cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use OAuth 2.0 authorization while using SAP S/4 Hana cloud API.

peter_munt4
Participant

‎03-22-2024 8:34 AM - edited ‎03-22-2024 8:35 AM

0 Kudos

Hi experts,

I want to use SAP S/4 Hana Cloud APIs and have them called from a 3rd Party application / website etc.  So, I have set up the S4HC Communication Arrangements etc and found the APIs to use and just using POSTMAN I have used Basic authorization to just check if these are the ones needed. But there is a need to use OAuth 2.0 for better security.

I have read the blog Maintain Assignment of Document Info Record to Mai... - SAP Community

and although I can get an OAUTH2 Token via POSTMAN as described in that that blog it would NOT be practical if I wanted a 3rd Party application to call the APIs - as the Token access requires a scope approval popup from S4HC.

I have read the document https://help.sap.com/doc/6ce62b6bdda340ffbeae3f138c3cb71b/SHIP/en-US/Set_Up_Authentication_for_SAP_S... which lists all available ways to Authenticate to SAP S/4HANA Cloud. 

But I still do not know of the way that a 3rd Party application could call my APIs via OAUTH - that guide seems to be talking about SAP BTP but we don't have the API management part turned on - is there another way that just involves S4HC without all that mucking about with scope approval popups etc. ?

Can anybody give me some guides on how to do this more effectively.

By the way we only have a 2 tier SAP landscape with QAS and PROD (so no DEV 🙄) and we only have SAP BTP Integration Suite and do not have the API Management part of BTP (for financial reasons no doubt  🤑). 

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

kyamanaka
Explorer
4 hours ago
0 Kudos

Hi Peter.

Has this problem been resolved?

I'm facing the same issue in my project as well.

If you have solved the problem, I would appreciate it if you could provide me with the solution information.

Thanks

Show replies
Show replies
ravi_paul
Participant
4 weeks ago
0 Kudos

Hi Peter,

I understand your query, I recall I was part of one project where VB script code was calling our S4 API using OAuth2.0 authentication and there as well we had similar issue as yours where practically 3rd application doesn't allow popups for scope approvals as like Postman and SharePoint to some extent (we should thank to Postman for that). 

So to get rid of such situation we have a concept in OAuth i.e. "Refresh Token". I'll recommend you to play around there and research on that which might solve your requirement.

Sorry, I used such more than an year back that too for once and currently I'm in another assignment where I don't have S4 public system with me to guide you steps 😞

Hope that will solve your requirement.

Show replies
Show replies
Jerry_Lowery
Product and Topic Expert
Product and Topic Expert
‎04-12-2024 6:34 PM
0 Kudos

Hi Peter,

I don't have the exact answer, but technically, I believe the authentication happens in the identity provider, not S/4HANA Cloud.

Are you using SAP Cloud Identity for your provider?

I would investigate the possibility to generate the credentials in your Cloud Identity and then setup your communication system with those and your 3rd party app.

https://help.sap.com/docs/identity-authentication/identity-authentication/configure-client-to-call-i...

 

Thank you

Jerry

Show replies
Show replies
peter_munt4
Participant
‎04-15-2024 9:01 AM
0 Kudos

Hi Jerry

we are using SAP Cloud Identity Services as our IAS.   We have Microsoft Azure > SAP Cloud Identity Services > S4HC.

I had set up all the required communication arrangement details and it works - except that the popups for scope would not be acceptable for a 3rd Party application that want to call our S4HC APIs.

on that link that you sent me what do they mean by subject_token and how do I obtain one of those ? Do you know?

Also

Our S4HC URL is https://my<number>.s4hana.ondemand.com/

are they also suggesting to obtain a token you use https://my<number>.s4hana.ondemand.com/oauth2/token..... and that you also repeat the client_id and secret not only in the request parameters but also in the authenication header.

Ask a Question