Introduction: This document describes about how to create API proxy with API key verification policy and subscription of consumer application to generate API key for that consumer.

 

Here, we will create an API proxy for S/4 Hana public cloud's API_BUSINESS_PARTNER OData Service.

Prerequisite: Communication Arrangement in S/4 Hana cloud, Please click here for details.

                       URL of S/4 Hana OData API:-https://<hostname>:<port>

                       Path:-/sap/opu/odata/sap/API_BUSINESS_PARTNER

  // You will get above details from the communication arrangement created in S/4 Hana cloud.

 

Create S/4 Hana as an API provider.

• In integration suite, go to Configure->API and select API Provider tab and click on create.

 

• Give name “S4” or any suitable name.

 

• Enter hostname “<your_S4hana_hostname>”and Port “<your_S4hana_port>”.

 

 

• Select Authentication type as BASIC and enter User ID and Password.

 

• Save it.

 

Create API Proxy for API_BUSINESS_PARTNER OData service.

• In integration suite, go to Configure->API.

 

• Let’s give name “S4”.Put path of the API in URLGive any suitable name and titleSelect Host Alias, if you have multiple host configured.
  
  Give any base path, I am giving the same like API, when you enter version then same will be added before the base path you have given.
  
   
  
  


• Click on create.

 

• You will see that API proxy is created now. at the top, you can see the API proxy end point

 

• Also, all resources related to this proxy are created, save it and click on policies to add/edit policies.

 

• In policy editor, you can see ProxyEndPoint and TargetEndPoint.

Let me put some lights on ProxyEndPoint and TargetEndPoint.

Please refer the below diagram to understand

1. Consumer(System or Person) sends the request to access API via proxy end point, we can add policies at pre flow based on the policies which required between consumer and API Management.


2. API Management sends the same request to target system(in our example S/4 Hana).  If enhancement is required like adding some headers or parameters then it can be done via adding policies at pre flow of target end point.


3. S/4 Hana will send response back to API Management based on request sent from consumer via API Management. policies can also be added at post flow of target end point based on requirement.


4.  API Management will send response back to Consumer. here policies can also be added at post flow of proxy end point to remove some information which we don't want to send to consumer. for example, headers or backend  URLs.

• Let's add policy to verify API key, if we refer above diagram, then API key should come with request 1 from consumer and if it is verified by API management then only request should enter APIM.


• Go to policy editor and add Verify API Key policy to pre flow of Proxy End Point.

 

• Enter any suitable name, I am giving VAPIK and Stream should be "Incoming request".

 

• Now, policy has been added with default code, we need to change as per our requirement.


• Replace "variable containing api key" with "request.header.x-api-key". Consumer has to pass API key in "x-api-key" header which will be verified at APIM.

 

• Click on update, then save and deploy API Proxy, now we are good with API proxy creation but authentication and  subscription of consumer is pending for this proxy.

 

• Authentication can be done via Basic/OAuth/PrivateKey or NoAuth with or without API Key verification. in this example, we will be using No Auth with API key verification.

 

• Consumer needs to subscribe to the product of the api then only any type of authentication and API key generation for the consumer is possible. Before that, API has to be added to an existing or new product.

 

• Let's create a product, Go to Engage and create Product.

 

• Product will have S/4 Hana's API so giving name "S4" and title "S4 API", you can give any suitable name.
  

 

• Go to API tab and click on add, select APIs, click ok and publish the Product.

Here, I have added all APIs of Business Partner

• Consumer Application Subscription- Go to top right corner of Integration Suite and click on tiles then API Business Hub Enterprise.

 

• Now S4 API product can be seen at home page of API Business Hub Enterprise.
  

 

• Click on S4 API product and here we can see APIs added to this product.

 

• Click on subscribe and select either "Create New Application" or "Add to Existing Application".  I am going for new application.

 

• Give consumer application title and save it, Here i am giving "ConsumerOne" as title.

 

• Application Secret and Key has been generated, Application key is the API key for "ConsumerOne" consumer.

 

• Now we are all set to test API proxy with API Key.

 

• Open postman to test this API, put header x-api-key with value of application key

Successfully got the response

• Let's do negative testing by not adding x-api-key header in the request.

 

• Negative testing with passing wrong value of API key in x-api-key header.

 

Conclusion: This document explained that how to create an API proxy, How to add policies, How to                       create products and subscribe consumer to that product.