on 03-02-2022 8:01 AM
Hello CAP and BTP enthusiasts,
This question is about discussing/finding answers to how would one go about accessing APIs of a multitenant CAP based service on SAP BTP Cloud foundry, from a Nodejs script securely. Is it possible? If so, how should one go about it? One could assume that the Nodejs script is running in a nodejs instance which is bound to all the necessary service instances like xsuaa, destination, service manager etc.
The alternative solution is to use @sap/hana-client to connect to a tenant's container and use HANA queries directly.
Looking forward to your thoughts and feedback.
Thanks,
Ashish
Hi ashishsingh
I also came across this requirement some time ago.
Generating a token via client credential flow is not possible in my opinion, as ClientId and ClientSecret are valid for all tenants and thus tokens can be generated for each tenant.
My solution was to implement an custom endpoint (in AppRouter), where the user & password of an (important) IAS user is used to log in. This endpoint then fetches a token via password flow and returns it.
Regards
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashish,
to each tenant an IAS ist connected, in which the "technical" users are created. We have implemented it in such a way that each system, which is to communicate with a SaaS solution, of each tenant gets its own user. So we can manage the permissions one by one.
Regards
Simon
PS: We have also experimented with Service Broker, which allows authentication via client credentails. However, this did not lead to a solution for us.
Hi ashishsingh,
currently, only ABAP systems call the API. Here SM59 destinations were created, which point to the authentication endpoint and in which the logon data were stored.
If other systems call the API in the future, they will have to take care of storing the logon data themselves.
Regards
Simon
User | Count |
---|---|
85 | |
11 | |
10 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.