare Postman
1. In Postman start off with an empty request and navigate to the Authorization pane
Postman Authorization pane
2. Choose OAuth 2.0 as Authorization Type, select Add authorization data to Request Headers and scroll down to Configure a New Token
Configure New Token
3. Provide a Token Name, select Authorization Code as Grant Type and enter http://localhost:8080 as Callback URL (port doesn't really matter, but needs to be filled)
Initial Configuration
4. Now fetch the url, clientid and clientsecret values from the uaa section of your SAP BTP ABAP Environment service key
UAA Service Key Section
5. Use the URL from the service key and append /oauth/authorize for the Auth URL and /oauth/token for the Access Token URL
Auth URL
Access Token URL
6. Finally use the clientid and clientsecret values for the Client ID and Client Secret fields respectively
Client ID / Secret
7. Use the Get New Access Token button at the bottom to start the authentication flow, which depends on your concrete trust configuration
Get New Access Token
8. Once authenticated you can Use the Token for your Postman request
Use Token
Test your API
Use the URL of the SAP BTP ABAP Environment instance from your service key (not the one from the uaa section) to call any API your user has authorizations for
Execute ABAP API
- SAP Managed Tags:
1 Comment
