SAP Community - API Management

Unsupported OData Version 4.01 when connecting Fiori List Report app to Sales Order API

2025-11-19T16:01:56.130000+01:00

Dear Community,

I’m currently working on a specific development in SAP S/4HANA Public Cloud.
we are developing a Fiori app that allows users to mass change sales order items (quantity, delivery date, add new items, etc.).

For this purpose, we are using SAP Business Application Studio.
We first created a List Report application, then connected it to an OData service using the following API:
https://myxxxxxx-api.s4hana.cloud.sap/sap/opu/odata4/sap/api_salesorder/srvd_a2x/sap/salesorder/0001/

However, when running the application, we receive the following error message:

“Could not open app. Please try again later. Details”

Could you please help me understand this behavior and guide us on how to resolve this issue?

Error consuming an API api_purchaserequisition_2 /IWBEP/CM_V4H_RUN/042

2025-11-21T15:49:01.350000+01:00

Cuando realizo el consumo a través de SAP Gateway, funciona perfectamente, pero cuando traslado la misma operación a mi programa ABAP, el consumo GET se realiza perfectamente, pero el POST me da un error sobre el token, que fue asignado correctamente al método (creo).

Error en api_purchaserequisition_2
código /IWBEP/CM_V4H_RUN/042 Mensaje: El token CSRF no es válido CSRF_Token_Missing

Aquí creé otra instancia para la solicitud POST, pero si uso la misma, me da el mismo error.

error: código: /IWBEP/CM_V4H_RUN/042

Mensaje: El token CSRF no es válido.

SAP_common.ExceptionCategory CSRF_Token_Missing

Configuring OAuth 2.0 Authentication between SAP API Management and SAP Cloud Integration

2025-11-23T08:02:12.014000+01:00

Alright, let’s get started, buddy! 😃

Assuming API Management is active in your Integration Suite tenant, the first step is to set up the API Proxy.

Step 1: Create an API Proxy to Generate an Access Token

Create an API Proxy using the URL type, and provide any dummy hostname since the target endpoint won’t actually be invoked.

After creating the API Proxy, set the Target Endpoint to “None” in the Proxy Endpoint section, as shown in the screenshot below, and click on save.

Step 2 : Add a policy to generate the OAuth 2.0 Authentication.

In the Proxy Endpoint’s PreFlow, add the OAuth policy, ensuring it is applied on the incoming request stream.

OAuth 2.0 – Used to generate the access token for the API call.

<OAuthV2 async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
	<ExternalAuthorization>false</ExternalAuthorization>
	<GrantType>request.queryparam.grant_type</GrantType>
	<Operation>GenerateAccessToken</Operation>
	<GenerateResponse enabled="true"/>
	<SupportedGrantTypes>
		<GrantType>client_credentials</GrantType>
	</SupportedGrantTypes>
</OAuthV2>

Step 3: Create a Product in the Engage section of Integration Suite

Add the API Proxy GenerateAccessToken to the Product APIM_Product

Step 4 : Create a subscription in the Developer Hub

Navigate to Developer Hub → My Workspace → Create New Subscription (e.g., APIM_Product).

You will get these two items from APIM_Product: The Application Key (your username) and the Application Secret (your password).

Step 5 : Now, let’s test the API Proxy for GenerateAccessToken

Test the API Proxy using Basic Authentication by supplying the Application Key as the username, the Application Secret as the password, and adding the grant_type as a query parameter. I’ve also attached a screenshot showing the generated access token.

Step 6 : Create API Provider

To validate the setup, you must create an API Provider. Navigate to API Provider, click Create, and enter the following details:

Type: Cloud Integration
Host
Port
Client ID
Client Secret
Token URL*

Click Test Connection; you should receive an “OK” message with a 200 response code. I’ve attached a screenshot for your reference.

Step 7 : Develop the Integration Flow to serve as the proxy and then deploy it.

I have created a simple Integration Flow that includes a Content Modifier with the body .I’ve attached a screenshot for your reference.

Step 8 : create a proxy using API Provider

Select the provider, click Discover, choose the API, and then click Create

Your proxy will be created and then assign the API Proxy to the Product as shown in below screenshot.

Step 9: Now, let’s verify the access token
Apply the OAuthV2 policy to the Demo API Proxy.

OAuth 2.0 - To verify the OAuth Token generated.

<OAuthV2 async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
   <ExternalAuthorization>false</ExternalAuthorization>
   <Operation>VerifyAccessToken</Operation>
   <GenerateResponse enabled="true"/>
</OAuthV2>

Assign Message – If you encounter the error {"fault":{"faultstring":"Unsupported Encoding \"br\"","detail":{"errorcode":"protocol.http.UnsupportedEncoding"}}}, it's because BR (Brotli) is a compression format typically used by backends for webpage loading, and it is not supported here. Using the Assign Message policy helps remove this unsupported encoding so the message can reach the target successfully

Assign Message

<AssignMessage async="false" continueOnError="false" enabled="true" xmlns='http://www.sap.com/apimgmt'>
	<Remove>
		<Headers>
			<Header name="Authorization"/>
		</Headers>
	</Remove>
	<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
	<AssignTo createNew="false" type="request">request</AssignTo>
</AssignMessage>

Click on save and deploy .

Step 9 : Testing Time
In Postman, select OAuth 2.0 as the authentication type, then:

Set the Access Token URL
Enter the Client ID
Enter the Client Secret
grant_type=client_credentials
Click Get New Access Token

From Cloud Integration

From API Management

And we’re done! OAuth 2.0 Authentication is configured for SAP API Management in SAP Cloud Integration. You may now take a victory sip of coffee—you earned it 😎

Reference

https://help.sap.com/docs/integration-suite/sap-integration-suite/oauth-v2-0

https://docs.apigee.com/api-platform/security/oauth/oauth-20-client-credentials-grant-type

API to post the Supplier document as Cr vendor and Dr vendor with special GL in S4 HANA

2025-11-24T15:01:10.648000+01:00

Hi,

Kindly advise which API I can use to post the AP document in S4 with the below double entry. The data coming from other system.

Credit : Vendor/supplier account 1000

Debit: vendor/Supplier account with Special GL 1000

Thank you

Need guidance to trigger “Carry out new pricing (Type B)” via API_SALES_ORDER_SRV

2025-11-25T08:02:21.767000+01:00

V2 capability: Does API_SALES_ORDER_SRV (OData V2) support item‑level repricing (equivalent to VA02 → Pricing Type B) via any function import/action? If yes, please provide URI, payload, and headers (incl. ETag usage and example). If not, please confirm officially. [2]
Recommended approach: If V2 cannot do this, do you recommend:
- Switching to OData V4 and calling UpdatePrices? or
- Using a server‑side BAPI wrapper (BAPI_SALESORDER_CHANGE with LOGIC_SWITCH-PRICING = 'B') and exposing it via a custom OData service? Please advise pros/cons and SAP‑supported pattern.
- Expected (API): way to invoke repricing with Pricing Type “B” for a specific sales order item—function import/action on API_SALES_ORDER_SRV (V2)
  
  system Version - SAP S/4HANA 2023
  service pack - 02 (10/2024) FPS

SAP BTP Integration Suite Cloud to SAP S4 Private Cloud

2025-11-30T18:21:37.643000+01:00

Dear All,

Good Day!

Is there any documentation/steps to integrate SAP BTP Integration Suite Cloud to SAP S4 Private Cloud via Oauth2.0 Bearer Token.

Am not finding any documentation from SAP.

Thanks and Regards,

Rajesh PS

Error: While connecting from SAP BTP Integration Suite to SAP S4 Cloud Odata

2025-11-30T19:42:29.722000+01:00

Hello Team,

I'm getting below error while connecting from SAP BTP Integration Suite Cloud to SAP S4 Cloud Odata service.

"com.sap.gateway.core.ip.component.odata.exception.OsciException: HTTP Request failed with error : <HOST>: No address associated with hostname, cause: java.net.UnknownHostException: <HOST>: No address associated with hostname"

Thanks and Regards,

Rajesh PS

API to post customer invoice with automatic tax calculation and without SD doc reference

2025-12-05T02:39:46.081000+01:00

Hi experts,

We are seeking an API equivalent to the standard SAP screen "Create customer invoice" in SAP public cloud. The requirements are as follows:

1. Create FI document type DR (receivables) and DG (customer credit memo) without SD document reference.
2. Facilitate automatic tax calculation.
Like a "Calculate tax" flag, we don't need to calculate the tax amount in advance to hardcode them in WSLD.

We successfully created documents meeting requirement no.1 with the API: Journal Entry by Ledger - Post (Asynchronous) but it has limitations in requirement no.2

Please kindly advise the suitable API and if possible, we highly appreciate it if there is an example payload for reference.

Best regards,

Infrastructure as Code on SAP API Management

2025-12-12T13:20:07.737000+01:00

We are building an API portal on SAP Integration Suite exposing api's from SAP Commerce Cloud for a large global client.

To do this we need to configure provider, proxies, policies, certificates, endpoints, api products etc. on SAP APIM.

We are using 4 BTP instances/environments for this: CI, Dev, QA and Prod.

Since we don't want to manually set up all these resources on each environment, we are building a custom IaC setup, which can configure all these resources automatically from GitHub actions.

Our IaC setup uses the SDK's provided for BTP and APIM to configures the instances. Not an easy task, since the SDK's are very poorly documented by SAP.

Part of the setup is to have GitHub actions run on pull requests to configure an entire resource setup needed for running automated api tests against the API products defined on APIM.

Is anybody else working on something like this?

Is it correct that no official SAP Terraform provider exists for SAP APIM?

Customer Return(A2X) API and In-House Repair API Combination of any another API is available?

2025-12-16T05:48:39.989000+01:00

Hi Team,

Good Day!

Is there any API available that combines Customer Return API and In-House Repair?

Overview | Customer Return (A2X) | SAP Business Accelerator Hub

Try Out | In-House Repair | SAP Business Accelerator Hub

I have checked the APIs and found no relationship between the two. Could you please provide details of a combination API, any relationship information, or release CDS views.

Regards,

Srini.

Create a proxy in APIM

2025-12-18T17:04:22.424000+01:00

Overview and prerequisites

Access: SAP BTP subaccount with Integration Suite (CPI) and API Management service enabled.
iFlow: A deployed iFlow with an HTTP endpoint (or OData) that you can call.
Auth: Credentials or OAuth client for the iFlow’s endpoint.
Portal: API Portal (to build proxies, policies, products) and Developer Portal (for application registration and subscription).

Prepare your iFlow endpoint
• Locate endpoint: Open your iFlow, go to the sender adapter (e.g., HTTP), and note the runtime URL (host + path).
• Test direct call: Use a tool like Postman to confirm the iFlow works with its native authentication (Basic or OAuth).
• Decide security model: Choose how API callers will authenticate. A common pattern is API key at the proxy plus Basic/OAuth from proxy to target.

Create the API proxy

In API Portal

Create API:

Name: A clear name (e.g., order-iflow-proxy).
Base path: What external consumers will call (e.g., /orders).
Target: The iFlow endpoint URL (runtime host + full path).

Resources:

Define resource paths: For example, /create, /status/{id}, or keep root if it’s a single-operation iFlow.
Methods: Allow only what you need (e.g., POST for create, GET for status).

Proxy settings:

Virtual host: Select your API domain (e.g., default).
TLS: Ensure HTTPS is used for both proxy and target.
Target auth: Configure Basic or OAuth 2.0 to call CPI from the proxy

Add policies
Attach policies to the proxy for authentication, protection, and headers. Below are common, production-safe choices with XML examples you can paste into API Management.

Security and access control

Verify API Key: Require an API key from the caller (typically via apikey header or query parameter).

Attachment:
- Basic authentication to CPI (if applicable):

<AssignMessage name="assign-target-basic-auth">
<Set>
<Headers>
<Header name="Authorization">Basic {base64EncodedUser:Password}</Header>
</Headers>
</Set>
<AssignTo createNew="false">request</AssignTo>
</AssignMessage>

- OAuth 2.0 (client credentials) to CPI (alternative):
  
  <OAuthV2 name="oauth-to-cpi">
  <Operation>GetAccessToken</Operation>
  <Credentials>
  <Key>client_id_from_kvm</Key>
  <Secret>client_secret_from_kvm</Secret>
  </Credentials>
  <SupportedGrantTypes>
  <GrantType>client_credentials</GrantType>
  </SupportedGrantTypes>
  <AccessTokenLocation>request.header.Authorization</AccessTokenLocation>
  <AccessTokenPrefix>Bearer</AccessTokenPrefix>
  <GenerateResponse>false</GenerateResponse>
  <ResourceOwnerKey>token_cache_key</ResourceOwnerKey>
  <TokenURL>https://<cpi-host>/oauth/token</TokenURL>
  </OAuthV2>
- Traffic management and protection
  - Quota: Limit total calls in a time window.
    <Quota name="quota-per-app">
    <Interval>1</Interval>
    <TimeUnit>hour</TimeUnit>
    <Allow>1000</Allow>
    <Distributed>true</Distributed>
    <Identifier ref="verify-api-key.client_id"/>
    </Quota>
  - Attach in Request PreFlow.
    • Spike Arrest: Smooth burst traffic.
    <SpikeArrest name="spike-arrest">
    <Rate>100ps</Rate>
    </SpikeArrest>
  - JSON Threat Protection (if payload is JSON):
    
    <JSONThreatProtection name="json-threat-protection">
    <MaxObjectDepth>20</MaxObjectDepth>
    <MaxArraySize>10000</MaxArraySize>
    <MaxStringLength>100000</MaxStringLength>
    </JSONThreatProtection>
  - Package into a product
    Products bundle proxies with plans and quotas for controlled access via the Developer Portal.
    1. Create Product:
  - Publish Product:
    - Visibility: Set to public or restricted.
    - Attach documentation: Short “Getting Started” and endpoint specs for developers.
  - Create an application and subscribe
    Applications represent consumers and issue credentials like API keys.
    1. Developer Portal:
  - Distribute API key:
    - Usage: In client calls, set apikey header (or query param) matching your VerifyAPIKey policy.
    - Rotation: Maintain multiple keys for rotation and revocation.

SAP API Management – InvalidApiKeyForGivenResource for some resources in same API Product

2025-12-19T12:12:24.310000+01:00

Hi i'm looking for some input on an issue i'm having.

I’m seeing inconsistent API key authorization behavior in SAP API Management (BTP / Cloud Foundry).

Setup

One API Proxy
One API Product (Order Status Tracking)
One Application subscribed to the product
Authentication via API Key (x-api-key)
Same API key used for all calls

I have 4 endpoints on the proxy and product, 2 work 2 don't.

Working:
GET /connect/products/{{globalId}}/orders/{{orderCode}}
GET /connect/users/search
Failing:
GET /connect/users/{{userId}}/orders
GET /connect/users/{{userId}}/orders/{{orderCode}}

I am getting the error from our APIkey policy:
"fault": {
"faultstring": "Invalid ApiKey for given resource",
"detail": {
"errorcode": "oauth.v2.InvalidApiKeyForGivenResource"

The API key is valid (works for other endpoints above)
All endpoints:
- Belong to the same API Product
- Are defined as API Resources
- Have GET enabled
- Use the same proxy and base URL

Only the resource path differs

What can cause resource-level API key authorization to fail for some paths but not others within the same API Product?

Is there any known limitation or special handling for:

Path parameters ({userId})
Resource path matching
/users/* vs /products/* paths

SAP IS API Management - API Provider setup to S4 demo system test connection 401

2026-01-04T22:30:16.985000+01:00

Hi - I am getting the following auth error in SAP IS trial, and wondering if anyone has thoughts.

I am setting up an API Provider to S4 abap system (S4 abap system as per It's Trial Time for ABAP in SAP Business Technolog... - SAP Community). My Eclipse ADT connects fine to that S4 abap system - I then used my credentials from Eclipse ADT in my API Provider settings.

API Provider

Eclipse ADT

I did see this similar post, but steps were unsuccessful for me: System is up and reachable. However, the ping chec... - SAP Community

Thanks,

Keith

#SAP Cloud Platform, ABAP environment

#API Management

MTLS in API managment

2026-01-08T17:53:58.670000+01:00

Hi,

I want to enable the MTLS in API M can you please help with details.

How this can be tested from post if MTLS working fine or not

Need suggestions or documents rgearding the same

How do you integrate SAP Commerce cloud with S4 HANA API for Synchronous Price calls

2026-01-13T17:07:51.836000+01:00

Hi Team,

Can you help out in sharing the detailed Integration configuration process involved for SAP Commerce cloud to access S4 HANA via API calls.

Taking example of Synchronous Pricing, where API (SAP Sales Order Simulate API for SAP S/4HANA cloud, public edition) is used, there is not much details on integration configuration to be established in Comemrce and HANA side.

https://help.sap.com/docs/SAP_COMMERCE_INTEGRATIONS/47ad58c1a27447949aad8addbee46fca/25ed7c0fd8904a38b3bb2001d0de96e1.html

Some of my queries:

1. What needs to be configured for Destination Taget in BO,

2. Is there any Test API's that are available for integration testing purpose

3. Steps for configuring Client certificates in Commerce and HANA.

Also, Is there any SAP blog/learning tutorial that details on the steps invovled for this Integration.

Thanks,

Inconsistencies found in count of records

2026-01-23T10:28:30.738000+01:00

Hello SAP Community,

We are currently facing an issue with a record count mismatch between our downstream application and SAP. Our extraction is based on the standard CDS view A_BillingDocument, using the timestamp field as the input parameter to pull the data.

Has anyone encountered similar discrepancies when using this CDS view or timestamp-based extraction?
If yes, it would be really helpful if you could share the root cause or the approach you used to resolve it.

Thank you in advance for your guidance!

Unable to Activate API Management in SAP Integration Suite – Trial Accoun

2026-01-30T17:09:18.461000+01:00

Hi Experts,

I am new to SAP BTP and currently exploring SAP Integration Suite using a BTP trial account.

While trying to activate API Management from Integration Suite, I am getting the following error message during activation:

"There is a temporary problem in provisioning your account, please try again by clicking on Activate. In case the problem persists, please create an incident in the component OPU-API-OD-OPS for further assistance."

Since this is a trial account, I wanted to understand:
- Is API Management supported on SAP BTP trial accounts?
- Is this a known limitation for trial tenants?
- Has anyone faced a similar issue and found a workaround for learning purposes?

I understand that creating an SAP incident may not be possible for trial accounts, so I wanted to check with the community if there are any recommended next steps.

Any guidance or clarification would be really helpful.

Thanks in advance!

Populate the BP Address Comment using API

2026-01-31T02:25:47.622000+01:00

In S4HANA Public Cloud, I'm trying to create a BP using API_BUSINESS_PARTNER.

However, there is a particular field that I cannot populate due to the field is not available in the API.

This Comment field in the BP Address.

Can anyone help how to populate this field using API_BUSINESS_PARTNER?

Service broker error: Service broker apimanagement-apiportal-trial failed with: Forbidden

2026-02-04T00:10:39.001000+01:00

Integration Suite and API Management capability is enabled (Settings -> Runtime) on a BTP free trial.

I am able to test APIM Proxy no problem. But I can't subscribe or create a instance:

cf create-service apimanagement-apiportal-trial apiportal-apiaccess apim_apiportal_access_01 \
-c '{"role":"APIPortal.Administrator"}'

1. BTP Cockpit → Subaccount → Instances and Subscriptions → Create
2. Service: API Management, API portal
3. Plan: apiportal-apiaccess
4. Runtime Environment: Cloud Foundry
5. Space: dev
6. Instance Name: e.g. apim_apiportal_access_01
7. Next → Parameters
8. Paste JSON:

{"role":"APIPortal.Administrator"}

Creation Failed
Couldn't create an instance of service 'API Management, API portal' with plan 'apiportal-apiaccess'.

Service broker error: Service broker apimanagement-apiportal-trial failed with: Forbidden

API Management - GET mTLS Serial Number

2026-02-05T12:35:59.182000+01:00

Good morning,

We need to get the mTLS certificate serial number via API Management.

A virtual host with mTLS has been created that can be accessed via API Management, following the guide below.

Configuring a Custom Domain for a Virtual Host | SAP Help Portal

The host, thus created, is used in the Host Alias in the APIM

In the policy settings, we have inserted "AssignMessage" to insert the certificate information into the message header.

But I can't find any way to get the certificate serial number.

1)How can I retrieve this information?

In addition, I found the following article,

How to Read Client Certificate Details in an API P... - SAP Community

where it says:

2) Where should these properties be configured?

Thank you for your attention