How to securely consume APIs in S/4HANA?
I know how to enable Communication Systems, -Arrangements and so on in S/4HANA Cloud Essentials to communicate with OData APIs. I like the process here.
Now I have an S/4HANA Single Tenant Edition, that behaves more like an OnPrem System. I did not really find a guide how to set up communication to consume APIs from SCP. Seems like people are using a Standard User with Basic Auth what seems a bit unsecure.
Is there the same concept with communication system and arrangement in S/4Hana onPrem or STE? Alternatively how to consume APIs without using standard users? What is best practice here? Is there an OAuth Server for example?
Thank you in advance!
First point about authorizations: it is recommended to create custom granular roles for each task and not by template, like you want.
To guess which authorizations are needed for which app, go to Fiori Apps Library and find target app, then go to the bottom and you will see a list of business-catalogs and by clicking on business-catalog you can see which operations it allows doing. Quite thoroughly the process of picking and assigning roles is described here.
Second point about authentication: the best and the most flexible way of consuming S4HANA API is to use business-user you created on the previous step. Here is a breakdown between using tech and business users and why you shouldn't use the latter:
So the SAP-recommended way of authenticating to S4HANA is business-user with granular permissions and OAuth2SAMLBearerAssertion authentication.
The process is multi-step and requires:
- Setup SAP Cloud Identity provider with your local app, get key pair
- Register SAP Cloud Identity Tenant to your local provider and vice versa
- Download certificates
- Create communication user in S4HANA, it is required for access to S4H endpoint and getting OAuth access token
- Create communication channel, communication agreement and HTTP endpoint in S4HANA
- Maintain business user (you created before) in the SAP Cloud Identity
Read about the process in more detail here
- Rust ode_solvers get all the states throughout an integration (for plotting)
- How to avoid block from Reactive Service in Spring Integration Flow?
- Send webhook upon sending or receipt of email
- UPS Outh Rating API return Invalid Authentication Information
- How we can add expense record in QuickBooks Online via API
- Salesforce apex/visualforce - how do you process and open base64 encoded PDF data?
- Magento - Is the Cron the best way to integrate via API the Failure payments?
- How to get the created company list in Tally?
- Salesforce Integration INVALID_SESSION_ID using Postman
- Is there a way to detect changes in Focus Assist (formerly Quiet Hours) in Windows 10 from a Win32 App
- Apex Web Services Superbadge Unit - Find the Permissible Fly Zone
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- Which numerical integration technique is used by scipy.integrate.quad (e.g. Simpson, Romberg,...)
- Facebook Graph API: How to set up On Behalf Of relationship with a client business?
- Ceridian Dayforce HRIS API location
- Is it possible to Validate programmatically if Twilio sender phone number belongs to active numbers not using preview api?
- Redirection to the original site after purchase is completed in Paypal
- n-dimensional integration in R with limits as functions
- How to Integrate ASP.Net Webforms website with an ASP.Net MVC web application?
- Area under the curve for a dataset and 2 sets of baseline
- Import Bootstrap in Astro
- Apache Camel 2.17.3 - Exception unmarshalling CSV stream with bindy
- Website with Quickbooks Online Integration without Sign in
- integrating Wordpress with Symfony
- How to download a file from a SharePoint though a web site button?
- Flowgear send sucess and error response using FgResponseBody and FgResponseStatusCode
- How to return a static/dynamic JSON/XML response in a Flowgear workflow using API binding
- How to integrate OmniFaces with Spring Boot
- Create Secondary User Store with LDAP in WSO2IS 5.11.0 via deployment.toml
- Shopify Integration as Payment Partner - App Rejection Issue