Search code examples
odataabapsap-gateway

How to implement an ABAP OData Service as public?


I want to create an OData Service to be public, so no need for username and password verification. Is there any way to do it?


Solution

  • yes it is possible. But there are restrictions.

    You configure the ICF node (sap/opu/odata/...) of the OData Service (TCode: SICF) to use a technical user and its password for authentication in this ICF node (best practice: create an external alias for the original OData node to apply your custom authentication procedure). Then the backend session is always handled by the technical user and its respective authorizations.

    As I did this for an UI5 application and its OData service I had issues with the CSRF token and POST requests.

    There is a SAP Note explaining how to disable CSRF token handling to overcome this restriction (not recommended and not tested by me).

    Only using GET requests was sufficient in my usecase. In an UI5 application the batch processing in the Odata Model must be disabled for this.