Building an OAuth2 Token Generator API with SAP BTP APIM

Sergei Ignatov

Feb 20, 2024 — 3 min read

In this post, I will provide a sequence of steps required to develop an API that generates an OAuth2 token, which can be utilized by other APIs within the same BTP instance for authorization purposes. Let's dive in.

Requirement

To develop an API capable of generating an OAuth2 token and prepare it to be used by other APIs within the same BTP instance.

Step #1. What is OAuth2?

For an understanding of OAuth2, please refer to the official docs.

See OAuth 2.0

Step 2. Create a new API

Utilizing the SAP BTP Integration Suite, create a new API specifically designed to generate the OAuth2 token. Ensure that the new API is built around a non-specific URL, such as 'https://local.com/' or a similar placeholder.

Step 3. Assign the new policy

In the PreFlow section of the API, add the 'OAuth v2.0' policy to generate the OAuth2 token.

Configure the policy settings accordingly.

Save the changes and deploy the API.

Step 4. Create the Product

Please refer to the official documentation for detailed instructions.

See Create a Product

Don't forget to include the API that generates the OAuth2 token in the newly created Product and publish.

Step 5. Create the Application

Navigate to the API Business HUB Enterprise cockpit and switch to the 'My Workplace' tab.

Create a new Application and add the recently created Product to it. Save the changes.

If you encounter difficulties while saving the application, please ensure that the Developer role is assigned to the user you are currently working with. To check this, navigate to the 'Manage' tab.

Step 6. Testing

For testing purposes, I created an API that utilizes the OpenWeather services.

Add the 'Verification OAuth2 token' policy to this API.

If you attempt to run the API directly via the link generated by the APIM, it will not function.

This is because a valid token needs to be provided using the API created at the beginning of this post.

To address this issue, open the Postman client and create a new request.

In the Authorization tab, select the 'OAuth2.0' type.

Then, provide the URL of the API that generates an OAuth2 token in the 'Access Token URL' field

For the Client ID and Client Secret fields, use the values from the API Business Hub Enterprise, specifically from the Application created in Step #5.

N.B. Ensure to assign the API to the corresponding Product (Refer to Step 4: Create the Product).

Click the 'Get New Access Token' button in Postman

Click the 'Proceed' button

Confirm with the newly generated token

Though it was a lengthy process, it was interesting. Thank you for your attention. You're awesome!

Resolving Issues with PGP Decryption in SAP BTP iFlow

Hey there! I want to address an issue that may arise in projects involving encryption/decryption within the SAP BTP iFlow and its embedded PGP engine. Scenario description Imagine you've installed the latest version of the gpg4win application (version 4.3.1) to generate public and secret keys

Creating an API for iFlow: A Step-by-Step Guide

This guide aims to outline the steps required to create an API for iFlow and subsequently run the iFlow through the API. Step # 1. Develop an iFlow Begin by creating a simple iFlow. Deploy any changes made. Step # 2. Setting Up API Providers Navigate to the API section on the

Logging the iFlow's payload

This note contains an example of a Groovy script that may help the developer trace the payload within the iFlow, especially if it changes during its lifecycle. It is worth noting that the beauty of the script below is that it adds an attachment to the processed message that can

Overwriting standard BTP iFlow header parameters

This brief note aims to highlight the possibility of overwriting standard iFlow header parameters, offering developers flexibility in addressing various requirements. Specifically, this discussion centers around the header parameters SAP_Sender and SAP_Receiver. See Headers and Exchange Properties Provided by the Integration Framework SAP allows developers to overwrite the