cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create Destination for Build Process Automation gives 401

Go to solution
arunsubbu
Explorer

on ‎12-07-2023 1:34 PM

0 Kudos

Hello team,

I am trying to create a destination so that I can consume the REST API of Decision from Build process automation in my BTP abap instance.

I get the error as 401: Unauthorized.

When I tested by creating environment using the service key details directly in apihub https://api.sap.com/api/SPA_Decision/tryout I was successful.

Testing with the code snippet available works fine until I use the generated bearer token.

When I wanted to replace the code based on the option to get the HTTP destination via destination service, I am unable to achieve this due to this 401 error.

DATA(lo_http_destination) = 
     cl_http_destination_provider=>create_by_url( 'https://spa-api-gateway-bpi-eu-prod.cfapps.eu10.hana.ondemand.com/public/rule/runtime/rest/v2/rule-services' ).
  "alternatively create HTTP destination via destination service
    "cl_http_destination_provider=>create_by_cloud_destination( i_name = '<...>'
     "                            i_service_instance_name = '<...>' )
    "SAP Help: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/f871712b816943b0ab5e04b6079...

"create HTTP client by destination
DATA(lo_web_http_client) = cl_web_http_client_manager=>create_by_http_destination( lo_http_destination ) .

"adding headers
DATA(lo_web_http_request) = lo_web_http_client->get_http_request( ).
lo_web_http_request->set_header_fields( VALUE #( 
(  name = 'Authorization' value = <'Bearer token'>
(  name = 'DataServiceVersion' value = '2.0' )
(  name = 'Accept' value = 'application/json' )
(  name = 'Content-Type' value = 'application/json' )
 ) ).

Could you please let me know what was the error in creating the destination?

Once this would be achieved, I am trying to consume destination as per the help document. Is this the right approach?

Any feedback on this topic would be highly appreciated.

Thank you

Regards
Arunkumar

Show replies
Show replies
Answer
View Entire Topic
Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎12-08-2023 2:01 PM
0 Kudos

Hi arunsubbu,

I have used the booster to configure an instance of SPA on my account and I also get the error 401 while testing it.

It is supposed to return error 401 as the check test under the destination page of the cockpit doesn't perform a 'server-side-call'. Which means that it would be exposing the client ID and secret in an unsecure manner if it was used by the fron-end testing. Therefore, this can be considered normal behavior. That's why it gets a green checkmark when you test it.

ABAP code you are using has become deprecated and I am not sure it is will indeed work. Instead, please use the instructions provided here:

https://help.sap.com/docs/btp/sap-business-technology-platform/3047582e5c744bd9839a98c99bd224fa.html...

The internals of this setup will be responsible for fetching the OAuth2 token when required. You don't have to take care of it manually like you are doing now.

Here you will find detailed instructions on how to configure your system to call the API that triggers your SPA:

https://blogs.sap.com/2023/10/19/consuming-cloud-foundry-btp-services-cap-build-process-automation-a...

Best regards,
Ivan

Show replies
Show replies
arunsubbu
Explorer
‎12-11-2023 12:51 PM
0 Kudos

Hi ivan.mirisola ,
Thanks for the answer. I understand the steps mentioned here. In the meantime, I want to understand one point. In the blog https://blogs.sap.com/2023/10/19/consuming-cloud-foundry-btp-services-cap-build-process-automat... it is mentioned for the scenario when the BTP abap environment and Build process automation are in different environment. In our case this is in same environment. Do we still have to follow this approach?

Thanks
Arunkumar

Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎12-11-2023 6:24 PM
0 Kudos

Hi arunsubbu,

I don't think it is required to setup mutual trust between ABAP runtime and your Subaccount.

Setting up the OAuth2 Client on your ABAP environment should be sufficient.

Best regards,
Ivan

arunsubbu
Explorer
‎12-13-2023 7:10 AM
0 Kudos

Hi ivan.mirisola ,

Do you mean that I can only skip the step 2.1 in https://blogs.sap.com/2023/10/19/consuming-cloud-foundry-btp-services-cap-build-process-automation-a.../and follow the rest of the steps or by setting up OAuth2 Client or you mean to take a different approach?
When I followed the approach specified in the blog, I get an error as shown below in the Communication Arrangement

Thanks & Regards

Arunkumar

Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎12-13-2023 4:13 PM
0 Kudos

Hi arunsubbu,

If you choose the OAuth2 Bearer Assertion Grant Type while creating your communication scenario, it means you are passing the ABAP user context to BTP Workflow service API. That is not mandatory. You could use the OAuth2 Client Credentials type if you don't really care about who is triggering the process on BTP (meaning, the process starter won't be a real person). If you do need the user from ABAP to be the same as the one that is starting the process, then you do need to setup the trust on your BTP account to take into consideration the same IdP as the one you are using for your ABAP runtime.

Best regards,
Ivan

arunsubbu
Explorer
‎12-14-2023 10:30 AM

Thanks a lots for the support here. It resolved our problem

Ask a Question