Bridging SAP

ABAP and APIs

Part 2 - Data Transmission with Bearer Token Security

Author: Zubair Ahmed Khan

 Connect with me!

Introduction:
Advancing from our foundational discussions in Part 1, Part 2 of our SAP ABAP API integration
series embarks on a deeper exploration of secure connectivity strategies. We delve into the practical
deployment of bearer tokens, pivotal for orchestrating seamless and fortified data transmission
between SAP and external systems. Through a blend of illustrative examples and comprehensive
insights, we're committed to equipping you with the proficiency to optimize SAP integration
endeavors with confidence and precision.
What are Bearer Tokens?
Bearer tokens are a form of access token commonly used in OAuth 2.0 authentication protocols.
They act as digital keys, granting access to resources without the need for additional credentials
with each request. SAP leverages bearer tokens to enhance security and streamline connectivity.
POSTMAN
Test the API in Postman using a POST call and verify the response.
• Utilize Bearer Token as the Authorization type.

• Use default headers for the request.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

• Pass the data in the JSON-formatted body.

• Upon successful execution, retrieve the response.

After obtaining a successful response, we proceed to consume this API URL in our ABAP program.

Posting Data Using Bearer Tokens in SAP Requests:

Ensure that the designated API URL is whitelisted within the SAP system configuration and
network settings. This action is crucial for facilitating seamless consumption of data and services,
promoting uninterrupted communication between the systems.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

We generate a JSON body using our deep structure, adhering to the API parameters. It's essential
to note that these parameters are case-sensitive (depending on the destination system); ensure they
are formatted according to the API specifications.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

To initiate the API call, it is essential to configure the header fields initially set by default in
Postman's call. Moreover, ensure the logon popup is disabled by passing zero (0) as a parameter,
and set the method to POST.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

After setting up the header and body of the API URL, proceed to send the request. Upon
successfully receiving a response, denoted by a Status 200, proceed with extracting the Bearer
Token.

Conclusion:
In Part 2, we've ventured further into the realm of SAP ABAP API connectivity, transitioning from
acquiring bearer tokens to leveraging them for data transmission. By integrating SAP applications
with external APIs and utilizing bearer tokens for authentication, developers unlock new
possibilities for seamless data exchange and collaboration across systems.
Through detailed tutorials and real-world examples, we've demonstrated the power of SAP ABAP
in pushing data to API endpoints securely and efficiently. With a solid understanding of the process
and practical implementation, developers can navigate complex integration scenarios with
confidence.
As we continue our journey through the SAP ABAP API landscape, each segment brings us closer
to mastering the art of modern enterprise connectivity. Stay tuned for the next installment, where
we'll explore advanced techniques and dive deeper into optimizing API interactions within the SAP
ecosystem.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

Code:
REPORT ZPOST_API.

DATA: ls_jsonbody TYPE string.

DATA : lo_http_request TYPE REF TO if_http_entity,

lt_hdr_fields TYPE tihttpnvp,
ls_return TYPE REF TO data,
error_msg TYPE string,
result TYPE string.

PARAMETERS: url TYPE string LOWER CASE. "https://xyzconsole-api-

test.azurewebsites.net/api/TokenAuth/Authenticate

START-OF-SELECTION.

"Pushing Data in Deep Structure

DATA: is_invoice TYPE zfbr_invoice_s.
DATA: wa_invoice_dtl TYPE zinvoice_item_details.
DATA: it_invoice_dtl TYPE TABLE OF zinvoice_item_details.

wa_invoice_dtl-hscode = '32159090'.
wa_invoice_dtl-productcode = 'string'.
wa_invoice_dtl-productdescription = 'string'.
wa_invoice_dtl-rate = 0.
wa_invoice_dtl-uom = 'U1000003'.
wa_invoice_dtl-quantity = 1.
wa_invoice_dtl-valuesalesexcludingst = 0.
wa_invoice_dtl-salestaxapplicable = 0.
wa_invoice_dtl-retailprice = 0.
wa_invoice_dtl-stwithheldatsource = 0.
wa_invoice_dtl-extratax = 0.
wa_invoice_dtl-furthertax = 0.
wa_invoice_dtl-sroscheduleno = 'S1000059'.
wa_invoice_dtl-fedpayable = 0.
wa_invoice_dtl-cvt = 0.
wa_invoice_dtl-whit_1 = 0.
wa_invoice_dtl-whit_2 = 0.
wa_invoice_dtl-whit_section_1 = 'string'.
wa_invoice_dtl-whit_section_2 = 'string'.
wa_invoice_dtl-totalvalues = 0.
wa_invoice_dtl-discount = 0.
APPEND wa_invoice_dtl TO it_invoice_dtl.

is_invoice-bposid = '123456'.
is_invoice-invoicetype = '1'.
is_invoice-invoicedate = '2024-02-24T11:43:29.568Z'.
is_invoice-ntN_CNIC = '1234567891234'.
is_invoice-buyerSellerName = 'Zubair'.
is_invoice-destinationAddress = 'string'.
is_invoice-saleType = 'T1000139'.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

is_invoice-totalSalesTaxApplicable = 0.
is_invoice-totalRetailPrice = 0.
is_invoice-totalSTWithheldAtSource = 0.
is_invoice-totalExtraTax = 0.
is_invoice-totalFEDPayable = 0.
is_invoice-totalWithheldIncomeTax = 0.
is_invoice-totalCVT = 0.
is_invoice-totaldiscount = 0.
is_invoice-distributor_NTN_CNIC = '1234567891234'.
is_invoice-distributorName = 'string'.
is_invoice-items = it_invoice_dtl[].

" Converting our request body into JSON format

/ui2/cl_json=>serialize( EXPORTING data = is_invoice "ls_reqbody
" Data to serialize
RECEIVING r_json = ls_jsonbody ). " JSON string

REPLACE ALL OCCURRENCES OF '\' IN ls_jsonbody WITH space.

CONDENSE ls_jsonbody.

" Call to push data using bearer token

cl_http_client=>create_by_url( EXPORTING url = url ssl_id = 'ANONYM'
IMPORTING client = DATA(lo_http_client_post
) ) .
"adding headers with API Key for API
" for hiding logon popup
lo_http_client_post->propertytype_logon_popup = 0.
" using POST method to get bearer token in return
lo_http_client_post->request->set_method( 'POST' ).
" adding relevant header fields as per postman console
lo_http_client_post->request->set_header_fields( VALUE #(
( name = 'Accept' value = '*/*' )
( name = 'Content-Type' value = 'application/json; charset=utf-8' )
( name = 'Content-Length' value = strlen( ls_jsonbody ) )
( name = 'Host' value = 'abc.xyz.pk' ) “Domain name
( name = 'Accept-Encoding' value = 'gzip, deflate, br' )
( name = 'Connection' value = 'keep-alive' )
( name = 'Authorization' value = 'Bearer 906b1cd8-0d10-3a91-8234-
8ec88e376bd7' ) “Bearer Token which was generated in Part 1
) ) .
lo_http_client_post->request->append_cdata( data = ls_jsonbody ).

" Sending Request

lo_http_client_post->send( EXCEPTIONS OTHERS = 1 ).
IF sy-subrc NE 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno WITH sy-msgv1 sy-
msgv2 sy-msgv3 sy-msgv4.
ELSE.
" Receiving Response
lo_http_client_post->receive( EXCEPTIONS OTHERS = 1 ).
IF sy-subrc NE 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno WITH sy-msgv1 sy-
msgv2 sy-msgv3 sy-msgv4.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com
 Connect with me!

ELSE.
" Getting Response Code
lo_http_client_post->response-
>get_status( IMPORTING code = DATA(l_status_code) ).

" Checking HTTP Response Status Code

IF l_status_code = 200. "HTTPS Status is OK
DATA(rv_response) = lo_http_client_post->response->get_cdata( ) .
" Extracting Response Body
/ui2/cl_json=>deserialize( EXPORTING json = rv_response CHANGING data
= ls_return ) .

/ui2/cl_data_access=>create( ir_data = ls_return iv_component = 'erro

rMessage')->value( IMPORTING ev_data = error_msg ).
IF error_msg NE ' '.
WRITE: error_msg.
ELSE.
/ui2/cl_data_access=>create( ir_data = ls_return iv_component = 're
sult')->value( IMPORTING ev_data = result ).
WRITE: result.
ENDIF.
ELSE. "Displaying Error Message
lo_http_client_post->response-
>get_header_fields( CHANGING fields = lt_hdr_fields ).
cl_demo_output=>display_data( lt_hdr_fields ).
ENDIF.
ENDIF.
ENDIF.

Author: Zubair Ahmed Khan

Email: zubair.ahmed.khan@outlook.com