diff --git a/docs/ISuite/40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md b/docs/ISuite/40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md index 7b63ef10..f82a673e 100644 --- a/docs/ISuite/40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md +++ b/docs/ISuite/40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md @@ -167,7 +167,12 @@ Create a service instance to implement inbound communication. A service instance The selection of roles depend on the chosen option for *Plan*. - - When as *Plan* you've chosen *integration-flow*, you can either keep the standard role `ESBMessaging.send` or enter a custom role \(see [Managing User Roles](../50-Development/managing-user-roles-4e86f0d.md)\). + - When as *Plan* you've chosen *integration-flow*, you can either keep the standard role `ESBMessaging.send` or enter a custom role. + + The default role `ESBMessaging.send` is already predefined. To define a custom role, go to the *Monitor* view of SAP Integration Suite, and select the *User Roles* tile in the *Manage Security* section \(for more information, see [Managing User Roles](../50-Development/managing-user-roles-4e86f0d.md)\). + + > ### Note: + > Custom roles for this use case are **not** defined using the SAP BTP cockpit. You're able to add multiple roles by selecting enter after each role. The default is set to the standard role \(`ESBMessaging.send`\). @@ -389,6 +394,11 @@ With this step, you create a service key for the instance. > > - or one certificate with pinning enabled and another certificate with the same subjectDN and issuerDN where pinning is disabled. + > ### Note: + > Starting from version 8.18.x, Edge Integration Cell runtimes use a local component to perform inbound certificate authentication. This component categorizes all service keys of type *External Certificate* as pinned, regardless of whether the *Pin Certificate* setting is enabled or disabled. + > + > As such, even if you've renewed a client certificate and *Pin Certificate* is disabled, you're still required to create a new service key that includes your updated certificate. For more information, see [Edge Local Authentication and Authorization](../edge-local-authentication-and-authorization-510d447.md). + diff --git a/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-openpgp-d2acb9f.md b/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-openpgp-d2acb9f.md index c67bf4ea..10dffbdd 100644 --- a/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-openpgp-d2acb9f.md +++ b/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-openpgp-d2acb9f.md @@ -72,6 +72,31 @@ To implement message-level security for OpenPGP, you use PGP keys. ![](images/Keys_for_Message_Level_Security_PGP_Inbound_0c58adc.png) + + +## Configuring the Sender + +1. Generate and configure the PGP keys and the storage locations \(PGP secret and public keyrings\) for the sender system. + +2. Import the related public keys from the tenant into the public PGP keyring of the sender and finish the configuration of the sender system. + + + + +Provide the tenant administrator with the public key \(is used to verify messages sent to the tenant\). + + + +## Configuring the Integration Flow Steps for Message-Level Security + +Configure the security-related integration flow steps. + +Configure the **Decryptor** \(PGP\) and **Verifyer** \(PGP\) step. + +When signatures are expected, make sure that you specify the *Signer User ID of Key\(s\) from Public Keyring* for all expected senders. + +Based on the signer user ID of key\(s\) parts, the public key \(for message verification\) is looked up in the PGP public keyring. The signer user ID of key\(s\) key parts specified in this step restrict the list of expected senders and, in this way, act as an authorization check. + **Related Information** @@ -79,3 +104,5 @@ To implement message-level security for OpenPGP, you use PGP keys. [Creating OpenPGP Keys](creating-openpgp-keys-6c5846b.md "You use the tool gpg4win to create the required keys for the usage of OpenPGP.") +[Define PGP Decryptor](../50-Development/define-pgp-decryptor-d0dc511.md "") + diff --git a/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-pkcs-7-xml-digitalsignature-9d6bd42.md b/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-pkcs-7-xml-digitalsignature-9d6bd42.md index e4b2d5fb..82c646ea 100644 --- a/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-pkcs-7-xml-digitalsignature-9d6bd42.md +++ b/docs/ISuite/40-RemoteSystems/inbound-message-level-security-with-pkcs-7-xml-digitalsignature-9d6bd42.md @@ -72,6 +72,40 @@ To implement message-level security for the standards PKCS\#7, WS-Security, and ![](images/Certificates_for_Message_Level_Security_Inbound_dbc7998.png) + + +## Configuring the Sender + +Configure the sender keystore in the following way: + +- Generate a key pair \(and get it signed by a CA\). + +- Import the tenant public key into the sender keystore. + + + + +Provide the tenant administrator with the public key \(is used to verify messages sent to the tenant\). + + + +## Configuring the Integration Flow Steps for Message-Level Security + +Depending on the desired option, configure the security-related integration flow steps. + +- Configure the **Verifyer** \(PKCS7 or XML Signature Verifyer\) step. + + Specify the *Public Key Aliases* in order to select the relevant keys from the tenant keystore. + +- Configure the **Decryptor** \(PKCS7\) step. + + Make sure that you specify the *Public Key Aliases* for all expected senders \(only if you have specified *Enveloped or Signed and Enveloped Data* or *Signed and Enveloped Data* for *Signatures in PKCS7 Message*\). + + These are the public key aliases corresponding to the private keys \(of the expected senders\) that are used to sign the payload. The public key aliases specified in this step restrict the list of expected senders and, in this way, act as an authorization check. + + +In general, an alias is a reference to an entry in a keystore. A keystore can contain multiple public keys. You can use a public key alias to refer to and select a specific public key from a keystore. + **Related Information** @@ -83,3 +117,5 @@ To implement message-level security for the standards PKCS\#7, WS-Security, and [Creating Keys for the Usage of PKCS\#7, XML Digital Signature and WS-Security](creating-keys-for-the-usage-of-pkcs-7-xml-digital-signature-and-ws-security-6f43916.md "To set up message level security scenarios based on PKCS#7, XML Digital Signature or WS-Security, the required keys are created in the same way as for transport level security HTTPS.") +[Define PKCS\#7/CMS Decryptor](../50-Development/define-pkcs-7-cms-decryptor-51d903b.md "") + diff --git a/docs/ISuite/40-RemoteSystems/introduction-10dc4a3.md b/docs/ISuite/40-RemoteSystems/introduction-10dc4a3.md index 893aeebb..a3aad743 100644 --- a/docs/ISuite/40-RemoteSystems/introduction-10dc4a3.md +++ b/docs/ISuite/40-RemoteSystems/introduction-10dc4a3.md @@ -217,7 +217,7 @@ Sender adapter -Allows SAP Integration Suite to consume messages from queues or subscriptions in SAP Integration Suite, advanced event mesh. +Allows SAP Integration Suite See: [Configure the Advanced Event Mesh Sender Adapter](../50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md) @@ -764,6 +764,22 @@ See: [Configure the AzureStorage Receiver Adapter](../50-Development/configure-t +*Coupa* + +Receiver adapter + + + + +Enables SAP Integration Suite to exchange data with Coupa. Coupa is a business spending management software. + +See: [Coupa Receiver Adapter](../50-Development/coupa-receiver-adapter-648ac01.md) + + + + + + *Data Store* Sender adapter @@ -1314,6 +1330,22 @@ See: [Configure the Microsoft SharePoint Receiver Adapter](../50-Development/con +*NetSuite* + +Receiver adapter + + + + +Connects SAP Integration Suite to NetSuite. NetSuite is an integrated cloud business software suite, including business accounting, ERP, CRM, and e-commerce software. + +See: [NetSuite Receiver Adapter](../50-Development/netsuite-receiver-adapter-618127a.md) + + + + + + *OData* Sender adapter diff --git a/docs/ISuite/40-RemoteSystems/involved-roles-3968091.md b/docs/ISuite/40-RemoteSystems/involved-roles-3968091.md index c2f4f3dd..f1ed6042 100644 --- a/docs/ISuite/40-RemoteSystems/involved-roles-3968091.md +++ b/docs/ISuite/40-RemoteSystems/involved-roles-3968091.md @@ -4,3 +4,69 @@ The security artifact renewal process requires that different persons perform a sequence of steps in a coordinated way on each side of the communication. The exact sequence depends on the kind of security material which is renewed and on the use case. +**Roles in the Security Artifact Renewal Process** + + + + + + + + + + + + + + + + + + + + + + + +
+ +Role + + + +Tasks + +
+ +Sender/receiver administrator \(at customer side\) + + + +Updates the security artifacts owned by the sender/receiver back-end system \(for example, the keystore\). + +
+ +Integration developer + + + +Updates the integration flow in certain use cases. + +
+ +Tenant administrator + + + +Updates the security artifacts of the tenant \(relevant for outbound communication\). + +
+ +Load balancer administrator + + + +Updates the security artifacts of the load balancer \(relevant for inbound communication\). + +
+ diff --git a/docs/ISuite/40-RemoteSystems/message-level-security-463a908.md b/docs/ISuite/40-RemoteSystems/message-level-security-463a908.md index cd7576c2..495adfca 100644 --- a/docs/ISuite/40-RemoteSystems/message-level-security-463a908.md +++ b/docs/ISuite/40-RemoteSystems/message-level-security-463a908.md @@ -79,9 +79,7 @@ Encryption/decryption and signing/verification of payload -Supported algorithms \(by the symmetric key\) for content encryption \(format Cipher/Operation Mode/Padding Scheme\): AES/CBC/PKCS5Padding, ARCFOUR/ECB/NoPadding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding, DES/CBC/PKCS5Padding, DESede/CBC/PKCS5Padding, RC2/CBC/PKCS5Padding. - -Signature algorithms: MD5/RSA, RIPEMD128/RSA, RIPEMD160/RSA, RIPEMD256/RSA, SHA/RSA, SHA224/RSA, SHA256/RSA, SHA384/RSA, SHA512/RSA. +Signature algorithms: AES/GCM/NoPadding, AES/CCM/NoPadding, MD5/RSA, RIPEMD128/RSA, RIPEMD160/RSA, RIPEMD256/RSA, SHA/RSA, SHA224/RSA, SHA256/RSA, SHA384/RSA, SHA512/RSA. This is a subset of the algorithms that are supported for PKCS\#7/CMS Enveloped Data and Signed Data. @@ -131,7 +129,7 @@ Encryption/decryption and signing/verification of the message -Supported signature algorithms for PGP signing: MD5, RIPE-MD/160, SHA-1, SHA224, SHA256, SHA384, SHA512. +Supported signature algorithms for PGP signing: MD5, RIPE-MD/160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. diff --git a/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-openpgp-8641a15.md b/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-openpgp-8641a15.md index 2d7101d9..cb03f9bc 100644 --- a/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-openpgp-8641a15.md +++ b/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-openpgp-8641a15.md @@ -72,6 +72,32 @@ To implement message-level security for OpenPGP, you use PGP keys. ![](images/Keys_for_Message_Level_Security_PGP_Outbound_8e6a163.png) + + +## Configuring the Receiver + +1. Generate the PGP keys and the storage locations \(PGP secret and public keyrings\) for the receiver system. + +2. Import the related public keys from the tenant into the public PGP keyring of the receiver and finish the configuration of the receiver system. + + + + +Provide tenant administrator with the public key \( used to encrypt messages sent to the receiver\). + + + +## Configuring the Integration Flow Steps for Message-Level Security + +Depending on the desired option, configure the security-related integration flow steps. + +Configure the **Encryptor** \(PGP\) step. + +- Specify the *User ID of Key\(s\) from Public Keyring* in order to select the relevant public receiver keys from the PGP public keyring. + +- If you want to sign the payload, specify the *Signer User ID of Key\(s\) from Secret Keyring* in order to select the relevant private key from the PGP secret keyring. The private key is used to sign the message. + + **Related Information** @@ -79,3 +105,5 @@ To implement message-level security for OpenPGP, you use PGP keys. [Creating OpenPGP Keys](creating-openpgp-keys-6c5846b.md "You use the tool gpg4win to create the required keys for the usage of OpenPGP.") +[Define PGP Encryptor](../50-Development/define-pgp-encryptor-7a07766.md "") + diff --git a/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-pkcs-7-xml-digitalsignature-57b2b19.md b/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-pkcs-7-xml-digitalsignature-57b2b19.md index d03a70bb..3a690bb1 100644 --- a/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-pkcs-7-xml-digitalsignature-57b2b19.md +++ b/docs/ISuite/40-RemoteSystems/outbound-message-level-security-with-pkcs-7-xml-digitalsignature-57b2b19.md @@ -74,6 +74,21 @@ To implement message-level security for standards PKCS\#7, WS-Security, and XML +## Configuring the Receiver + +Configure the receiver keystore in the following way: + +- Generate a key pair \(and get it signed by a CA\). + +- Import the tenant public key into the receiver keystore. + + + + +Provide the tenant administrator with the public key \(is used to encrypt messages sent to the receiver\). + + + ## Configuring the Integration Flow Steps for Message-Level Security @@ -104,3 +119,7 @@ In general, an alias is a reference to an entry in a keystore. A keystore can co [Creating Keys for the Usage of PKCS\#7, XML Digital Signature and WS-Security](creating-keys-for-the-usage-of-pkcs-7-xml-digital-signature-and-ws-security-6f43916.md "To set up message level security scenarios based on PKCS#7, XML Digital Signature or WS-Security, the required keys are created in the same way as for transport level security HTTPS.") +[Sign the Message Content with PKCS\#7/CMS Signer](../50-Development/sign-the-message-content-with-pkcs-7-cms-signer-cc09e03.md "") + +[Encrypt and Sign the Message Content with PKCS\#7/CMS Encryptor](../50-Development/encrypt-and-sign-the-message-content-with-pkcs-7-cms-encryptor-21fd211.md "") + diff --git a/docs/ISuite/40-RemoteSystems/renewal-of-password-only-84dabed.md b/docs/ISuite/40-RemoteSystems/renewal-of-password-only-84dabed.md index 7fc9b5ba..3d717362 100644 --- a/docs/ISuite/40-RemoteSystems/renewal-of-password-only-84dabed.md +++ b/docs/ISuite/40-RemoteSystems/renewal-of-password-only-84dabed.md @@ -8,3 +8,10 @@ To exchange the password of a user without any downtime, the cloud infrastructur Security artifact renewal has to be performed in the following sequence: +1. Cloud infrastructure provider: Informs the sender administrator that he wants to change the password of a certain user used for HTTPS communication with the tenant and that he has created an **intermediate user** \(`user1`\) and password. +2. Sender administrator: Exchanges the old user/password \(`user0`\) with the intermediate user/password \(`user1`\) in the HTTPS sender client \(back-end system\). +3. Sender administrator: Informs the cloud infrastructure provider that the sender client now uses the intermediate user \(`user1`\). +4. Cloud infrastructure provider: Informs the sender administrator that the password of the original user \(`user0`\) has been changed. +5. Sender administrator: Exchanges the user/password of the intermediate user \(`user1`\) with the original user \(`user0`\) \(and with the new password\). +6. Sender administrator: Informs the cloud infrastructure provider that user and password has been changed. + diff --git a/docs/ISuite/40-RemoteSystems/renewal-of-tenant-client-root-certificate-ca-8dc5877.md b/docs/ISuite/40-RemoteSystems/renewal-of-tenant-client-root-certificate-ca-8dc5877.md index 8d7ec79d..78850231 100644 --- a/docs/ISuite/40-RemoteSystems/renewal-of-tenant-client-root-certificate-ca-8dc5877.md +++ b/docs/ISuite/40-RemoteSystems/renewal-of-tenant-client-root-certificate-ca-8dc5877.md @@ -35,6 +35,17 @@ Certificate renewal has to be performed in the following sequence: 8. Tenant administrator: Informs the receiver administrator that a new client certificate \(signed by another CA than the old one\) is now used. 9. Receiver administrator: Removes the old client certificate and also the old root certificate \(assumed that it is not longer used in any other communication\). +Let us assume, the customer landscape is composed as described under *Connecting a Customer System to Cloud Integration*, section *Technical Landscape for On Premise-On Demand Integration*. In that case, SAP Web Dispatcher is used to receive incoming calls from the cloud. SAP Web Dispatcher \(as reverse proxy\) is the entry point for HTTPS requests into the customer system landscape. The configuration of the receiver \(server\) as indicated in step 2 in the list above comprises the following tasks for that example case: + +- Make sure that the reverse proxy trusts the new CA. A restart is required to finalize the related configuration steps. +- Map the new certificate in AS ABAP back-end for authentication purpose +- Edit the new CA in Web Dispatcher farm. + + This step is performed by SAP IT. + +- Upload the new CA in workcenter under *Edit Certificate Trust List*. +- Update the communication arrangements credentials such way that the new certificate is mapped to the inbound technical user. + ## Receiver does not Accept Different Certificates at the same Time diff --git a/docs/ISuite/40-RemoteSystems/renewal-of-user-and-password-da1eeb1.md b/docs/ISuite/40-RemoteSystems/renewal-of-user-and-password-da1eeb1.md index 1b7c15c4..f6b7d83e 100644 --- a/docs/ISuite/40-RemoteSystems/renewal-of-user-and-password-da1eeb1.md +++ b/docs/ISuite/40-RemoteSystems/renewal-of-user-and-password-da1eeb1.md @@ -6,3 +6,6 @@ In this use case, the user \(through which a sender calls the tenant\) is replac Security artifact renewal has to be performed in the following sequence: +1. Sender administrator: Changes the user and password in the HTTPS sender client \(sender back-end\). +2. Sender administrator: Informs SAP that user has been changed in the sender client. + diff --git a/docs/ISuite/50-Development/IntegrationSettings/generative-ai-0c93c17.md b/docs/ISuite/50-Development/IntegrationSettings/generative-ai-0c93c17.md index e4f6cc27..6f5c457f 100644 --- a/docs/ISuite/50-Development/IntegrationSettings/generative-ai-0c93c17.md +++ b/docs/ISuite/50-Development/IntegrationSettings/generative-ai-0c93c17.md @@ -2,3 +2,53 @@ # Generative AI +As a tenant administrator, learn and activate the feature for AI-based generation of integration flows. + +> ### Note: +> This information is relevant only when you use the Cloud Integration capability as a part of SAP Integration Suite. Availability of this feature depends upon the SAP Integration Suite service plan that you use. For more information about different service plans and their supported feature set, see SAP Note [2903776](https://launchpad.support.sap.com/#/notes/2903776). + + + + + +## What is AI-Based Generation of Integrations + +SAP Integration Suite, specifically the Cloud Integration capability, provides a feature to create integration flows using Generative AI. After you activate the feature, an integration developer has a choice to generate integrations with the assistance from AI. The integration developer must describe the integration scenario when asked. Based on the descriptions and inputs, the Generative AI tool creates an integration flow. + + + + + +## Prerequisites + +For the Generative AI tool to create integration flows, you must first enable connectivity between your system landscape in SAP BTP cockpit and SAP Integration Suite. By doing so, your registered SAP applications can expose APIs and events to SAP Integration Suite, which in turn, the Generative AI tool use to create integrations. For more information on how to achieve this, see [Enabling System Landscape in SAP BTP Cockpit for SAP Integration Suite](https://help.sap.com/viewer/54e467e3bd2148deb837d34d1ec66a78/IAT/en-US/88bac3b622854484a1d1e4353aa8ac73.html "Learn to include various SAP systems into a formation and thus combine diverse SAP solutions for extended business scenarios.") :arrow_upper_right: . + +The Generative AI tool can create integration flows without the system landscape in place too. But in such cases, the tool creates an integration flow with HTTP adapters on sender and receiver sides. You must still manually enter most of the parameters which would otherwise be automatically populated by the Generative AI tool. + + + + + +## Enable AI-Based Generation of Integrations + +Follow these steps to enable or disable AI-based generation of integrations: + +1. Go to *Settings* \> *Integrations* \> *Design Guidelines*. + +2. Choose *Edit*. + +3. Enable the *Generative AI Based Integration Flow Generation* checkbox. + +4. Read and understand the terms and conditions for the usage of AI-based feature. Enable the checkbox at the bottom of the pop-up to provide your consent. + +5. Choose *Accept*. + +6. Choose *Save*. + + The identifier of the user who provided consent to the AI terms and conditions, and the timestamp of are shown on the screen for your reference. + + +For information about generating integrations using AI, see [Creating an Integration Flow](../creating-an-integration-flow-da53d93.md). + +. + diff --git a/docs/ISuite/50-Development/IntegrationSettings/importing-mapping-content-from-es-repository-e18fc05.md b/docs/ISuite/50-Development/IntegrationSettings/importing-mapping-content-from-es-repository-e18fc05.md index dc256248..26cada1f 100644 --- a/docs/ISuite/50-Development/IntegrationSettings/importing-mapping-content-from-es-repository-e18fc05.md +++ b/docs/ISuite/50-Development/IntegrationSettings/importing-mapping-content-from-es-repository-e18fc05.md @@ -38,16 +38,11 @@ After you've configured the connection to ES Repository, you can import content > - The interfaces contain more than one cardinality. > - The interfaces are asynchronous in type. > -> - The import process fails if the message mapping contains: -> -> - Imported archives -> -> - Parameters -> -> > - Importing, viewing, and editing of Java UDF is supported. > > - Message Mapping containing reference to Value Mapping isn't supported at runtime. +> +> - Import of a message mapping object fails if it contains a XSD in the source or target message. Here's how you can do it: diff --git a/docs/ISuite/50-Development/accessing-trust-and-key-managers-8518837.md b/docs/ISuite/50-Development/accessing-trust-and-key-managers-8518837.md index 15cc6568..336c09d7 100644 --- a/docs/ISuite/50-Development/accessing-trust-and-key-managers-8518837.md +++ b/docs/ISuite/50-Development/accessing-trust-and-key-managers-8518837.md @@ -12,9 +12,27 @@ Follow the procedure below to get trust and key managers in an ADK project. ## Procedure -1. Add the `com.sap.it.public` group ID to the ``. +1. Download the latest ADK API from the [Adapter Development Kit](https://tools.hana.ondemand.com/#cloudintegration) section. -2. Depending on your requirements, add the code below to either the `*Producer.java` \(receiver adapter\) or `*Consumer.java` \(sender adapter\) file. This allows you to import all the trust managers. +2. Add the `com.sap.it.public.generic.api.jar` file to the `resources` folder that is in your ADK project. + +3. Open the `pom.xml` file and add the dependency below: + + > ### Source Code: + > ```xml + > + > com.sap.it.public + > api + > 2.8.0 + > system + > ${project.basedir}/src/main/resources/com.sap.it.public.generic.api-2.8.0.jar + > + > + > ``` + +4. Add the `com.sap.it.public` group ID to the ``. + +5. Depending on your requirements, add the code below to either the `*Producer.java` \(receiver adapter\) or `*Consumer.java` \(sender adapter\) file. This allows you to import all the trust managers. > ### Source Code: > ```java @@ -37,7 +55,7 @@ Follow the procedure below to get trust and key managers in an ADK project. > > ``` -3. To import all the key managers, use the code below: +6. To import all the key managers, use the code below: > ### Source Code: > ```java diff --git a/docs/ISuite/50-Development/accessing-user-credentials-e4e4edc.md b/docs/ISuite/50-Development/accessing-user-credentials-e4e4edc.md index 0c48c5c4..1a29a304 100644 --- a/docs/ISuite/50-Development/accessing-user-credentials-e4e4edc.md +++ b/docs/ISuite/50-Development/accessing-user-credentials-e4e4edc.md @@ -12,9 +12,27 @@ Follow the procedure below to get user credentials in an ADK project. ## Procedure -1. Add the `com.sap.it.public` group ID to the ``. +1. Download the latest ADK API from the [Adapter Development Kit](https://tools.hana.ondemand.com/#cloudintegration) section. -2. To import user credentials, use the code below: +2. Add the `com.sap.it.public.generic.api.jar` file to the `resources` folder that is in your ADK project. + +3. Open the `pom.xml` file and add the dependency below: + + > ### Source Code: + > ```xml + > + > com.sap.it.public + > api + > 2.8.0 + > system + > ${project.basedir}/src/main/resources/com.sap.it.public.generic.api-2.8.0.jar + > + > + > ``` + +4. Add the `com.sap.it.public` group ID to the ``. + +5. To import user credentials, use the code below: > ### Source Code: > ```java diff --git a/docs/ISuite/50-Development/actions-and-functions-3572dfb.md b/docs/ISuite/50-Development/actions-and-functions-3572dfb.md new file mode 100644 index 00000000..b601f652 --- /dev/null +++ b/docs/ISuite/50-Development/actions-and-functions-3572dfb.md @@ -0,0 +1,145 @@ + + +# Actions and Functions + +Actions and functions provide a way to introduce server-side behaviors into the otherwise data-centric model. Graph mirrors actions and functions as provided by connected business systems. + +[OData](https://www.odata.org/) supports custom operations that are named *Actions* and *Functions*. Both are considered operations on the data model: + +- **Actions** are operations that modify data on the server. An action is invoked through a POST request with its arguments being passed in the request body in the [JSON](https://www.json.org/) format. +- **Functions** are operations that only retrieve data from the server without causing side effects. A function is invoked through a GET request with its arguments being passed in the URL path. + +Furthermore, OData differentiates between unbound and bound operations: + +- Bound operations have an implicit relationship to one entity. They are similar to class methods in object-oriented programming as their first implicit argument is bound to their entity's primary key. +- Unbound operations have no implicit relationship to an entity. They are similar to functions in programming languages as they receive all arguments explicitly. + +Graph supports OData operations \(actions and functions\) and automatically discovers them in the metadata of connected business systems. Discovered actions and functions are mirrored into the resulting business data graph. + +- [Actions in OData – Blog \(odata.org\)](https://www.odata.org/blog/actions-in-odata/) +- [Functions and Actions – Basic Tutorial \(odata.org\)](https://www.odata.org/getting-started/basic-tutorial/#operation) +- [Actions & Functions – CAP \(cap.cloud.sap\)](https://cap.cloud.sap/docs/guides/providing-services#actions-and-functions) + + + + + +## Metadata + +Actions and functions can be found in the exposed metadata of a business data graph. They are part of the metadata of any given namespace: + +``` +https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api///$metadata +``` + +- `subdomain` = The subdomain assigned to the tenant. For example, `is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef`. +- `bdg` = The business data graph identifier as specified by the Graph configuration. +- `namespace` = The namespace of the connected business system, for example, `sap.s4` for S/4HANA or `sap.c4c` for SAP Cloud for Customer. + +Actions are represented by the following XML-schema: + +``` + + + ... + + + +``` + +Functions are represented by the following XML-schema: + +``` + + + ... + + +``` + + + + + +## Usage + +Actions and functions can be invoked by constructing the request path using the namespace, bound status, and operation name. Additionally, parameters are part of the request path for functions or the request body for actions. Abstract schema and examples for all four possible request scenarios are listed here: + +- Unbound action +- Bound action +- Unbound function +- Bound function + + + +### Unbound Action + +``` +POST https://.a.integration.cloud.sap/graph/api/// +{ + "": "" + ... +} +``` + +> ### Sample Code: +> ``` +> POST https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.c4c/CalculateScore +> { +> "ObjectId": "1", +> "Simulate": "true", +> "FinalizePhaseIndicator": "false", +> "CalculateAllKPIsIndicator": "true" +> } +> ``` + + + +### Bound Action + +``` +POST https://.a.integration.cloud.sap/graph/api//// +{ + "": "" + ... +} +``` + +> ### Sample Code: +> ``` +> POST https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.s4/InHouseRepair('1')/ConfirmRepairObjects +> ``` + + + +### Unbound Function + +``` +GET https://.a.integration.cloud.sap/graph/api///(=,...) +``` + +> ### Sample Code: +> ``` +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.c4c/GetServiceRequestProcessingTypes(isCustomerSupport=false,isEmployeeSupport=true) +> ``` + + + +### Bound Function + +``` +GET https://.a.integration.cloud.sap/graph/api////(=,...) +``` + +> ### Sample Code: +> ``` +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.s4/A_BillingDocument('1')/GetPDF() +> ``` + +**Related Information** + + +[Actions in OData – Blog \(odata.org\)](https://www.odata.org/blog/actions-in-odata/) + +[Functions and Actions – Basic Tutorial \(odata.org\)](https://www.odata.org/getting-started/basic-tutorial/#operation) + diff --git a/docs/ISuite/50-Development/adding-a-custom-codelist-fa0c76f.md b/docs/ISuite/50-Development/adding-a-custom-codelist-fa0c76f.md new file mode 100644 index 00000000..b5d0bd68 --- /dev/null +++ b/docs/ISuite/50-Development/adding-a-custom-codelist-fa0c76f.md @@ -0,0 +1,140 @@ + + + + +# Adding a Custom Codelist + +Create and add a codelist to the custom type system Custom Codelist. + + + +## Context + +Follow the procedure to add a codelist to a custom codelist. + + + +## Procedure + +1. Navigate to the *Custom Type Systems* from the left pane of your application. + +2. Choose the *Custom Codelists* and navigate to the *Codelists* tab. + +3. Choose *Add* and maintain the following parameters: + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Value + +
+ + **ID** + + + + Enter an ID for the codelist + +
+ + **Name** + + + + Enter a meaningful name for your codelist + +
+ + **Description** + + + + Provide a decription for the codelist. You can select the *Formatted Text* checkbox if you want the description to be formatted. + +
+ +4. Choose *Create*. This will create and open the codelist. + +5. In the *Code Values* tab of the codelist, you can start adding the code values by choosing : + + 1. *Add* to manually add entries or + + 2. *Upload* to upload a csv file. + + If you do not have a csv file but need to know how to create and upload a csv file, refer the section **Creating codelists using a csv file** below.enter the values in a file, in the *Code Value Upload* dialog, choose *How to...* \> *Download the template\(\*.csv\)* option. This will download the csv file template locally with the name `CodeValueDownload.csv`. Edit the downloaded template file CodeValueDownload.csv to enter the required values and save. + + Ensure you do not change or remove the header of the template. + + Once done, you can choose *Select* to upload the updated file containing code values. + + +6. Choose *Save* to save your changes. + +7. Choose *Activate* to activate your codelist. Once activated, the codelist becomes read-only. You need to create a new draft version of the codelist to edit further. + +8. To delete a codelist, see [Deleting a Custom Codelist](deleting-a-custom-codelist-01ad9ee.md). + + + + + + +## Creating codelists using a csv file + +Create a codelist using a csv file. + + + + + +## Procedure + +1. In the *Code Values* tab of the codelist, choose *Upload* to upload a csv file. + +2. In the *Code Value Upload* dialog, choose *How to...* \> *Download the template\(\*.csv\)* option. This will download the csv file template locally with the name `CodeValueDownload.csv` + +3. Edit the downloaded template file `CodeValueDownload.csv` to enter the required values and save. + + Ensure you do not change or remove the header of the template. + +4. Once done, you can choose *Select* to upload the updated file containing code values in the *Code Value Upload* dialog. + + > ### Note: + > You can also download a standard codelist from a type system in `csv` format and upload it here. To do so, + > + > - Go to *Type Systems* and open the type system that you require. + > + > - Navigate to the *Codelists* tab and select a version of the codelist that you want to download. + > - In the *Code Values* tab, choose *Download*. This will download the standard codelist in `csv` format. + +5. If the csv file contains any code value with an escape character, on uploading the file the list of those code values are displayed. Select the rows for which you want the escape character to be removed and choose *Remove*. + +6. If you want to skip this step, choose *Skip All*. + +7. If you want to add more code values to the uploaded values, choose *Add* and enter the required fields in the new entry. + + > ### Note: + > You can use the upload option even if code values exist already. The code values in the file get appended to the existing list. However, if there are conflicting values between the list and the csv file, during upload the dialog box displays the list of already existing values. You can select the checkbox of those values that you wish to overwrite and choose *Overwrite*. + + diff --git a/docs/ISuite/50-Development/additional-attributes-in-openapi-specification-35f357c.md b/docs/ISuite/50-Development/additional-attributes-in-openapi-specification-35f357c.md index 7f722d93..6e8d77e3 100644 --- a/docs/ISuite/50-Development/additional-attributes-in-openapi-specification-35f357c.md +++ b/docs/ISuite/50-Development/additional-attributes-in-openapi-specification-35f357c.md @@ -2,759 +2,12 @@ # Additional Attributes in OpenAPI Specification -OpenAPI Specification allows you to define additional attributes or custom extensions that start with `x-`, such as `x-servers`. +OpenAPI Specification allows you to define additional attributes or custom extensions that start with `x-`, such as `x-sap-api-type`. You can use an OpenAPI Specification to describe extra functionality of the API that is not covered by the standard OpenAPI Specification. -Additional attributes or custom extensions are supported on the `root` level of the OpenAPI Specification and in the following places: +. To know more about these additional attributes, see: -- `info` section -- `paths` section -- `responses` section -- `tags` -- Security schemes - -The following additional attributes have been introduced for use with API designer. All these attributes must be defined at the root level of the OpenAPI Specification. - -**List of additional attributes** - - - - - -## x-sap-api-type - -> ### Sample Code: -> ``` -> -> { -> "x-sap-api-type": "ODATA" -> } -> ``` - -You can use this attribute to display the API type. For example: - -The API Type is set according to the following rules of precedence: - -1. If EDMX file is present, then the type is set as ODATA. -2. If WSDL file is present, then the type is set as SOAP. -3. If x-sap-api-type is mentioned in the swagger, then the respective value is set. For OData APIs, to differentiate the V2, and V4 OData APIs, you will need to specify the following values in swagger for the x-sap-api-type attribute: - - - - - - - - - - - - - - - -
- - Type of API - - - - Input - -
- - OData V2 API - - - - ODATA - -
- - OData V4 API - - - - ODATAV4 - -
- -4. The default is REST. - - - - - -## x-sap-shortText - -The `x-sap-shortText` attribute is used to display a short description of your APIs. - -> ### Note: -> The `x-sap-shortText` is a mandatory attribute that must be defined in the API definition file. - -> ### Sample Code: -> ``` -> -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-sap-shortText": " Work with the SAP Workflow service." -> } -> -> ``` - -The text should not exceed 180 characters. The following characters are allowed in the x-sap-shortText: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Character - - - -Description - -
- -A-Z - - - -Latin letters, case insensitive - -
- -0-9 - - - -Numbers - -
- -  - - - -Space - -
- -\_ - - - -Underscore - -
- -\- — – - - - -Different Hyphens - -
- -. - - - -Dot - -
- -, - - - -Comma - -
- -\(\) - - - -Paranthesis - -
- -'s - - - -Possession apostrophe - -
- -Make sure a short text doesn't contain special characters like $, &, !, %, \\, /, \*, ; and so forth. - -Do not use semicolons to separate two sentences. Rather, make it two separate sentences. - -Please note, though forward slash is not an allowed character to use, it is allowed in a product name, such as S/4HANA or combination of words country/region. - - - - - -## x-sap-stateInfo - -You use `x-sap-stateInfo` attribute to display the current status of an API. - -> ### Note: -> The `x-sap-stateInfo` is an optional attribute. That is, if you do not use this attribute in your API definition file, then by default, the current status of an API is marked as `Active`. However, If you want to publish your API in the `Beta` status or you have decided to transition your API from `Active` to `Deprecated` or `Decommissioned` status, then it is mandatory to use this attribute to indicate the new status of your API. - - - -### API status - -An API can be marked with any of the following statuses: - -- Beta - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is `Beta`. - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.0", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Beta" - > } - > } - > ``` - -- Active - - If `x-sap-stateInfo` attribute is not defined or left empty, then the default status of the API is taken as `Active`. - -- Deprecated - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is deprecated as on 14th August 2018, and a new version of the API is available: - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.2", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Deprecated", - > "deprecationDate": "2018-08-14", - > "successorApi": "http://api.sap.com/api/product_text_classification_api" - > } - > } - > ``` - - > ### Note: - > You must enter the `deprecationDate` in the format `yyyy-mm-dd` - -- Decommissioned - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is decommissioned as on 05th September 2018, and a new version of the API is available: - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.2", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Decommissioned", - > "decommissionedDate": "2018-10-05", - > "successorApi": "http://api.sap.com/api/product_text_classification_api" - > } - > } - > ``` - - - - -### Change Log - -If you have defined the `x-sap-stateInfo` attribute, then you must also ensure that you have entered the change log information in the *Artifact.json* file of your API package. - -> ### Note: -> If you do not enter the changelog information in *Artifact.json* file, then it results in unsuccessful builds. - -**Change Log for a deprecate API**: The following is a sample code snippet of the *Artifact.json* file in which `changelog` attribute is used to indicate the most recent state of the API. - -> ### Sample Code: -> ``` -> { -> "type": "API", -> "changelog": [ -> { -> "state": "Deprecated", -> "date": "2018-09-14", -> "version": "1.0", -> "notes": "New api with enhanced functionality is available" -> }, -> { -> "state": "Active", -> "date": "2018-01-18", -> "version": "1.0.0", -> "notes": "Some bug fixes and performance enhancement" -> }, -> { -> "state": "Active", -> "date": "2021-01-08", -> "version": "1.0.0", -> "notes": "Notifications API has been moved out of Equipment API. Visit Notifications API" -> } -> -> ] -> } -> -> ``` - -> ### Note: -> You must enter the `date` in the format `yyyy-mm-dd`. The most recent state of the API must appear as the first entry under `changelog`, and the values defined for the `state` attribute in `API definition` file and `Artifact.json` file must be same. It is a good practice to indicate the recent changes made to the API using the `notes` attribute. This will help your API consumers to know if they need to follow certain rules or conditions before using the API. - -The following images show a sample API, which is marked `Deprecated` on the SAP Business Accelerator Hub: - -![](images/deprecated_API_2_new_49ef553.png) - -**Change Log for a decommissioned API** The following is a sample code snippet of the *Artifact.json* file in which `changelog` attribute is used to indicate the decommissioned state of the API. - -> ### Note: -> When you transition an API from one state to another, you must enter the changelog information in *Artifatct.json* file. SAP Content pipeline strongly recommends the following: -> -> - You add the changelog information if you are publishing the first or intial version of an API. -> - You add the changelog information for every consecutive update of an already published API. - -> ### Sample Code: -> ``` -> { -> "type": "API", -> "changelog": [ -> { -> "state": "Decommissioned", -> "date": "2018-10-05", -> "version": "1.1.2", -> "notes": "This API is decommissioned" -> }, -> { -> "state": "Deprecated", -> "date": "2018-07-18", -> "version": "1.0", -> "notes": "This API is deprecated" -> }, -> { -> "state": "Active", -> "date": "2018-01-18", -> "version": "1.0.0", -> "notes": "Some bug fixes and performance enhancement" -> } -> ] -> } -> -> ``` - -> ### Note: -> You must enter the `date` in the format `yyyy-mm-dd`. The most recent recent state of the API must appear as the first entry under `changelog`, and the values defined for the `state` attribute in `API definition` file and `Artifact.json` file must be same. It is a good practice to indicate the recent changes made to the API using the `notes` attribute. This will help your API consumers to know if they need to follow certain rules or conditions before using the API. - -The following images shows a sample API, which is marked `Decommissioned` on the SAP Business Accelerator Hub: - -![](images/decommissioned_api_3e00d2c.png) - - - -### Deprecating API Operation or Parameter - -**Marking an API operation or parameter as deprecated** - -> ### Note: -> In OpenAPI 2.0 specification, you have the provision to mark only an API operation as deprecated whereas in OpenAPI 3.0 specification, you can mark both API operation and a parameter as deprecated. - -In OpenAPI 2.0, use `deprecated: true` to mark an API operation as deprecated. - -> ### Sample Code: -> operation deprecation -> -> ``` -> { -> "paths": { -> "/list": { -> "get": { -> "responses": { -> "200": { -> "description": "This API Operation is deprecated." -> } -> } -> }, -> "deprecated": true -> } -> } -> } -> ``` - -In OpenAPI 3.0, use `deprecated: true` to mark an API operation and parameter as deprecated. - -> ### Sample Code: -> operation deprecation -> -> ``` -> { -> "paths": { -> "/list": { -> "get": { -> "responses": { -> "200": { -> "description": "This API Operation is deprecated." -> } -> } -> }, -> "deprecated": true -> } -> } -> } -> ``` - -> ### Sample Code: -> parameter deprecation -> -> ``` -> { -> "in": "query", -> "name": "id", -> "required": true, -> "schema": { -> "type": "string" -> }, -> "deprecated": true, -> "description": "Deprecated, use 'itemId' parameter instead." -> } -> ``` - -For more information, see [API Deprecation Policy](https://help.sap.com/doc/DRAFT/6a987e2f83f247649f52baa43d89eb1b/Dev/en-US/CTO%20Circle%20-%20API%20Deprecation%20final.pdf). - - - - - -## x-sap-csrf-token-path - -You use this attribute to provide a path relative to the basepath of your API for fetching X-CSRF-Token. That is, this attribute must contain the path of a resource that handles the fetching of x-csrf token requests. The relative path provided must not include server and transfer protocol information. - -> ### Sample Code: -> ``` -> { -> "host": "api.workflow.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/workflow-service/rest", -> "x-sap-csrf-token-path": "/" -> } -> ``` - -> ### Note: -> The relative\_path must be a path relative to the basepath that you have provided in your API. - -> ### Sample Code: -> Example -> -> ``` -> { -> "host": "api.workflow.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/workflow-service/rest", -> "x-sap-csrf-token-path": "/v1/xsrf-token" -> } -> ``` - - - - - -## x-sap-software-min-version - -You use this attribute to provide the minimum software version. For example: - -> ### Sample Code: -> ``` -> -> -> { -> "x-sap-software-min-version": "SAP NetWeaver 2.0" -> } -> ``` - - - - - -## x-sap-ext-overview - -You can use this attribute to provide stakeholder-specific information. For example: - -> ### Sample Code: -> ``` -> -> { -> "x-sap-ext-overview": [{ -> "name": "Communication Scenarios", -> "values": ["SAP_COM_0025 Name of SAP_COM_0025", "SAP_COM_0028 Name of SAP_COM_00028"] -> }, -> { -> "name": "Additional Property", -> "values": ["EntryValue1", "EntryValue2", "EntryValue3"] -> }] -> } -> -> ``` - -> ### Remember: -> Authentication details must not be a part of the x-sap-ext-overview. Add authentication details in the security scheme section. - - - - - -## x-servers - -The Open API specification 2.0 does not support multiple hosts \(and ports\), neither are path templating or patterns supported. Some APIs need support for both multiple hosts and path templating in the host parameter. This is because the host and landscape vary between regions. - -These features is supported in the `servers` property in the Open API specification v3.0. However, in Open API specification v2.0, the required configuration values can be added via the custom extension `x-servers`. - -For more information about how to specify sandbox url and multiple hosts or production servers in OpenAPI 3.0, see the Sandbox and Configure Information sections in [Governance Guidelines for API Packages](https://help.sap.com/viewer/4fb3aee633a84254a48d3f8c3b5c5364/Cloud/en-US/1e1cd898d3984bc79f214202e12ad5b5.html "A checklist to ensure your APIs have been correctly packaged before they are published on the SAP Business Accelerator Hub.") :arrow_upper_right: - -See [here](https://blogs.sap.com/2018/01/05/open-api-spec-2.0-vs-3.0/) to know more information about the differences between OpenAPI 2.0 and Open API 3.0 specifications - -If values are supplied for host, schemes, and basepath, then they together form the root URL of the API. The root URL points to a Sandbox system or a test system wherein the API can be tested. - -> ### Sample Code: -> ``` -> -> { -> "host": "sandbox.api.sap.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/sap/v1" -> } -> ``` - -For more information on how to define schemes, host and basepath in the API specification, see [API Designer](api-designer-51f3ca1.md). - -`x-servers` attribute is used when you want to specify multiple hosts, for example, to specify values for different servers located across various geographical boundaries. The example below shows how multiple hosts with path templates can be defined using x-servers attribute. - -``` -{ - "info": { - "title": "This sample is a reference service, which runs on SAP BTP showcasing the e-commerce APIs for products, and suppliers.", - "version": "1.0" - }, - "x-servers": [ - { - "url": "https://{appname}{accountname}.{landscapehost}/espm-cloud-web/espm.svc/secure", - "description": "ESPM OData endpoints", - "templates": { - "appname": { - "default": "espm", - "description": "The application name used while deploying the ESPM application" - }, - "accountname": { - "description": "The SAP BTP subaccount id where the application is deployed" - }, - "landscapehost": { - "enum": [ - "hana.ondemand.com", - "us1.hana.ondemand.com", - "us2.hana.ondemand.com", - "ap1.hana.ondemand.com", - "hanatrial.ondemand.com" - ], - "default": "hana.ondemand.com", - "description": "The region(host) where the application is deployed." - } - } - } - ] -} -``` - - - - - -## x-sap-direction - -You can use this optional attribute to indicate the direction in which an API operates. - -The value for this field would be one of the following: - -- `inbound` \(default\) -- `outbound` -- `mixed` \(both inbound and outbound\) - -> ### Sample Code: -> ``` -> { -> "x-sap-direction": "outbound" -> } -> ``` - - - - - -## x-sap-extensible - -This optional attribute lets you indicate that a particular API is extensible. - -The value for this field would be one of the following: - -- `Manual`: API can be extended manually by custom fields in some business contexts. -- `Automatic`: API can be extended automatically using tools by custom fields in some business contexts. -- `No`: API can't be extended. - -> ### Sample Code: -> ``` -> { -> "x-sap-extensible": { -> "supported": "manual", -> "description": "API can be extended by custom fields on the following business contexts (field usage for this API needs to be selected):\r\n* Procurement: Purchasing Document (MM_PURDOC_HEADER)\r\n* Procurement: Purchasing Document Item (MM_PURDOC_ITEM)\r\n\r\n[How to add an extension field to an API](https://help.sap.com/viewer/9a281eac983f4f688d0deedc96b3c61c/latest/en-US/57909455bf7c4fdd8bcf48d76c1eae33.html)" -> }, -> } -> ``` - - - - - -## x-targetEndpoint - -For an API artifact to be working, you need to specify the target endpoint. - -> ### Sample Code: -> ``` -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-targetEndpoint": " -> https://sap.com" -> } -> ``` - - - - - -## Handcrafting your Open API Specification - -Handcrafting your Open API Specification to create a valid API artifact. - -For an API artifact to be working, you need to have a valid base path, virtual host, and target endpoint. - -For example, - -> ### Sample Code: -> ``` -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-targetEndpoint": " -> https://sap.com" -> } -> ``` - -Virtual Host and Base Path information can be indicated using different attributes depending on the OpenAPISpecification version. - -Here’s an example for OpenAPISpecification 3.0: - -> ### Sample Code: -> ``` -> { -> "servers": [ -> { -> "url": " -> https://vh1.com/apipath1" -> } -> ] -> } -> ``` - -Where vh1.com indicates the virtual host and "apipath1" is the base path. - -Here’s an example for Swagger 2.0: - -> ### Sample Code: -> ``` -> -> { -> "host": "https://vh1.com:443" -> "basePath": "apipath1" -> } -> -> -> ``` - -Where vh1.com indicates the VH and "apipath1" is the base path. +- [Defined Specification Extensions for OpenAPI Specification v2.0](https://github.com/SAP/openapi-specification/tree/main/sap-schemas/v2.0#defined-specification-extensions) +- [Defined Specification Extensions for OpenAPI Specification v3.0](https://github.com/SAP/openapi-specification/tree/main/sap-schemas/v3.0#defined-specification-extensions) diff --git a/docs/ISuite/50-Development/additional-configurations-de7285c.md b/docs/ISuite/50-Development/additional-configurations-de7285c.md index 5661e7f9..927876fc 100644 --- a/docs/ISuite/50-Development/additional-configurations-de7285c.md +++ b/docs/ISuite/50-Development/additional-configurations-de7285c.md @@ -17,3 +17,5 @@ Certificates give you the credentials and the knowledge needed to create an API [Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the Integration Suite, or by using the embedded API designer.") + diff --git a/docs/ISuite/50-Development/aggregator-86f97fd.md b/docs/ISuite/50-Development/aggregator-86f97fd.md index edb23823..6f9a0ceb 100644 --- a/docs/ISuite/50-Development/aggregator-86f97fd.md +++ b/docs/ISuite/50-Development/aggregator-86f97fd.md @@ -392,7 +392,7 @@ Source for SAP RM Message ID -Source for SAP RM Message ID +$\{header.orderNumber\} diff --git a/docs/ISuite/50-Development/analyze-apis-7712c61.md b/docs/ISuite/50-Development/analyze-api-proxies-7712c61.md similarity index 95% rename from docs/ISuite/50-Development/analyze-apis-7712c61.md rename to docs/ISuite/50-Development/analyze-api-proxies-7712c61.md index fab45b9e..b1e9f96b 100644 --- a/docs/ISuite/50-Development/analyze-apis-7712c61.md +++ b/docs/ISuite/50-Development/analyze-api-proxies-7712c61.md @@ -1,8 +1,8 @@ -# Analyze APIs +# Analyze API Proxies -Use the capabilities of API Analytics to analyze API usage and performance. +Use the capabilities of API Analytics to analyze API proxy usage and performance. SAP Integration Suite provides comprehensive analytics capabilities to understand the various patterns of API consumption and performance. The API Analytics server uses the runtime data of the APIs to analyze the information. The runtime data is gathered, analyzed, and displayed as charts, headers, and key performance indicators \(KPIs\). diff --git a/docs/ISuite/50-Development/analyze-c234558.md b/docs/ISuite/50-Development/analyze-c234558.md new file mode 100644 index 00000000..c663939c --- /dev/null +++ b/docs/ISuite/50-Development/analyze-c234558.md @@ -0,0 +1,8 @@ + + +# Analyze + +SAP Integration Suite provides comprehensive analytics capabilities to understand the various patterns of API consumption and performance. + +The *Analyze* section allows you to analyze API proxy usage and performance. For more information, see [Analyze API Proxies](analyze-api-proxies-7712c61.md). + diff --git a/docs/ISuite/50-Development/anomaly-detection-7a4fe7d.md b/docs/ISuite/50-Development/anomaly-detection-7a4fe7d.md index 949483dc..b4d61c4b 100644 --- a/docs/ISuite/50-Development/anomaly-detection-7a4fe7d.md +++ b/docs/ISuite/50-Development/anomaly-detection-7a4fe7d.md @@ -13,7 +13,7 @@ Anomaly detection is an AI-based feature that involves the identification of pat ## How it works -Anomaly detection involves training an AI model to understand the behavior of your API proxies \(“proxified” API endpoints\). It works by comparing a current timeframe \(referred to as a 'window'\) of API proxy calls with the corresponding past time-series data. The AI model will be automatically trained using API data from the previous 3 months. Therefore, a minimum of 3 months' worth of API data on an API proxy is required to train the model and reliably detect anomalies. The detection capability improves over time. +Anomaly detection involves training an AI model to understand the behavior of your API proxies \(“proxified” API endpoints\). It works by comparing a current timeframe \(referred to as a 'window'\) of API proxy calls with the corresponding past time-series data. The AI model will be trained automatically using all past API data that is available, with a minimum requirement of 3 months' worth of data. Therefore, it is necessary to have at least 3 months' worth of API data on an API proxy to train the model and reliably detect anomalies. The detection capability improves over time. On average, the training process takes approximately 3 hours to complete. @@ -36,5 +36,5 @@ In addition, you can select up to five individual APIs, and track call behavior - **Active Monitoring**: Enables active monitoring by highlighting potential anomalies, helping address the issues promptly. - **Identification of Irregularities**: Visualizing the data enables quick identification of irregularities or patterns that deviate from normal behavior. -- **E-mail Alerts**: You have the option to subscribe to the **SAP Alert Notification Service**, which offers automated email notifications whenever an anomaly is detected. This enables immediate action, minimizing the potential impact of the anomaly and ensuring timely resolution of any issues. For more information, see [Subscribing to Email Notification Alerts](subscribing-to-email-notification-alerts-88e96f4.md). +- **Notification Alerts**: You now have the option to subscribe to the **SAP Alert Notification Service** and start receiving alerts whenever an anomaly is detected through your preferred communication channel. This enables immediate action, minimizing the potential impact of the anomaly and ensuring timely resolution of any issues. For more information, see [Subscribing to Notification Alerts](subscribing-to-notification-alerts-88e96f4.md). diff --git a/docs/ISuite/50-Development/api-documentation-3fd9fc9.md b/docs/ISuite/50-Development/api-documentation-3fd9fc9.md index 711f48fc..b994ae98 100644 --- a/docs/ISuite/50-Development/api-documentation-3fd9fc9.md +++ b/docs/ISuite/50-Development/api-documentation-3fd9fc9.md @@ -30,3 +30,21 @@ APIs can be accessed using either Groovy Script or Java Script as the programmin OData APIs are implemeted as REST API and use the Open Data Protocol as a technical protocol. For more information, see [OData API](odata-api-a617d6f.md). + + + + +## OData APIs on SAP Business Accelerator Hub + +Cloud Integration OData APIs can be tested and explored on SAP Business Accelerator Hub under [https://api.sap.com/package/CloudIntegrationAPI/odata](https://api.sap.com/package/CloudIntegrationAPI/odata). They are structured around entity types or resources. Click on the tiles below to find more information on the entity types and aspects. + +![](images/CPI_ODataAPI_a325b4e.png) + +The OData APIs are protected by basic authentication \(username and password\). For more information, click on the tile below: + +![](images/CPI_OData_Authentication_2fc6272.png) + +Additionally, the OData APIs make use of common query options: + +![](images/CPI_OData_Query2_6dae5cb.png) + diff --git a/docs/ISuite/50-Development/api-validation-02ff41b.md b/docs/ISuite/50-Development/api-validation-02ff41b.md new file mode 100644 index 00000000..014f86f9 --- /dev/null +++ b/docs/ISuite/50-Development/api-validation-02ff41b.md @@ -0,0 +1,113 @@ + + +# API Validation + +The API validation policy enables you to validate incoming request messages against an OpenAPI 3.0 Specification. + +This policy supports validation of the request body \(limited to application/json\), headers, and query parameters for incoming request messages. The validation process is based on an OpenAPI 3.0 Specification, provided in either JSON or YAML format. This validation functionality is applicable to both OData and REST API artifacts. + +In the OpenAPI Specification, you can define the expected headers and query parameters for each API endpoint. The specification allows you to mark certain headers and query parameters as required \(mandatory\) or optional. + +When a request is made to an API endpoint, the server implementing the API will validate the incoming headers and query parameters against the defined specification. If a required header or query parameter is missing, or if any of the provided headers or query parameters do not match the expected format or values, the server will respond with an error indicating the validation failure. + +> ### Note: +> For the request path, there is a strict validation. This means that in the request URL, after the base path segment, the subsequent URL segments must be registered as valid paths in the Swagger definition. For example, if you have an API modeled with the base path`/test123` and you want the API validation checks to be performed on `https:///test123/`, the expectation is that the trailing slash`'/'` after `/test123` is explicitly defined as the valid path in the API specification. It's important to note that the base path itself \("/test123"\) will not be accessible. Only the paths that are added after the base path and explicitly defined in the API specification will be accessible. + +**Policy Settings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Attribute + + + +Description + +
+ +Name\* + + + +The internal name of the policy. The value of the name attribute can contain letters, numbers, spaces, hyphens, underscores, and periods. This value can’t exceed 255 characters. + +
+ +On Error + + + +Determines the behavior when an exception or an error occurs during the policy execution. The default value is abort on error. + +
+ +Payload + + + +Determines whether the payload needs to be validated against the provided API specification. + +> ### Note: +> If the payload option is enabled, the incoming request body should be of the type application/JSON. + + + +
+ +Query Parameters + + + +Determines whether the query parameters need to be validated against the provided API specification. + +
+ +Headers + + + +Determines whether the headers need to be validated against the provided API specification. + +
+ +> ### Note: +> If you include any additional headers or query parameters in the request that are not defined in the OpenAPI Specification, these additional parameters are allowed to pass through. The server will check if the additional parameters conform to any validation rules specified in the specification, such as data type, format, or allowed values. Also, both mandatory and optional headers and query parameters are validated against the OpenAPI Specification. + +> ### Note: +> OpenAPI Specification version 2.0 is not supported by the API validation policy. + +**Related Information** + + +[Authentication](authentication-fa6eec4.md "Different API may have various authentication mechanisms. The authentication mechanisms that are currently supported are Basic authentication, Client Certificate, and oAuth.") + +[Authorization](authorization-6658409.md "This policy evaluates whether a user should be permitted to access a protected API.") + +[JSON Threat Protection](json-threat-protection-c4991a6.md "Minimizes the risk posed by content-level attacks by enabling specific limits on various JSON structures, such as arrays and strings.") + diff --git a/docs/ISuite/50-Development/application-archetypes-4db0c0b.md b/docs/ISuite/50-Development/application-archetypes-4db0c0b.md new file mode 100644 index 00000000..74e6ccb9 --- /dev/null +++ b/docs/ISuite/50-Development/application-archetypes-4db0c0b.md @@ -0,0 +1,37 @@ + + +# Application Archetypes + +Client application scenarios range from a simple task performed by an authorized user to complex extensions with stateful and multitenant business logic involving event notifications from multiple data sources. + +The illustration shows three archetypical ways of creating client applications that use Graph. Each archetype represents somewhat different coding considerations, security requirements, and best practices. + +![](images/Application_Architypes_f65da8e.png) + + + + + +## Task + +The *Task* architecture shows a simple web client application, often implemented as a Single Page Application \(SPA\) interacting directly with Graph, without any server-side component. The application accesses the data on behalf of a corporate business user, who must first be authenticated. Such applications can be developed with low-code/no-code tools, focusing on simple workflow tasks that typically interact with one or more data sources. Simple mobile or Fiori applications fall into this category as well. + +> ### Note: +> Applications based on the *Task* architecture must use an extended form of the OAuth protocol called Proof Key for Code Exchange \(PKCE\) that supports user authentication without storing a secret. Since XSUAA does not handle PKCE, this archetype is not yet supported by Graph. + + + + + +## Workflow + +The *Workflow* is the most common server-side client architecture with a web or mobile user interface. Users are optionally authenticated and interact with the application to directly access SAP-managed data. This type of "full-stack" application architecture is very common and better suited for more complex business logic, involving multiple data sources, some state information, etc. Workflow applications are often implemented in Java or Node.js. + + + + + +## Extension + +The *Extension* architecture is a more complex server-side client \(often called *headless*\), which interacts with data sources independently of users, who may optionally communicate with the client app at different times. This archetype is best suited for arbitrarily complex and asynchronous extension scenarios triggered by events or timers, and often includes additional state and persistence. You could use this type of architecture to prepare complex information \(reports, dashboards\) in the background, that will be available to business users who log in at a later time. + diff --git a/docs/ISuite/50-Development/archiving-data-bc71f88.md b/docs/ISuite/50-Development/archiving-data-bc71f88.md index 1ea03beb..211557c9 100644 --- a/docs/ISuite/50-Development/archiving-data-bc71f88.md +++ b/docs/ISuite/50-Development/archiving-data-bc71f88.md @@ -39,7 +39,7 @@ Example: For attachments, the structure is: a folder named after the step-id in [Configuring Destination](configuring-destination-c1ac580.md "To configure a connection to your CMS system for data archiving, you've to define a destination in the subscriber account of your tenant and follow the steps described in "Enable Archiving in the Cloud Foundry Environment".") -[Enable Archiving](enable-archiving-0fbbe93.md "To enable data archiving on a tenant in the Cloud Foundry environment, use the official OData API.") +[Enable Archiving](enable-archiving-0fbbe93.md "To enable data archiving on a tenant in the Cloud Foundry environment, use the OData API.") [Configuring Archiving Settings](configuring-archiving-settings-c38760d.md "You can configure the archiving settings via the Integration Content Monitor for each integration flow.") diff --git a/docs/ISuite/50-Development/archiving-payload-data-b927e01.md b/docs/ISuite/50-Development/archiving-payload-data-b927e01.md new file mode 100644 index 00000000..fe09817b --- /dev/null +++ b/docs/ISuite/50-Development/archiving-payload-data-b927e01.md @@ -0,0 +1,27 @@ + + +# Archiving Payload Data + +Archive your sender and receiver interchange payloads. + +The feature *Archive Sender/Receiver Payload Data* allows you to archive your interchange payloads to backend CMIS system. This is how it works: + +- Each tenant will have one B2B archiving job assigned to it. The initial status of the job would be set to inactive. + +- To activate this, follow the steps mentioned below: + - Send a **POST** call to the URL: `https://path-to-odata-api/api/v1/activateB2BArchivingConfiguration` where `path-to-odata-api` is specific to the user's environment. + + - This call is sent to enable the archiving function. If successful, the call returns a 200 response code with a message stating the activation was successful. You can then enable the checkbox *Archive Sender Payload*/*Archive Receiver Payload* field provided in your agreement for the sender/receiver interchange respectively under *B2B Scenarios* tab. + - To check whether archiving is currently configured on a tenant, use the OData API that allows you to query the message processing logs. You can do this by sending a **GET** call to te URL: `https://path-to-odata-api/api/v1/B2BArchivingConfigurations('tenant-name')` where `path-to-odata-api` is specific to the user's environment. + +- The archiving job will be executed once a day and the status of the archiving job can be monitored in the *Monitor* tab. You can also check the overall status of an archiving schedule job execution by calling the KPI OData API `https://path-to-odata-api/api/v1/B2BArchivingKeyPerformanceIndicators` where `path-to-odata-api` is specific to your environment. +- Each archived interchange will be compressed to one zip file with the naming convention `Business_Document_Data_Content.zip`. +- The archiving job, once activated will archive the payload data upto 7 days before the date of activation. Other payload data created before this time period will not be archived. +- Each archived interchange is sent to CMIS system in one transaction. +- There is no retry mechanism for the failed archived interchanges. These interchanges have to wait for the next archiving schedule job execution. +- Once the archiving job is completed, you need to check your CMIS system to check the archived data as the tenant does not display this information. +- The archiving feature is supported by the generic integration flow from version 2.3.0 and above. +- Once the interchange arhive is completed, the monitor backend database will store the data for 90 days post which the data will be deleted automatically. To monitor the archiving status, see [Monitoring B2B Messages](monitoring-b2b-messages-b5e1fc9.md) + +. + diff --git a/docs/ISuite/50-Development/assign-permission-to-a-product-via-ui-09fb892.md b/docs/ISuite/50-Development/assign-permission-to-a-product-via-ui-09fb892.md index a34eb432..74ef9b49 100644 --- a/docs/ISuite/50-Development/assign-permission-to-a-product-via-ui-09fb892.md +++ b/docs/ISuite/50-Development/assign-permission-to-a-product-via-ui-09fb892.md @@ -22,7 +22,7 @@ Whenever you create a product or edit a draft product, permissions can be added > ### Note: > Currently, we do not support assigning of permissions to the products defined in the remote API portals that are connected to a centralised API business hub enterprise. > -> \*Remote API portals are those that are not in the same subaccount as the centralised API business hub enterprise and are configured via the manage connections. For more information, [Centralized API business hub enterprise](../centralized-api-business-hub-enterprise-38422de.md) and [Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/33b706f4f2e148ffb1cb9289d5cda27d.html "The centralized API business hub enterprise is a central API catalog, allowing application developers to consume APIs and other assets, from a common platform.") :arrow_upper_right:. +> \*Remote API portals are those that are not in the same subaccount as the centralised API business hub enterprise and are configured via the manage connections. For more information, [Centralized API business hub enterprise](../centralized-api-business-hub-enterprise-38422de.md). diff --git a/docs/ISuite/50-Development/attribute-properties-28c634a.md b/docs/ISuite/50-Development/attribute-properties-28c634a.md new file mode 100644 index 00000000..57612ae7 --- /dev/null +++ b/docs/ISuite/50-Development/attribute-properties-28c634a.md @@ -0,0 +1,790 @@ + + + + +# Attribute Properties + +A list of attribute properties that can be found in project definition files. + + + + + +## `name` + +The name of the new attribute. For example: + +``` +lastName // attribute of scalar type at root level +mainAddress.country // primitive attribute country in a sub-structure mainAddress +addresses[] // to-many composition on root level (or array if the source attribute is defined as an array) +addresses[].country // primitive property country in to-many composition (or array) addresses + +``` + + + + + +## `key` + +Indicates that this attribute, called `id`, is the entity key. Custom entities must have exactly one key at the root level, and convention dictates that you should call this key `id`. We also recommend to introduce an attribute called `displayId`, which provides a human-friendly version of the key, even if they share the same source. + +``` +{ "name": "id", "key": true, "source": ["Product"], type: String(70) } // rename "Product" to key "id" +{ "name": "displayId", "source": ["Product"], type: String} + +``` + + + + + +## `source` + +The source attribute for the transform, which is an array of one or more parameters. When both the source and transform are not specified, the default of the source is the same `name` in the source entity. + +``` +{ "name": "firstName", "source": ["FirstName"] } // rename "FirstName" to "firstName", inferred type is from source +{ "name": "FirstName" } // implied source is also called "FirstName" + +``` + + + + + +## `sourceEntity` + +The full name of the mirrored source entity to which this attribute mapping applies. The first source entity in the `sourceEntities` header property is used as the default source entity. + + + + + +## `type` + +This optional property defines the type of the custom entity attribute. If not specified, the default type is inferred from the mapped source attribute or the specified transform. The type attribute can be used as a typecast to overwrite the default. Graph supports two versions of `String` and `Decimal`. The `String` type doesn't provide a max-length \(expressed as a character count\) intentionally, but you can specify a maximal string length, as in `String(10)`. Similarly, the `Decimal` type can be specified explicitly with a precision and scale, as in `Decimal(5,2)`. Date and time formats follow [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601). + +The following are supported types \(type names are capitalized\): + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Type + + + +Description + + + +Example + +
+ +String + + + +String of unspecified length. + + + +Alphanumeric text + +
+ +String \(length\) + + + +String of maximum length; longer strings are truncated. + + + +Alphanumeric text + +
+ +Integer + + + +A whole number. + + + +`52` + +
+ +Decimal + + + +A whole and fractional number. + + + +`17.63` + +
+ +Decimal \(precision, scale\) + + + +A decimal value witha specification of precision and scale. + + + +`Decimal(3,2) => 7.56` + +
+ +Boolean + + + +Boolean values. + + + +True, False + +
+ +Date + + + +Date as yyyy-mm-dd. + + + +`2016-01-24` + +
+ +DateTime + + + +Date and time as yyyy-mm-dd T hh:mm:ss. + + + +`2016-11-24T16:11:45` + +
+ +Time + + + +Time as hh:mm:ss. + + + +`16:11:45` + +
+ +Timestamp + + + +High-precision date and time. + + + +`2016-11-24 16:11:32.4209753` + +
+ +Association + + + +Association, specified with the `associationTarget` property. + + + + + +
+ +Example: + +``` +{ "name": "FirstName", "type": "String" } // implied source is also called "FirstName", overrides source type "String(127)". +``` + +> ### Note: +> All values \(unless the attribute is explicitly defined as non-null\) can have a null value. For example, an attribute of type Boolean can be true, false, or null. + +**Conversion Types** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +To + +From + + + +String + + + +String \(L\) + + + +Integer + + + +Decimal + + + +Boolean + + + +Date + + + +DateTime + + + +Time + + + +Time Stamp + +
+ +`String` + + + + \(3\) + + + +\(1\) + + + +Must be an integer. + + + +Must match a decimal. + + + + + + + + \(2\) + + + + \(2\) + + + + \(2\) + + + + \(2\) + +
+ +`Integer` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +`Decimal` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Boolean + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +`Date` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +`DateTime` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +`Time` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +`TimeStamp` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +\(1\) When reading, the string value is returned as is, and may, therefore, exceed the length. When writing, the operation fails when an attempt is made to write a string that is larger than the defined type. + +\(2\) String must match ISO date\(time\) format, based on [Date.parse\(\)](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/parse). Timestamps are expected in UTC time zone. Nonmatching date/time formats are changed to null. + +\(3\) `key` attributes, and the corresponding associations are treated as opaque local strings, and translated into *Qualified ID \(QID\)* format. A QID is a local ID or reference with a qualifier. When returning a response to a client, Graph adds a qualifier to each local ID and reference that it receives from a business system. When it receives a request from a client for a data item with a qualified reference, it removes the qualifier before sending the request to the business system. + + + + + +## `transform` + +This property specifies the transformation function for the attribute value of the custom entity. The parameters of the transform are described by the source property. For more information, see [Transform Functions](transform-functions-cec1e73.md). + + + + + +## `annotations` + +A list \(object\) of annotation properties. The following optional properties can be used: + +- `description` \(string\) - a comprehensive description of the attribute that is used in metadata documentation. + +- `readonly` \(boolean, default is false\): true if the attribute is treated as read-only. + + diff --git a/docs/ISuite/50-Development/attributes-3eb6109.md b/docs/ISuite/50-Development/attributes-3eb6109.md new file mode 100644 index 00000000..fb1729c5 --- /dev/null +++ b/docs/ISuite/50-Development/attributes-3eb6109.md @@ -0,0 +1,201 @@ + + +# Attributes + +The guidelines for attribute names and attribute types. + + + + + +## Attribute Names + +Attribute names start with a lowercase letter and use lower camelCase, with only ASCII alphanumeric characters and underscores. + +Attribute names must be precise and unambiguous in defining the semantics, interpreted in the context of an entity. For example, an entity `Student` has an attribute age, rather than `studentAge`. By convention, acronyms remain in capital letters, such as `baseURL`, except at the beginning of the name: `iataCode`. + +Custom entities should be designed to have only one unique key attribute, by convention called `id`. We also recommend to have an additional attribute called `displayId`, which is the preferred value to display on UIs. Often, `id` and `displayId` map to the same source attribute value, but since Graph uses the `id` field to encode additional \(opaque\) information, it shouldn't be used for UIs. + + + + + +## Attribute Types + +When creating a custom entity, you can use several kinds of attributes. + +Graph's supported attribute types are a subset of the core data services types. For more information, see [Core Data Services \(CDS\) primitive types](https://cap.cloud.sap/docs/cds/types). + + + + + +## Primitive + +Primitive attributes are the simplest unstructured attributes, usually of type `String` or `Integer`. Primitive attribute names are singular. Primitive attributes that are `Boolean` should be named as positive and prefixed with a modal or auxiliary verb like *is*, *can*, or *has*. For example, `isActive` rather than `isInactive` or `active`. + + + + + +## Structured + +You can group certain attributes as a structure. A good example is attributes that together form an address. You can create a structured attribute by specifying the attribute name using a dotted path. Each path segment adds an additional nesting layer. For example: + +``` +{ + "entity": "bestrun.Customer", + "attributes": [ + { "name": "address.street", "source": ["Street"] }, + { "name": "address.city", "source": ["City"] }, + { "name": "address.zip", "source": ["ZipCode"] } + ] +} + +``` + +`address` and `zip` are path-segments. Clients see the data as a nicely nested JSON object. For example: + +``` + : + address: { + street: "Main Street"; + city: "Plains"; + zip: "44345"; + } + : + +``` + +> ### Note: +> Graph doesn't support *Composition of one*, which would yield a similar result. + + + + + +## Arrays of Primitive Values + +Arrays of primitive values can be defined using the `arrayFill` transform. Attribute names that represent an array are plural, and must be followed by open and closed square brackets `[]` as a suffix. For example, `children[]` or `contacts[]`. The array base type is inferred from the source's first entry, but can be overwritten by the `property` type. All primitive types are allowed. + +``` +{ + "entity": "bestrun.Customer", + "attributes": [ + { "name": "tags[]", "transform": "arrayFill", "source": ["Tag1", "Tag2", "Tag3"], "type": "String(21)" } + ] +} + +``` + + + + + +## Compositions of Many \(Arrays of Sub-Entities\) + +A composition is an attribute that represents a nested array of a structured type, a contained subentity, with a whole-and-parts semantics: the subentity doesn’t exist without the whole part. Examples are the list of items on a sales order, or the chapters of a book. Most existing data sources and APIs don't support compositions and just use foreign keys or associations to another entity, without highlighting the whole-and-parts semantics of the composition. Composition names are plural, and must be followed by open and closed square brackets `[]` as a suffix. + +As a modeler of a Graph custom entity, you can represent whole-and-parts semantics correctly as a real composition, as follows: + +- Specify a `[]` following the path segment that becomes the composition attribute, with a source property that represents a foreign key \(association to many\). Don't specify a transform or type. + +- Specify the composition substructure, attribute by attribute, using the same name syntax, and adding the attribute as a path segment. + +- Mark at least one subentity attribute as a key. + + +The following example shows an attribute, called `addresses`, which is an inline composition of many addresses. + +``` +{ + "entity": "bestrun.Customer", + "attributes": [ + { "name": "addresses[]","source": ["to_Addresses[]"] }, + { "name": "addresses[].id", "source": ["to_Addresses[].AddressID"], "key": true }, + { "name": "addresses[].street", "source": ["to_Addresses[].Street"] }, + { "name": "addresses[].city", "source": ["to_Addresses[].City"] } + ] +} + +``` + + + + + +## Compositions of Many Different Data Source APIs + +In the *Compositions of Many \(Arrays of Sub-Entities \)* section, the composition attribute and the subentity are linked in the same data source API, and a foreign key exists in the data source. You can also create a composition where the subentity is part of a different API, possibly even in a different system. This could be the case, for example, when an extension application was created side by side with the main application. + +If there is no foreign key or *Association to many* in the data source, a slightly different syntax must be used. Use the join transform for the composition attribute, with an explicit `sourceEntity` and without a source. Subsequent composition substructure attributes are specified as before, but since their source is in a different `sourceEntity`, it must be explicitly specified. Here's an example: + +``` +{ + "entity": "bestrun.Customer", + "sourceEntities": [ + { "name": "sap.s4.A_Customer" }, + { "name": "sap.s4.A_BusinessPartnerAddress", "join": [["Customer", "BusinessPartner"]] } + ], + + "attributes": [ + { "name": "addresses[]", "transform": "join", "sourceEntity": "A_BusinessPartnerAddress" }, + { "name": "addresses[].id", "source": ["AddressID"], "sourceEntity": "A_BusinessPartnerAddress", "key": true }, + { "name": "addresses[].street", "source": ["Street"], "sourceEntity": "A_BusinessPartnerAddress" }, + { "name": "addresses[].city", "source": ["City"], "sourceEntity": "A_BusinessPartnerAddress" } + ] +} + +``` + + + + + +## Associations to-One + +Associations are relations based on an equality match of an underlying attribute \(sometimes called the *foreign key*\) with the key of the associated target entity. For example, you can model an association from a `Class` to one `Teacher` in your source model. The foreign key is defined as a string. For composite keys, the associating entity must have corresponding foreign keys in the source entity. + +By convention, association to-one attribute names are singular, and prefixed with an underscore. + +To describe an association: + +- Specify `Association` as the type and specify the `associationTarget` as a reference to the full entity name that your association points at. + +- Add a path-segment mapping to the attribute name for each key of the association target with a corresponding source. + + +The target entity usually has only one key, as in the following example: + +``` +{ + "entity": "bestrun.SalesOrder", + "attributes": [ + {"name": "_sellTo", "type": "Association", "associationTarget": "sap.s4.A_Customer"} + {"name": "_sellTo.Customer", "source": ["soldToParty"] } // Customer is the name of the key in A_Customer + ] +} + +``` + + + + + +## Associations to-Many + +An association to-many is a relationship to many target records that match on their key attribute. Such an association requires the existence of a corresponding to-one association in the other direction \(a backlink\). + +![](images/Modeling_Reference_44dd2ab.png) + +To create an association to-many, you specify `Association` as the type and use the `on` clause to specify the to-one association \(backlink\) attribute in the target entity. Association to-many attribute names are plural, followed by open and closed square brackets `[]`. And by convention, they are prefixed with an underscore `_`. + +``` +"entity": "Teacher", +: +"attributes": [ + { "name": "_classes[]", "type": "Association", "associationTarget": "my.new.Class", "on": "_teacher" } +: + +``` + diff --git a/docs/ISuite/50-Development/authentication-79aabda.md b/docs/ISuite/50-Development/authentication-79aabda.md new file mode 100644 index 00000000..a1d42aaa --- /dev/null +++ b/docs/ISuite/50-Development/authentication-79aabda.md @@ -0,0 +1,81 @@ + + +# Authentication + +To communicate with Graph, client applications must present an access token, which they obtain from a security service during authentication: the process of verifying an identity \(such as a username\) of the user and the client by checking additional credentials \(such as a password\). + +Client applications are not concerned with connections to the actual data sources – this is managed entirely by Graph. + +Client applications follow the OAuth 2.0 protocol to obtain an access token. Graph supports two different scenarios, depending on the type of authentication flow required: + +1. User Authentication \(`authorization_code grant`\) + +2. Client Authentication \(`client_credentials grant`\) + + + + + + +## User Authentication + +User authentication is used by Task or Workflow applications, which are required to authenticate \(human\) enterprise users. A typical use case might be an app that lets employees use their own identity to check their vacation quota. + +It requires two steps, involving browser redirects. The first step is to receive an authorization code via a callback, and the second step exchanges the received authorization code for the access token. Applications that use this authentication method must be approved \(added to an allowlist\) by the SAP BTP administrator. For more information, see [Enable Client Applications](enable-client-applications-09d7783.md). + +In the first step, a `GET` call is made to the *security-service*`/oauth/authorize` endpoint with the following query parameters: + +```json +client_id: +redirect_uri: +response_type: code +``` + +To then obtain the access token, a `POST` call is made to the *security-service* `/oauth/token` endpoint with a body: + +```json +grant_type: authorization_code +client_id: +client_secret: +redirect_uri: +code: +``` + + + + + +## Client Authentication + +Client authentication is used by \(headless\) extension archetype applications, when there is no human user to authenticate, or by workflow applications that serve unidentified \(anonymous\) users, for instance in B2C or B2B2C use cases. For example, job applicants can check out a list of job openings, or a business' customers can look up product information\). + +To retrieve an access token that authenticates the client itself is simpler, and involves only one step: the client application makes a `POST` call to the `/oauth/token` endpoint with the following body information that is encoded as `x-www-form-urlencoded` \(for example, `Content-Type: application/x-www-form-urlencoded`\) : + +```json +grant_type: client_credentials +client_id: +client_secret: +``` + +Either way, the retrieved access token must be sent to Graph in every communication, by adding the following header to each `HTTP` call: + +```json +"Authorization": "Bearer " +``` + +Your application code can cache the access token, so it doesn't need to retrieve it every time, but it must be prepared to refresh it, when it expires. + + + + + +## Acquire Graph Service Credentials + +The authentication code of the client applications must use the following parameters to obtain an access token and to connect to Graph: + +- The URL of the authentication service +- Authentication credentials: `client id` and `client secret` +- The Graph API URL + +To acquire these parameters, the Graph service instance and service binding must be created. For more information, see [Enable Client Applications](enable-client-applications-09d7783.md). + diff --git a/docs/ISuite/50-Development/authentication-fa6eec4.md b/docs/ISuite/50-Development/authentication-fa6eec4.md index b7dafe7f..6a555b9c 100644 --- a/docs/ISuite/50-Development/authentication-fa6eec4.md +++ b/docs/ISuite/50-Development/authentication-fa6eec4.md @@ -82,3 +82,5 @@ Now, if you execute the API, the Authentication policy should be able to success [JSON Threat Protection](json-threat-protection-c4991a6.md "Minimizes the risk posed by content-level attacks by enabling specific limits on various JSON structures, such as arrays and strings.") +[API Validation](api-validation-02ff41b.md "The API validation policy enables you to validate incoming request messages against an OpenAPI 3.0 Specification.") + diff --git a/docs/ISuite/50-Development/authorization-6658409.md b/docs/ISuite/50-Development/authorization-6658409.md index 9511fcd2..6f44565e 100644 --- a/docs/ISuite/50-Development/authorization-6658409.md +++ b/docs/ISuite/50-Development/authorization-6658409.md @@ -87,3 +87,5 @@ Now, when you execute the API using the information available in the Service Key [JSON Threat Protection](json-threat-protection-c4991a6.md "Minimizes the risk posed by content-level attacks by enabling specific limits on various JSON structures, such as arrays and strings.") +[API Validation](api-validation-02ff41b.md "The API validation policy enables you to validate incoming request messages against an OpenAPI 3.0 Specification.") + diff --git a/docs/ISuite/50-Development/business-data-graph-configuration-file-e93d38c.md b/docs/ISuite/50-Development/business-data-graph-configuration-file-e93d38c.md new file mode 100644 index 00000000..29a67b44 --- /dev/null +++ b/docs/ISuite/50-Development/business-data-graph-configuration-file-e93d38c.md @@ -0,0 +1,583 @@ + + +# Business Data Graph Configuration File + +The business data graph configuration file is a JSON file that specifies the configuration of a specific business data graph in a landscape. + +The configuration file consists of five parts: + +1. Graph model version + +2. Business data graph identifier + +3. Data sources + +4. Locating policy + +5. Extensions + + +Each of these parts can be modified before the configuration file is activated. You don't need to write this file from scratch. You can generate a defaultGraph configuration file after selecting destinations in your landscape from Graph on the Integration Suite home page. + + + + + +## Graph Model Version + +The Graph model version is the latest version of Graph's unified API entities. When generating the configuration, the version is set to the latest available graph model version, for example 1.0.0. + + + + + +## Business Data Graph Identifier + +The identifier is what developers use in the Graph URL to access the business data graph: + +```json +https://.a.integration.cloud.sap/graph/api//?... +``` + +The business data graph identifier is useful to distinguish multiple business data graph specifications within a single landscape or to manage changes of the business data graph over time. It must be a short string of up to 20 lowercase alphanumeric characters and hyphen separators. For example, `abc-xyz-123mn`. + + + + + +## Data Sources + +The data sources section of the configuration file lists the services \(APIs\) that are configured as destinations in the landscape by the SAP BTP administrator. When you first generate a default configuration file, the list of data sources is automatically discovered from the destination service instances in the SAP BTP subaccount. The list is displayed when the new business data graph is created. + +An example of the format for the `dataSources` section is as follows: + +```json +"dataSources": [ + { "name": "s4_1", "services": [ + { "destinationName": "s4a-bupa" }, + { "destinationName": "s4a-product" }, + { "destinationName": "s4a-sales-order" }, + ... + ] }, + { + "name": "cx_sales", + "services": [ { "destinationName": "c4c-odata" } + ] }, + { + "name": "custom", + "namespace": "company.custom", + "services": [ { "destinationName": "custom-odata" } + ] }, + ... +], +``` + +You can change the data source names \(`s4_1`, and `cx_sales` in the example\) to any name you like, but we recommend keeping them short. These names appear in the response payload of key-based references as key qualifiers. Don’t change the names of the service destinations, because they must match the names of the destinations in your SAP BTP subaccount. You can comment out or delete a destination that you don’t want to expose to the developers and applications that access data in this landscape. + + + +### Custom Services + +The namespace for entities of custom OData services must be explicitly specified in the data source namespace property. For example, Graph automatically discovers custom OData services as shown in the data sources code example. A data source and corresponding locating rule are added to the generated graph configuration. The `CustomProduct` entity of the `custom-odata` service is available in the business data graph using the following path: + +```json +https://.a.integration.cloud.sap/api//company.custom/CustomProduct +``` + +You don't need to specify a namespace for SAP systems known by Graph. For more information, see [Connect to Your Business Systems](connect-to-your-business-systems-1a0dd22.md). + + + +### Path \(Optional\) + +> ### Tip: +> It's recommended to use the path parameter when working with a business system with multiple OData services. + +In a business data graph configuration file, you can add an optional path to the URL of a destination configured in SAP BTP. It's useful when the destination is defined as a general root URL by the SAP BTP administrator, but the actual service API is located relative to that root. + +A typical use case is the connection to an SAP S/4 HANA business system. Instead of maintaining multiple SAP BTP destinations for the same business systems, the SAP BTP administrator can create a single SAP BTP destination using the root URL. The Graph key user then edits the business data graph configuration file to include a path to each individual service before the business data graph is activated. For example, if the host URL is `https://sandbox.api.sap.com`, the configuration of the SAP BTP destination looks like this: + +``` +URL=https://sandbox.api.sap.com/s4hanacloud/sap/opu +Name=sandbox-s4 +Type=HTTP +... +``` + +The URL consists of the host `https://sandbox.api.sap.com` and the root service path `/sap/opu`. + +Using the following path parameter, the services of the data source can reuse the SAP BTP destination: + +``` + +"dataSources": [ + { + "name": "s4", + "services": [ + { + "destinationName": "sandbox-s4", + "path": "/odata/sap/API_BUSINESS_PARTNER" + }, + { + "destinationName": "sandbox-s4", + "path": "/odata4/sap/api_bank/srvd_a2x/sap/bank/0002" + }, + { + "destinationName": "sandbox-s4", + "path": "/odata/acme/API_CUSTOM" + } + ] + } +], +``` + +The first entry of this example is an OData v2 service for the `Business Partner` entity. The full URL is resolved as: `https://sandbox.api.sap.com/s4hanacloud/sap/opu/odata/sap/API_BUSINESS_PARTNER`. + +The second entry is an OData v4 service for the `Bank` entity. The full URL is resolved as:`https://sandbox.api.sap.com/s4hanacloud/sap/opu/odata4/sap/api_bank/srvd_a2x/sap/bank/0002`. + +The third entry is a custom OData v2 service using a custom namespace `acme` instead of the default `sap` namespace. The full URL is resolved as: `https://sandbox.api.sap.com/s4hanacloud/sap/opu/odata/acme/API_CUSTOM`. + + + + + +## Locating Policy + +The locating policy provides Graph with the information to determine where requested data is located. For an introduction to this topic, see [Data Locating Policy](data-locating-policy-28d2c2c.md). + +The default configuration file generated by Graph contains an initial policy recommendation derived from the list and types of systems in the landscape. It's also derived from heuristics based on common enterprise landscapes. You can, and sometimes must, change this default template to match your actual landscape strategy. + +The format for the locating policy is as follows: + +```json +"locatingPolicy": { + "cues": [ … ], + "keyMapping": [ … ], + "rules": [ … ] +} +``` + +Each cue used in the rules must be defined in the cues array. A cue has the following form: + +```json +{ + "name": "…", + "description": "…", +} +``` + +Each key mapping required for the rules must be defined in the `keyMapping` array. Each key mapping has the following form: + +``` +{ + "foreignKey": { + "dataSource": "…", + "entityName": "…", + "attributes": [ … ], + "strategy": { + "name": "format", + "match": "…", + "replace": "…" + } + }, + "references": { + "dataSource": "…", + "entityName": "…", + "attributes": [ … ], + "strategy": { + "name": "format", + "match": "…", + "replace": "…" + } + } +} +``` + +The following table summarizes the aspects of a key mapping: + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Tag + + + +Required + + + +Description + +
+ +dataSource + + + +Mandatory + + + +The name of the data source as defined in the `dataSources` section. + +
+ +entityName + + + +Mandatory + + + +A fully qualified entity name, including namespace, for example `sap.s4.A_Product`. + +
+ +attributes + + + +Mandatory + + + +The attribute, that identifies the entity in the other data source. Currently, only a single attribute is supported. + +
+ +strategy + + + +Optional + + + +Strategy used to select the correct entity. + +
+ +The strategy has the following fields: + + + + + + + + + + + + + + + + + + + + + + + +
+ +Tag + + + +Required + + + +Description + +
+ +name + + + +Mandatory + + + +The name of the strategy, currently only "format" is supported. + +
+ +match + + + +Mandatory + + + +Specific to strategy "format". A regular expression to extract the parts of the attribute value. Use named capturing groups to identify each part. For more information on the supported regular expression syntax, see [RE Syntax](https://github.com/google/re2/wiki/Syntax). + +
+ +replace + + + +Mandatory + + + +Specific to strategy "format". A pattern of the referenced attribute value. Use `$` to reference the values of the capturing groups used in `match` \(keep \`<\` and \`\>\`\). Every name used in `replace` must occur in `match`. + +
+ +Each locating rule applies to one entity, or, via a wildcard, to multiple entities, and has the following format: + +```json +{ "name": "…", "leading": "…", "local": [ … ], "cues": [ … ] } +``` + +Multiple rules can be defined for the same entity, as long as all but one of the rules has cues. A rule without cues is the default rule for that entity. A well-formed policy has one default rule for each entity in the business data graph. This is easy to achieve by using wildcard rules. A data source must appear only once in a rule. + +The following table summarizes the aspects of a locating rule: + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Tag + + + +Required + + + +Description + +
+ +name + + + +Mandatory + + + +Entity name, including a namespace, that the rule applies to. An asterisk \* \(wildcard\) applies to all the entities in this namespace. + +
+ +leading + + + +Mandatory + + + +Name of the data source that is the leading system for this entity. + +
+ +local + + + +Optional + + + +List of data sources, where key-based references to this entity are treated as local references, overriding the leading system. + +
+ +sourceEntity + + + +Optional + + + +The full name of the mirrored source entity for which the rule applies. It's only applicable to composite custom entities. + +
+ + + +### Cues \(Optional\) + +The sets of cues defined for different rules matching the same entity must be disjoint. That is while a specific cue may appear in different rules for different entities, it must not appear in more than one rule for the same entity: + +```json +{"name": "E1", "leading": "…", "cues": ["xyz"]}, +{"name": "E2", "leading": "…", "cues": ["xyz", "abc"]}, // ok, "xyz" may appear in rules for E1 and E2 +{"name": "E2", "leading": "…", "cues": ["mnq", "abc"]} // error, "abc" cannot appear in two rules for E2 +``` + +For examples of how to define locating policies for different landscape architectures, see [Configuration Strategies - Use Cases](configuration-strategies-use-cases-3652dcb.md). + + + +### Key Mapping \(Optional\) + +Key mapping must be configured to support navigation from one data source \(the local, or referencing system\) to another \(the leading, or referenced system\) for the same entity if different keys are used in the two systems. + +For example, you have a `SalesQuote` in system A, with an `item` that refers to a `Product` with key K. This key refers to the local \(system A\) product catalog, but what if you want an application to access the `Product` information in the leading system B? A common example is when the application needs access to a 360° view of an entity, starting from a unified entity. For example, the application might run a request with a resource like: `sap.graph/SalesQuote/21687/item/10/_product/_s4/…` or `sap.graph/SalesQuote/21687/item/10/_product/_c4c/…`. If these two systems don't use the same key, then a key mapping must be defined between them to enable these requests. + +In the following example, you have two data sources, one called `myS4`, the other called `myC4C`. The `myS4` data source is the natural source of truth for product information, and is therefore used as the leading system for `sap.graph.Product`, and of course also for `sap.s4.A_Product`. + +The entity `sap.c4c.ProductCollection` has the foreign key called `ExternalID`, which Graph uses to access `sap.s4.A_Product` in the data source `myS4`. This is declared in the `keyMapping` section as `foreignKey`. + +The referenced `sap.s4.A_Product` has the key attribute `Product` that is referenced by the foreign key. This is declared in the section `references` with a local key from the `myS4` data source, Graph references the `sap.c4c.ProductCollection` in the `myC4C` data source. + +``` +"locatingPolicy": { + "keyMapping": [ + { + "foreignKey": { + "dataSource": "myC4C", + "entityName": "sap.c4c.ProductCollection", + "attributes": ["ExternalID"] + }, + "references": { + "dataSource": "myS4", + "entityName": "sap.s4.A_Product", + "attributes": ["Product"] + } + } + ], + "rules": [ + { "name": "sap.s4.*", "leading": "myS4" }, + { "name": "sap.c4c.*", "leading": "myC4C" }, + { "name": "sap.graph.*", "leading": "myS4", "local": ["myC4C"] }, + { "name": "sap.graph.SalesQuote", "leading": "myC4C", "local": ["myS4"] }, + { "name": "sap.graph.Product", "leading": "myS4", "local": ["myC4C"] } + ] +} +``` + +The foreign key enables Graph to translate between the different keys and allows you to fetch the `_c4c` and `_s4` representations of the `sap.graph.SalesQuote` using the previously described requests that include the `_c4c` and `_s4` navigations. + +Assume that the last locating rule is changed for the `sap.graph.Product`, as follows: + +``` +{ "name": "sap.graph.Product", "leading": "myS4" } +``` + +By removing `myC4C` from the `local` list, Graph is configured to always translate product IDs from `myC4C` to `myS4`. A request such as `sap.graph/SalesQuote/21687/item/10/?$expand=_product` returns an `sap.graph.SalesQuote` populated with data from the respective leading system `myC4C` with a nested `sap.graph.Product` populated with data from the leading system `myS4`. Because `myC4C` isn't listed in `local` for the locating rule of `sap.graph.Product`, Graph uses the defined foreign key to translate the reference. + + + + + +### Key Mapping with Format Translation \(Optional\) + +To extend the key mapping use case, sometimes the foreign key attribute has a different format than the referenced key attribute. In this case, Graph must know the different key notations that exist between data sources and how to convert the values. To achieve this, Graph requires a *Key Format Translation* to link the identical entities. The `keyMapping` must contain a `strategy` to transform the keys in both directions. For more information about the supported regular expression syntax, see [RE2 Syntax](https://github.com/google/re2/wiki/Syntax). + + + +### Composite Custom Entity Rules + +Custom entities are composed of several different source entities, originating from different data sources. + +In such cases, you need to unambiguously inform Graph of the origin of each source entity. You do this by specifying separate locating rules for source entities that originate from a data source other than the main source entity \(that is, the first item in the `sourceEntities` array of the projection file\). This is done by providing additional rules with the `sourceEntity` property specified. + +For example, consider a custom entity `bestrun.Product` composed of a main source entity `sap.s4.A_Product`, and a secondary source entity `company.custom.CustomProduct`. Then, you specify one locating rule per source entity: + +``` +{ + "name": "bestrun.Product", + "leading": "s4", + "sourceEntity": "sap.s4.A_Product" // Optional, since it is the main source entity. +}, +{ // An additional rule is required, since the second source entity has a different leading system. + "name": "bestrun.Product", + "leading": "custom", + "sourceEntity": "company.custom.CustomProduct" +} +``` + +For the main source entity and any other source entities originating from the same data source, the `sourceEntity` property can be omitted, and no other additional rules are required. + +If source entity-specific rules aren't provided for composite custom entities with source entities originating from different data sources, then the resulting entity is partially available, with the properties omitted from the secondary systems. + + + + + +## Exclude Mirror Entities + +All available source entities are automatically added to the exposed graph. To exclude these mirrored entities from your business data graph, you can add the property `exclude`. This removes a defined list of mirrored entities completely from the exposed API. They cannot be queried and all associations linking to them are removed. The removed entities can still be used as a data source for entities in the unified model and for custom projections. Only mirrored entities can be removed, not elements of the unified model or custom entities. + +The exclude property is a list of expression strings. They are matched against the entity name with the namespace prefix. + +``` +"exclude": ["sap.s4.A_Product", "sap.c4c.*"] +``` + +For example, `sap.s4.A_Product`. These expressions can contain an asterisk `*` at the end as a wildcard like `sap.s4.*`. + +**Related Information** + + +[Create a Business Data Graph in Integration Suite](create-a-business-data-graph-in-integration-suite-42daf3b.md "As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph.") + +[Extend Your Business Data Graph](extend-your-business-data-graph-bb4f072.md "To extend your business data graph, you can create model extensions that describe your custom entity projections.") + +[Configuration Strategies - Use Cases](configuration-strategies-use-cases-3652dcb.md "The strategy of configuring Graph starts with the question of what exactly is a landscape?") + diff --git a/docs/ISuite/50-Development/business-data-graph-e1a2171.md b/docs/ISuite/50-Development/business-data-graph-e1a2171.md new file mode 100644 index 00000000..2477378b --- /dev/null +++ b/docs/ISuite/50-Development/business-data-graph-e1a2171.md @@ -0,0 +1,48 @@ + + +# Business Data Graph + +The business data graph is a connected graph of all your business data. + +Business data is by nature richly connected. For example, a sales order has many items, and each item references a product. Still, traditional APIs \(based on SOAP, or plain REST\) access data as individual endpoints. Developers don't only use separate API calls to access different types of data, but they must also learn and remember how to reconstruct the connection between different types of data in their code. This leads to error-prone code and fragile, non-portable applications. + +More recent modeling methodologies, such as SAP's Cloud Application Programming model \(CAP\), introduce semantic, graph-like, relationships between different data types. In the past few years, modern open-standard query protocols emerged that can take advantage of these graph-like data models. OData, based on REST principles, was one of the first such protocols, and GraphQL, developed by Facebook, is growing in popularity. + +With Graph, developers use a single API, and the most up-to-date OData V4 and GraphQL protocols, to efficiently access all business data in a landscape of data sources. + +Graph's data graph is constructed as a projection on these data sources. The nodes of the graph represent entities. Entities are composed of attributes – the data fields. Entity-connecting attributes, the edges of the graph, are referred to as associations. This graph is effectively an abstract data model, whose entities are defined as projections on entities from actual data sources \(back-end applications, systems, and microservices\) with one or more APIs. The data graph is constructed at design time in three steps: + +1. [Mirrored Entities](mirrored-entities-720a1d8.md) + + ![](../images/bdg_mirrored_enitites_38ef78c.png) + + Graph automatically creates projections from each of the entities of the discovered data sources in the landscape. We call these automatic data projections *mirrored entities*. + + Graph distinguishes known data source types \(for example, SAP S/4HANA, SAP SuccessFactors, and SAP C4C\) and unknown data sources. The mirrored entities of supported SAP data sources are added to the data graph under a reserved SAP namespace \(`sap.s4`, `sap.c4c`, and `sap.hcm`\) and then connected to each other by potentially hundreds of additional semantic associations. Entities from unsupported data sources are mirrored under custom namespaces. + +2. [Unified Entities](unified-entities-1cded7b.md) + + ![](../images/bdg_unified_entities_23be9b3.png) + + Graph then adds additional projections on top of the mirrored entities from supported SAP systems, which we call *unified entities*. Unlike the mirrored entities, these are thoughtfully designed and constructed projections, created by SAP experts under the reserved namespace `sap.graph`. Unified entities follow the SAP One Domain Model compatibility guidelines and are designed to bridge and connect semantically common business concepts from multiple data sources \(for example, `Business Partner`, and `Product`\). This allows client apps to get started with cross-system queries. + +3. [Custom Entities](custom-entities-b6318bf.md) + + ![](../images/bdg_custom_entities_e1829c4.png) + + Graph adds the final set of projections, *custom entities*. Custom entities are created by a skilled customer modeler to extend the data graph, through the design and addition of their own projections as a collection of attribute mappings from available SAP and non-SAP data source entities. The modeler can submit a set of custom entity definition files, developed with any text editor. + +4. To complete the process, customer administrators create a *Business Data Graph*: a runtime manifestation of the data graph based on a concrete configuration and version, accessible as a unified API by activating the data graph. The business data graph provides a connected 360° view of the data in the landscape. + + ![](../images/Business_Data_Graph_3463b6a.png) + + +Graph functions as a runtime mediation layer. From the perspective of the API consumer, the nodes of a business data graph look like data entities. Client applications use the business data graph API and graph protocols, such as OData V4 or GraphQL, to issue powerful cross-entity requests like "get a list of products sold to customer C in August, ordered by value" or "what is the address of the top supplier of product P?". Graph interprets and deconstructs complex access requests into simpler query components that typically refer to a single data item \(such as `product`, and `supplier`\). It consults the business data graph configuration to determine which data sources hold the pertinent data for these simpler queries, in order to execute the access request and return the response. Here, Graph must select the appropriate native API that is exposed by the data source, implement its technical API protocol, and work around the specific limitations and capabilities of the native API. + +**Related Information** + + +[Data Locating Policy](data-locating-policy-28d2c2c.md "Data in the business data graph is connected via key-based references.") + +[Modeling Guide](modeling-guide-5e0bb49.md#loio5e0bb49f4d52434bb8377e06dda72c75 "SAP employs a set of best-practice modeling guidelines, known as the SAP One Domain Model guidelines. These guidelines are for the data models of new SAP applications, and are used in this guide as recommendations for creating custom entities.") + diff --git a/docs/ISuite/50-Development/central-monitoring-and-alerting-solutions-605fc6e.md b/docs/ISuite/50-Development/central-monitoring-and-alerting-solutions-605fc6e.md index 1b9ea6d8..89ef345c 100644 --- a/docs/ISuite/50-Development/central-monitoring-and-alerting-solutions-605fc6e.md +++ b/docs/ISuite/50-Development/central-monitoring-and-alerting-solutions-605fc6e.md @@ -88,10 +88,6 @@ SAP Focused Run is a solution for service providers who want to host all their c SAP recommends service providers and customers with a large on premise system landscape to consider using SAP Integration Suite with SAP Focused Run. -Monitoring and alerting using SAP Integration Suite with SAP Focused Run supports the following use cases. - -\(**should we list use cases here as well like above for CALM? If yes, which ones?**\) - More information: - [SAP Focused Run on SAP Help Portal](https://help.sap.com/docs/FRUN?locale=en-US) diff --git a/docs/ISuite/50-Development/configuration-api-specification-and-usage-b5b27c9.md b/docs/ISuite/50-Development/configuration-api-specification-and-usage-b5b27c9.md new file mode 100644 index 00000000..8eff9713 --- /dev/null +++ b/docs/ISuite/50-Development/configuration-api-specification-and-usage-b5b27c9.md @@ -0,0 +1,411 @@ + + + + +# Configuration API Specification and Usage + +The Graph Configuration API is an OData API endpoint. + +The API is available using the following URL: + +``` +{region-specific host}/configuration/v1/sap.graph +``` + +> ### Note: +> You can get the region-specific host from the service bindings. + +All the available resources are listed under the URL. You can get the OData metadata by using the `“/configuration/v1/sap.graph/$metadata”` path. + + + + + +## Graph API Configuration Resource + +A business data graph is represented by a Graph Configuration API resource. The resource URL is as follows: + +``` +{region-specific host}/configuration/v1/sap.graph/GraphConfiguration +``` + + + + + +## Graph Configuration Properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Name + + + +Required + + + +Data Type + + + +Read-Only + +
+ +`businessDataGraphIdentifier` + + + + + + + +String + + + +  + +
+ +`schemaVersion` + + + +  + + + +String + + + +  + +
+ +`graphModelVersion` + + + +  + + + +String + + + +  + +
+ +`effectiveGraphModelVersion` + + + +  + + + +String + + + + + +
+ +`exclude` + + + +  + + + +Array of Strings + + + +  + +
+ +`dataSources` + + + + + + + +Array of data sources + + + +  + +
+ +`locatingPolicy` + + + + + + + +Array of locating policies + + + +  + +
+ + + + + +  + + + +  + + + +  + +
+ +`statusDetails` + + + +  + + + +String + + + + + +
+ +`logMessages` + + + +  + + + +Array of log messages + + + + + +
+ +`extensions` + + + +  + + + +Array of Strings + + + +  + +
+ +`status` + + + +  + + + +String + + + + + +
+ +For more information about the Graph configuration properties, see [Business Data Graph Configuration File](business-data-graph-configuration-file-e93d38c.md). + +> ### Note: +> The `status` property shows the state of the business data graph during design time. This means that when you create a business data graph, the status is `PROCESSING`. From that point, you need to poll the Graph Configuration API resource to check if the processing of the business data graph was successful. If an error occurs during the process, the status is changed to `FAILED`. If the process is successful, the status is changed to `DEPLOYMENT_INITIATED`. When this status is reached, the business data graph is deployed. You can also find the relevant logs in the `logMessages` property. + + + + + +## Examples of Graph Configuration Usage + +> ### Note: +> The following examples for a Graph instance used the EU10 region-specific host. + + + +### Example 1: Create a Simple Business Data Graph with Two Data Sources + +> ### Sample Code: +> ``` +> { +> "businessDataGraphIdentifier": "my-bdg", +> "dataSources": [ +> { +> "name": "my.custom", +> "services": [ +> { +> "destinationName": "csv-frequent-flyer", +> "path": "" +> } +> ], +> "namespace": "my.custom" +> }, +> { +> "name": "s4", +> "services": [ +> { +> "destinationName": "s4-business-partner", +> "path": "" +> } +> ] +> } +> ], +> "locatingPolicy": { +> "cues": [], +> "rules": [ +> { +> "name": "sap.s4.*", +> "leading": "s4", +> "local": [] +> }, +> { +> "name": "sap.graph.*", +> "leading": "s4" +> }, +> { +> "name": "my.custom.*", +> "leading": "my.custom" +> } +> ] +> } +> } +> ``` + +POST: `https://eu10.graph.sap/configuration/v1/sap.graph/GraphConfiguration` + +Response: 201 with the created business data graph configuration. + + + +### Example 2: Get a Business Data Graph + +GET: `https://eu10.graph.sap/configuration/v1/sap.graph/GraphConfiguration/{BDG-Id}` + +Response: 200 with the corresponding business data graph configuration. + + + +### Example 3: Update Existing Business Data Graph + +PATCH: `https://eu10.graph.sap/configuration/v1/sap.graph/GraphConfiguration/{BDG-Id}` + +Response: 200 with the updated business data graph configuration. + diff --git a/docs/ISuite/50-Development/configuration-guide-cb0df0a.md b/docs/ISuite/50-Development/configuration-guide-cb0df0a.md new file mode 100644 index 00000000..131034dc --- /dev/null +++ b/docs/ISuite/50-Development/configuration-guide-cb0df0a.md @@ -0,0 +1,52 @@ + + +# Configuration Guide + +An introduction to the configuration topics of Graph. + +As an IT administrator in charge of enterprise IT, you deploy a variety of business software solutions to manage your major business processes. + +While integrated ERP solutions make this easier, like most SAP customers, you may have established a portfolio of different business systems to address your unique business processes. Many of these data sources are in cloud data centers \(SaaS\), while others are local, on-premise data sources. + +You probably use specific business systems for development, staging, and production. Like many enterprises, you may also manage separate landscapes used by different lines of business, subsidiaries, or regional organizations. + +Graph defines a landscape as a logical cluster of related business systems \(also known as data sources\) with a common purpose and scope, for use by extension applications. A landscape may consist of cloud subscriptions to SAP solutions like SAP Sales Cloud or SAP SuccessFactors, or one or more on-premise SAP S/4HANA systems. Most companies have separate landscapes for development, QA, staging, training, and so forth. While some companies manage only a few landscapes, it is not uncommon for an enterprise to have as many as 20 different landscapes. + +The data sources in a landscape are related. Sales quotes and purchase orders refer to products, and are ordered or sold by employees, who relate to cost centers. All of this data might be maintained in different systems, often with different keys, requiring replications with key mapping and other processes to keep all the data consistent and synchronized. + +Now, consider the needs of the different developers of custom applications who require access to data in your IT architecture. Developers need to know: + +- Where the data is. + +- Which data sources \(business systems\) there are. + +- What APIs are available or must be configured. + +- How everything is connected, and + +- How to access everything. + +- Which is the leading system for certain types of data. + +- How to overcome firewalls and enable VPNs. + +- How to deal with different authentications; which usernames work in which system. + +- ... and more. + + +Providing all this information to developers, particularly partners, is complex, and results in additional fragile and repetitive custom-developed code. And if you ever change your architecture in the future, the change may break the assumptions made by some of these applications. + +Graph changes all of this. As the owner of enterprise data, you configure a set of secure connections to the APIs of your landscapes, and grant Graph exclusive access to these connections. Then, by specifying how the landscape is to be used, and where the data is located in the different business systems, the landscape is abstracted, and the developers see a business data graph, connecting all the data. You grant your trusted developer or partner applications access to a specific business data graph and enable users to use these applications. They focus on the data itself – without having any awareness of the landscape configuration. Even if you change the landscape in the future, you won't affect their extension applications. + +For more information, see: + +- [Enterprise Landscapes](enterprise-landscapes-9d7be62.md): understand how data replication and partitioning determines how your data is accessed + +- [Data Locating Policy](data-locating-policy-28d2c2c.md): learn how Graph locates data + +- [Configuration Strategies - Use Cases](configuration-strategies-use-cases-3652dcb.md): study examples to understand the configuration of business data graphs + +- [Configuration Reference](configuration-reference-187ac43.md) for detailed step-by-step setup and configuration instructions + + diff --git a/docs/ISuite/50-Development/configuration-manager-7daf06c.md b/docs/ISuite/50-Development/configuration-manager-7daf06c.md index dfe9e2ad..fcf60888 100644 --- a/docs/ISuite/50-Development/configuration-manager-7daf06c.md +++ b/docs/ISuite/50-Development/configuration-manager-7daf06c.md @@ -30,13 +30,17 @@ Once your create and define the custom search attributes, you need to use them i -## Maximum Retry Count +## Retry Configuration -The integration flows once deployed, run the transaction activity and try to deliver the message. Sometimes, they fail due to unknown errors. In such cases, you can provide an option to re-trigger the integration flows. With *Maximum Retry Count*, you can now define the maximum number of retries for failed integration flows. This is applicable for *Step 2 - Interchange Processing Flow* and *Step 3 - Receiver Communication Flow*. Follow the procedure below to know how to maintain the retry entries. +The integration flows once deployed, run the transaction activity and try to deliver the message. Sometimes, they fail due to unknown errors. In such cases, you can provide an option to re-trigger the integration flows. With *Retry Configuration*, you can now define the maximum number of retries for failed integration flows. This is applicable for *Step 2 - Interchange Processing Flow* and *Step 3 - Receiver Communication Flow*. Follow the procedure below to know how to maintain the retry entries. 1. Navigate to the *Configuration Manager* in your application. -2. In the *Maximum Retry Count* section, choose *Edit*. +2. In the *Retry Configuration* section, choose *Edit*. 3. Set the *Maximum Retry* count for the fields *Interchange Processing Flow* and *Receiver Communication Flow*. -4. Choose *Save*. Saving the values will immediately push the data into Partner Directory. Choose *OK*. +4. There could be messages that end up failing even after reaching the maximum retry count. These messages are then removed from the JMS queue. If you choose to keep them, you can do so by enabling the **Dead Letter Queue** where these messages will be maintained after getting removed from the JMS queue. + + To enable the dead letter queue, select the checkbox of the field *Dead-Letter Queue* for the fields *Interchange Processing Flow* and *Receiver Communication Flow*. + +5. Choose *Save*. Saving the values will immediately push the data into Partner Directory. Choose *OK*. diff --git a/docs/ISuite/50-Development/configuration-reference-187ac43.md b/docs/ISuite/50-Development/configuration-reference-187ac43.md new file mode 100644 index 00000000..6022caab --- /dev/null +++ b/docs/ISuite/50-Development/configuration-reference-187ac43.md @@ -0,0 +1,8 @@ + + +# Configuration Reference + +This reference provides information that a Tenant administrator needs to know to set up Graph on Integration Suite, connect to your SAP business systems, and create and extend business data graphs. + +It provides detailed step-by-step setup and configuration instructions, and information for the Graph key user to configure one or more business data graphs. See [Configuration Guide](configuration-guide-cb0df0a.md) for more detailed explanations and best practices. + diff --git a/docs/ISuite/50-Development/configuration-strategies-use-cases-3652dcb.md b/docs/ISuite/50-Development/configuration-strategies-use-cases-3652dcb.md new file mode 100644 index 00000000..1cf94b6f --- /dev/null +++ b/docs/ISuite/50-Development/configuration-strategies-use-cases-3652dcb.md @@ -0,0 +1,197 @@ + + +# Configuration Strategies - Use Cases + +The strategy of configuring Graph starts with the question of what exactly is a landscape? + +In this context, a landscape consists of a set of data sources that: + +1. Serve the same purpose and have the same scope. + +2. Is the minimal set of systems with data that is relevant to developers of Graph-based applications. + + +The goal of the enterprise administrator is to specify their landscapes and abstract them in the form of business data graphs that are used by developer-created apps to access the approved data. + +The first two examples discussed here are simple landscapes. The third example is a more comprehensive discussion of a more complex use case, involving partitioned data. The fourth example shows how key mapping is configured to support cross-system navigation. + + + + + +## Example 1: A Landscape with One SAP S/4HANA System + +The administrator and the Graph Key User decided that they want to create and expose a business data graph based only on a single SAP S/4HANA system. The following is an example of the business data graph configuration file. The SAP S/4HANA data source and its destinations are auto-discovered, and match the destinations in the SAP BTP subaccount: + +```json +{ + "schemaVersion": "0.0.1", + "businessDataGraphIdentifier": "erp", + "graphModelVersion": "1.0.0", + "dataSources": [ { + "name": "mys4", + "services": [ + { "destinationName": "erp-bupa" }, + { "destinationName": "erp-product" }, + ... + ] } ], + "locatingPolicy": { + "rules": [ + { "name": "sap.*", "leading": "mys4" } + ] + } +``` + +As you can see, there isn’t much to do. You can rename the business data graph identifier, for example, to `erp` or `v1`, which you can use as a version indicator for your business data graph. If some of the destinations aren’t required in the use cases for this business data graph, you can comment these out. There’s only one locating rule: everything \(`sap.*`\) comes from the single SAP S/4HANA data source. + + + + + +## Example 2: A Landscape with SAP S/4HANA and SAP Sales Cloud + +The landscape is configured with a number of destinations to SAP S/4HANA APIs, as well as a destination to the SAP Sales Cloud tenant. The following is an example of a generated configuration file: + +```json +{ + "schemaVersion": "0.0.1", + "businessDataGraphIdentifier": "crm", + "graphModelVersion": "1.0.0", + "dataSources": [ { + "name": "erp", "services": [ // SAP S/4HANA + { "destinationName": "erp4-bupa" }, + { "destinationName": "erp4-product" }, + { "destinationName": "erp4-clfn-product" }, + { "destinationName": "erp4-sales-order" }, + { "destinationName": "erp4-service-order" } + ] }, + { "name": "c4c","services": [ // SAP Sales Cloud + { "destinationName": "c4c-odata" } + ] } ], + "locatingPolicy": { + "description": "sales scenarios", + "rules": [ + { "name": "sap.s4.*", "leading": "erp" }, + { "name": "sap.c4c.*", "leading": "c4c" }, + { "name": "sap.graph.*", "leading": "erp", "local": ["c4c"] }, + { "name": "sap.graph.CustomerQuote", "leading": "c4c", "local": ["s4"] } + ] + } +} +``` + +This is a common scenario with multiple systems, each having its own policy. The locating policy shows that SAP S/4HANA \(`erp`\), is the leading source of truth for all `sap.s4` mirrored entities, and all unified entities, except for `CustomerQuote` \(in namespace `sap.graph`\), which comes from the SAP Sales Cloud system \(`c4c`\). In all cases, the locality-of-reference principle dictates that key-based references are handled locally. + + + + + +## Example 3: A Landscape with Partitioned Data + +Our third example describes a situation where certain data, for example sales orders, is partitioned over more than one system. Unlike the case of replicated data, in a partitioned scenario an entity is in only one business system. For example, the enterprise could have one instance of SAP S/4HANA for its North American sales operations, and another for its European sales. Or have data partitioned over two systems, because of regulatory or fiscal requirements, like one financial system for the holding company, and one for its subsidiary. To make it interesting, both lines of business share one human resource management system \(an SAP SuccessFactors system\) between them. How would you expose this to your developers? + +Graph can’t access data from multiple systems using one query that represents a union. Therefore, there are two use cases to consider. In the first use case, all the users of the data are separated into two groups: European vs. North American sales teams. The application uses one or the other data source. In the second use case, the application user may require access to the data in both systems. + +Graph offers you different alternative approaches to address this situation. Which of these approaches to choose from depends on the requirements of the extension applications that are used via Graph. It’s possible to use any of these solutions, or even use them in combination. + +These three approaches are illustrated in the following diagram: + +![](images/Landscape_Partitioned_Data_d6ce31e.png) + +**Solution A** is used when a strong separation is required between different business users. You define two separate landscapes in two subaccounts \(which might be in different SAP BTP regions\), each with its own subset of systems, and its own business data graph. This is like two instances of example 2. You establish separate security for each landscape and provide selective access to application developers or users. + +The other two solutions are used if the business user, for example the CFO of the company, needs access to the data in both systems. You create one subaccount with a landscape that includes all three systems. In **Solution B**, you create two different business data graphs, by activating two separate configuration files – one that establishes *s4EU* as the leading system, the other with *s4NA* as the leading system. The application developer uses either the *NAsales* or *EUsales* identifier in the Graph URL to select the business data graph from which to fetch the sales data. If necessary, it combines the data from multiple queries to show them in one view to the user. + +**Solution C** is a simpler variation of solution B. Instead of creating and maintaining multiple business data graphs, requiring frequent shifting of different URLs, it’s often easier to add a cue to the data entity that is partitioned, for example, sales orders. The developer uses the same URL and only adds the cue to queries when the default locating rules need to be overwritten. The configuration file for solution C is as follows: + +```json +{ + "businessDataGraphIdentifier": "allsales", + "dataSources": [ + { "name": "s4NA", "services": [ ... ] }, + { "name": "s4EU", "services": [ ... ] }, + { "name": "hcm", "services": [ {"destinationName": "SFSF" } ] } + ], + "locatingPolicy": { + "description": "Locating policy using cues", + "cues": [ + { "name": "EU", "description": "Euro sales" } + ], + "rules": [ + { "name": "sap.s4.*", "leading": "s4NA", "local": ["s4EU"] }, + { "name": "sap.s4.A_SalesOrder", "leading": "s4EU", "local": ["s4NA"], "cues": ["EU"] }, + { "name": "sap.hcm.*", "leading": "hcm" }, + { "name": "sap.graph.*", "leading": "s4NA", "local": ["s4EU", "hcm"] }, + { "name": "sap.graph.SalesOrder", "leading": "s4EU", "local": ["s4NA"], "cues": ["EU"] } + ] + } +} +``` + + + + + +## Example 4.1: Key Mapping + +Key mapping must be configured to support navigation from one data source to another for the same entity. The most common example is when you need to allow access to a 360° view of an entity, starting from a unified entity. For example, a developer might want to run a request with a resource like: *sap.graph/CorporateAccount/21687/\_s4/…* or *sap.graph/CorporateAccount/21687/\_c4c/…*. If these two systems don't use the same key, then a key mapping must be defined between them to enable the requests. + +In the following example, Graph supports mapping of an `IndividualCustomer` key from a data source called `myC4C` to the key in `myS4`, which is the leading system for this type of entity. `myC4C` is an instance of SAP Sales Cloud and `myS4` is an instance of SAP S/4HANA. Therefore, Graph is mapping keys from the entity `IndividualCustomerCollection` to the entity `A_BusinessPartner`. + +``` +"keyMapping": [ + { + "foreignKey": { + "dataSource": "myC4C", + "entityName": "sap.c4c.IndividualCustomerCollection", + "attributes": ["ExternalID"] + }, + "references": { + "dataSource": "myS4", + "entityName": "sap.s4.A_BusinessPartner", + "attributes": ["BusinessPartner"] + } + } +] +``` + + + + + +## Example 4.2: Key Mapping with Key Translation + +In some scenarios, key mapping is not enough on its own and for some landscapes, the key's format differs between data sources. Depending on landscape configurations, `S4` may reference an entity in the format `ABCDE_123` while SAP Sales Cloud applies a different notation in the External ID field, for example `0000ABCDE.123` . Graph requires a "format" *strategy* to link the identical entities. The `strategy` field contains the `match` and `replace` attributes which provide a regular expression pattern that translates the keys in both directions. + +``` +"keyMapping": [ + { + "foreignKey": { + "dataSource": "myC4C", + "entityName": "sap.c4c.ProductCollection", + "attributes": ["ExternalID"], + "strategy": { + "name": "format", + "match": "0{4}(?.{5}).(?[+ 0-9]{3})$", + "replace": "$_$" + } + }, + "references": { + "dataSource": "myS4", + "entityName": "sap.s4.A_Product", + "attributes": ["Product"], + "strategy": { + "name": "format", + "match": "^(?.{5})_(?[+ 0-9]{3})$", + "replace": "0000$.$" + } + } + } +] +``` + +**Related Information** + + +[Business Data Graph Configuration File](business-data-graph-configuration-file-e93d38c.md "The business data graph configuration file is a JSON file that specifies the configuration of a specific business data graph in a landscape.") + diff --git a/docs/ISuite/50-Development/configure-1b52dd1.md b/docs/ISuite/50-Development/configure-1b52dd1.md new file mode 100644 index 00000000..31b1db88 --- /dev/null +++ b/docs/ISuite/50-Development/configure-1b52dd1.md @@ -0,0 +1,13 @@ + + +# Configure + +Before Graph can be used, the Tenant administrator, needs to configure Graph as a capability of API Management within SAP Integration Suite. + +This section provides all the information you need to: + +- Configure Graph + +- Connect your business systems +- Create your business data graph + diff --git a/docs/ISuite/50-Development/configure-1c90aea.md b/docs/ISuite/50-Development/configure-1c90aea.md index 8ef61ddc..16fa581b 100644 --- a/docs/ISuite/50-Development/configure-1c90aea.md +++ b/docs/ISuite/50-Development/configure-1c90aea.md @@ -4,10 +4,8 @@ In this section, you can: -- Create, and configure API proxies, API providers, certificates, key-value maps, and policy templates in SAP Integration Suite. +- Create, and configure API proxies, API providers, certificates, key-value maps, and policy templates in SAP Integration Suite. See: [Configure APIs](configure-apis-0bb111e.md). -- - -- Create queues, topics, and topic subscriptions for your event-driven integration requirements. +- Create queues, topics, and topic subscriptions for your event-driven integration requirements. See: [Configure Event Mesh](configure-event-mesh-77e213c.md). diff --git a/docs/ISuite/50-Development/configure-a-message-client-867c517.md b/docs/ISuite/50-Development/configure-a-message-client-867c517.md index a71ba9ad..221f03a3 100644 --- a/docs/ISuite/50-Development/configure-a-message-client-867c517.md +++ b/docs/ISuite/50-Development/configure-a-message-client-867c517.md @@ -8,12 +8,10 @@ Understand how to create a message client. ## Context -The service instance *Event Mesh Message Client* on the SAP BTP cockpit provides access to the message client of Event Mesh's capability. +The service instance *SAP Integration Suite, Event Mesh* on the SAP BTP cockpit provides access to the message client of Event Mesh's capability. By creating a service instance on the SAP BTP cockpit, you trigger the creation of a message client and bind it to the Event Mesh capability. By binding the service instance, you enable the automatic delivery of credentials needed to access the service instance from the Event Mesh capability. Later, all the events publishing and consuming applications are authenticated via OAuth client credentials for all technical commnications. -You can create any number of message clients and use each one of them for unique purposes. - Configuring a message client is a two-step process. First, you create a service instance and then create a binding to the Event Mesh capability. @@ -24,7 +22,7 @@ Create a service instance: 1. In the SAP BTP cockpit, choose *Instances and Subscriptions* \> *Create*. -2. Select the service plan *Event Mesh Message Client*. +2. Select the service plan *SAP Integration Suite, Event Mesh*. 3. Provide a name for the instance. diff --git a/docs/ISuite/50-Development/configure-adapter-in-communication-channels-1f06633.md b/docs/ISuite/50-Development/configure-adapter-in-communication-channels-1f06633.md index f1e0955b..cf0aae53 100644 --- a/docs/ISuite/50-Development/configure-adapter-in-communication-channels-1f06633.md +++ b/docs/ISuite/50-Development/configure-adapter-in-communication-channels-1f06633.md @@ -32,7 +32,7 @@ Sender adapter -Allows SAP Integration Suite to consume messages from queues or subscriptions in SAP Integration Suite, advanced event mesh. +Allows SAP Integration Suite See: [Configure the Advanced Event Mesh Sender Adapter](configure-the-advanced-event-mesh-sender-adapter-abd2efc.md) @@ -579,6 +579,22 @@ See: [Configure the AzureStorage Receiver Adapter](configure-the-azurestorage-re +*Coupa* + +Receiver adapter + + + + +Enables SAP Integration Suite to exchange data with Coupa. Coupa is a business spending management software. + +See: [Coupa Receiver Adapter](coupa-receiver-adapter-648ac01.md) + + + + + + *Data Store* Sender adapter @@ -1129,6 +1145,22 @@ See: [Configure the Microsoft SharePoint Receiver Adapter](configure-the-microso +*NetSuite* + +Receiver adapter + + + + +Connects SAP Integration Suite to NetSuite. NetSuite is an integrated cloud business software suite, including business accounting, ERP, CRM, and e-commerce software. + +See: [NetSuite Receiver Adapter](netsuite-receiver-adapter-618127a.md) + + + + + + *OData* Sender adapter diff --git a/docs/ISuite/50-Development/configure-0bb111e.md b/docs/ISuite/50-Development/configure-apis-0bb111e.md similarity index 70% rename from docs/ISuite/50-Development/configure-0bb111e.md rename to docs/ISuite/50-Development/configure-apis-0bb111e.md index f126464f..5e370cc0 100644 --- a/docs/ISuite/50-Development/configure-0bb111e.md +++ b/docs/ISuite/50-Development/configure-apis-0bb111e.md @@ -1,10 +1,10 @@ -# Configure +# Configure APIs -Create, and configure API proxies, API providers, certificates, key-value maps, and policy templates in SAP Integration Suite. +Instead of directly consuming services, application developers can access APIs created using the SAP Integration Suite. -SAP Integration Suite enables consumers to access relevant data directly in a secure manner. Selective data can be exposed while reducing the risk of security breaches. App devlopers access APIs created using SAP Integration Suite rather than app consuming services directly. SAP Integration Suite maps a publicly available HTTP endpoint to backend services and handles the security and authorizations required to protect, analyze, and monitor your services. +SAP Integration Suite enables consumers to access relevant data directly in a secure manner. Selective data can be exposed while reducing the risk of security breaches. SAP Integration Suite maps a publicly available HTTP endpoint to backend services and handles the security and authorizations required to protect, analyze, and monitor your services. You can also define a key value map that lets you create and manage collections of arbitrary key value pairs and ensure that whenever a call is made to your API, there’s a certificate attached to it that confirms the identity of the caller. diff --git a/docs/ISuite/50-Development/configure-jdbc-drivers-77c7d95.md b/docs/ISuite/50-Development/configure-jdbc-drivers-77c7d95.md index 945abdc6..a911361b 100644 --- a/docs/ISuite/50-Development/configure-jdbc-drivers-77c7d95.md +++ b/docs/ISuite/50-Development/configure-jdbc-drivers-77c7d95.md @@ -28,14 +28,14 @@ JDBC connectivity provides a mechanism for integration flows deployed on SAP Int > > > -> Microsoft JDBC Driver for SQL Server +> [Microsoft JDBC Driver for SQL Server](https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver15#82) > > > > -> - [msSQLDriver8.2.2](https://docs.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver15#82) +> - [msSQLDriver8.2.2](https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/8.2.2.jre8/) > -> - [msSQLDriver8.4.1](https://docs.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver15#84) +> - [msSQLDriver8.4.1](https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/8.4.1.jre8/) > > > @@ -45,18 +45,18 @@ JDBC connectivity provides a mechanism for integration flows deployed on SAP Int > > > -> Oracle JDBC Driver +> [Oracle JDBC Driver](https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html) > > > > -> - [oracleDB11.2.0.4](https://www.oracle.com/database/technologies/jdbc-upc-downloads.html) +> - [oracleDB11.2.0.4](https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc6/) > -> - [oracleDB12.2.0.1](https://www.oracle.com/database/technologies/jdbc-upc-downloads.html) +> - [oracleDB12.2.0.1](https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/12.2.0.1/) > -> - [oracleDB19.11.0.0](https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19-11-c-downloads.html) +> - [oracleDB19.11.0.0](https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/19.11.0.0/) > -> - [oracleDB19.16.0.0](https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19-11-c-downloads.html) +> - [oracleDB19.16.0.0](https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/19.16.0.0/) > > > diff --git a/docs/ISuite/50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md b/docs/ISuite/50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md index 7d92d1ca..848ebdc5 100644 --- a/docs/ISuite/50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md +++ b/docs/ISuite/50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md @@ -604,7 +604,7 @@ In addition to the SMF headers there are some non-SMF headers as well that are a 2. TotalLocalProcessingAttempt: The total processing attempts for all deliveries which includes redelivery of a message from the advanced event mesh. Note: For the count to be accurate, ensure the DeliveryCount feature is enabled on the respective Queue or Durable Topic Endpoint and all the delivery attempts are made within the same integration flow. -3. The sender supports the propagation of `SAP_MplCorrelationId`. If the incoming message already contains header `SAP_MplCorrelationId`, the same value is propagated to the exchange. +3. The sender supports the propagation of header `SAP_MplCorrelationId`. If the incoming message already contains a header `SAP_MplCorrelationId`, the same value is propagated into the exchange headers. When setting up the integration flow, add them to the allowlist. To do that, click the modeling area outside any integration flow shape. Then, choose *Runtime Configuration* \> *Allowed Header\(s\)*, if required. diff --git a/docs/ISuite/50-Development/configure-the-successfactors-odata-v2-receiver-adapter-d16dd12.md b/docs/ISuite/50-Development/configure-the-successfactors-odata-v2-receiver-adapter-d16dd12.md index bd654991..6b659264 100644 --- a/docs/ISuite/50-Development/configure-the-successfactors-odata-v2-receiver-adapter-d16dd12.md +++ b/docs/ISuite/50-Development/configure-the-successfactors-odata-v2-receiver-adapter-d16dd12.md @@ -461,7 +461,7 @@ This option isn’t enabled for *Content Enricher*. -Maximum time the system waits for a response before terminating the connection. +Maximum time the system waits for a response before terminating the connection. For more information about the supported session duration, see SAP Note [3063733](https://me.sap.com/notes/3063733). diff --git a/docs/ISuite/50-Development/configuring-apis-for-anomaly-detection-9e7e5d1.md b/docs/ISuite/50-Development/configuring-apis-for-anomaly-detection-9e7e5d1.md index 80d600b2..90f3d8b6 100644 --- a/docs/ISuite/50-Development/configuring-apis-for-anomaly-detection-9e7e5d1.md +++ b/docs/ISuite/50-Development/configuring-apis-for-anomaly-detection-9e7e5d1.md @@ -19,21 +19,26 @@ To view or modify the APIs for anomaly detection, follow the steps below: ## Procedure -1. Log on to the SAP Integration Suite. +1. Log on to the **SAP Integration Suite**. -2. Click on the navigation icon on the left and select *Settings* \> *APIs*. +2. From the left navigation pane, choose *Settings* \> *APIs*. 3. Go to the *Anomaly Detection* tab. -4. If anomaly detection is not already enabled, switch the radio button to the *ON* position. This will display the **API Selection** section. +4. Toggle the radio button to the *ON* position if anomaly detection is not already enabled, . -5. In the **API Selection** section, when you enable anomaly detection for the first time, by default, the system will automatically select and display the top 5 APIs that have received the highest amount of traffic in the past 6 months. + Under *API Selection*, you will see the top 5 APIs that have received the highest amount of traffic in the past 6 months. -6. To make changes to the selection of APIs, click *Modify*. +5. To modify the list of preselected APIs, choose *Modify*. -7. The *Modify APIs* window displays a list of APIs that meet the minimum data requirement \(at least 3 months\) and are available for training. Currently, you can select up to five individual APIs for anomaly detection. Use the checkboxes to select or deselect the desired APIs, and then click on *Modify*. +6. Check or uncheck the desired APIs, and then choose *Modify* in the **Modify APIs** dialog. -8. In the dialog box that appears, click on *Confirm* to save your changes. + The *Modify APIs* dialog will display the list of APIs that meet the minimum data requirement \(at least 3 months' worth of API data\) and are available for AI model training. + + > ### Note: + > Currently, you can select up to five individual APIs for anomaly detection. + +7. Choose *Confirm* to save your changes. > ### Note: > Each time you modify the configuration, the AI model needs to be retrained to effectively detect anomalies. On average, the training process takes approximately 3 hours to complete. Therefore, it is not recommended to make frequent configuration changes. @@ -46,5 +51,5 @@ To view or modify the APIs for anomaly detection, follow the steps below: [Working with Detected Anomalies](working-with-detected-anomalies-1c677b2.md "Access and analyze anomalies in the analytics dashboard. Discover details about the various types of anomalies, evaluate and resolve them.") -[Subscribing to Email Notification Alerts](subscribing-to-email-notification-alerts-88e96f4.md "Receive real-time email alerts for anomaly detection services.") +[Subscribing to Notification Alerts](subscribing-to-notification-alerts-88e96f4.md "Receive real-time alerts for anomaly detection services, delivered to your preferred communication channel.") diff --git a/docs/ISuite/50-Development/data-types-97ad101.md b/docs/ISuite/50-Development/configuring-data-types-97ad101.md similarity index 88% rename from docs/ISuite/50-Development/data-types-97ad101.md rename to docs/ISuite/50-Development/configuring-data-types-97ad101.md index 273092ab..da036225 100644 --- a/docs/ISuite/50-Development/data-types-97ad101.md +++ b/docs/ISuite/50-Development/configuring-data-types-97ad101.md @@ -1,11 +1,11 @@ -# Data Types - -Cloud Integration allows you to view and edit your imported Data Types. +# Configuring Data Types Data Type is an object, containing the structure of data that defines the message. A data type is defined using XML Schema Definition Language \(XSDL\). +Cloud Integration allows you to view and edit your data types. + @@ -101,7 +101,7 @@ Displays the restriction of the value range of a built-in data type for simple d ### -Select a row to view the following details. To edit a data type, select the respective node and choose *Edit*. +To edit a data type, choose *Edit*. Select the node to be edited. The editable details are populated in the right-hand side panel. **Element/Attribute Details** @@ -167,10 +167,10 @@ Choose a type for an element or attribute: - Primitive Type: From the *Value* field, select a built-in data type \(example string, decimal, or integer\) -- Data Type: To assign a user defined data type, choose *Select*. Choose the integration packages from which you wish to list the data type and select the one to be reused. The structure of the selected data type gets loaded in the tree table. +- Data Type: To assign a user-defined data type, choose *Select*. Choose the integration packages from which you wish to list the data types and select the one to be used. The structure of the selected data type gets loaded in the tree table. > ### Note: - > While referencing, only Simple Type data types can be assigned for root node and child attribute nodes. Hence, only Simple Type data types from the selected packages are listed. The data types that are currently being edited are excluded from the list. + > While assigning user-defined data type, only simple type data types can be assigned to root node and child attribute nodes. Hence, only simple type data types from the selected packages are listed. The data types that are currently being edited are excluded from the list. > ### Note: @@ -192,7 +192,7 @@ Namespace -Displays the namespace to which the user defined data type belongs to or where it's created. +Displays the namespace to which the user-defined data type belongs to or where it's created. @@ -206,7 +206,7 @@ Package Name -Displays the package name of the user defined data type assigned to the node. +Displays the package name of the user-defined data type assigned to the node. @@ -457,7 +457,7 @@ To add elements and attributes while editing the data type, follow these steps: - Not Assigned + Not assigned @@ -511,7 +511,7 @@ To add elements and attributes while editing the data type, follow these steps: - Primitive or User defined Simple Data Type + Primitive or user-defined simple data type @@ -538,7 +538,7 @@ To add elements and attributes while editing the data type, follow these steps: - User Defined Complex Data Type + User-defined complex data type @@ -565,7 +565,7 @@ To add elements and attributes while editing the data type, follow these steps: - Not Assigned + Not assigned @@ -743,5 +743,5 @@ Displays the XML Schema Definition \(XSD\) that is, the text view of the data ty **Related Information** -[Message Types](message-types-2eb71b8.md "Cloud Integration allows you to view and edit your imported Message Types along with their referenced data types.") +[Configuring Message Types](configuring-message-types-2eb71b8.md "A message type comprises a data type that describes the structure of a message. For technical reasons, a data type alone is not sufficient to describe the instance of a message. Data types are defined in XML Schema as abstract types that aren't yet tied to an element. You can only describe an instance of a message when you've specified a data type. Therefore, a message type defines the root element of a message.") diff --git a/docs/ISuite/50-Development/configuring-destination-c1ac580.md b/docs/ISuite/50-Development/configuring-destination-c1ac580.md index cf84572d..1acc7fcd 100644 --- a/docs/ISuite/50-Development/configuring-destination-c1ac580.md +++ b/docs/ISuite/50-Development/configuring-destination-c1ac580.md @@ -536,5 +536,5 @@ Example of an archiving destination with BasicAuthentication and all additional **Related Information** -[Enable Archiving](enable-archiving-0fbbe93.md "To enable data archiving on a tenant in the Cloud Foundry environment, use the official OData API.") +[Enable Archiving](enable-archiving-0fbbe93.md "To enable data archiving on a tenant in the Cloud Foundry environment, use the OData API.") diff --git a/docs/ISuite/50-Development/message-types-2eb71b8.md b/docs/ISuite/50-Development/configuring-message-types-2eb71b8.md similarity index 72% rename from docs/ISuite/50-Development/message-types-2eb71b8.md rename to docs/ISuite/50-Development/configuring-message-types-2eb71b8.md index 56f59c78..1e5bfbce 100644 --- a/docs/ISuite/50-Development/message-types-2eb71b8.md +++ b/docs/ISuite/50-Development/configuring-message-types-2eb71b8.md @@ -1,10 +1,10 @@ -# Message Types +# Configuring Message Types -Cloud Integration allows you to view and edit your imported Message Types along with their referenced data types. +A message type comprises a [data type](configuring-data-types-97ad101.md) that describes the structure of a message. For technical reasons, a data type alone is not sufficient to describe the instance of a message. Data types are defined in XML Schema as abstract types that aren't yet tied to an element. You can only describe an instance of a message when you've specified a data type. Therefore, a message type defines the root element of a message. -A message type comprises a [data type](data-types-97ad101.md) that describes the structure of a message. For technical reasons, a data type alone is not sufficient to describe the instance of a message. Data types are defined in XML Schema as abstract types that aren't yet tied to an element. You can only describe an instance of a message when you've specified a data type. Therefore, a message type defines the root element of a message. +Cloud Integration allows you to view and edit your message types along with its referenced data types. @@ -72,7 +72,7 @@ Type -Displays the referenced [data type](data-types-97ad101.md) assigned to the root node and built-in data type \(decimal, string, or integer\) of the child nodes. +Displays the referenced [Configuring Data Types](configuring-data-types-97ad101.md) assigned to the root node and built-in data type \(decimal, string, or integer\) of the child nodes. @@ -102,7 +102,9 @@ Displays the of the value range of a node. -Select a row to view the following additional details and edit referenced data type of the Message Type. +You can view following additional details of a message type. + +In message types, only root nodes can be edited and only the user-defined data type can be modified. To do so, choose *Edit* and then select the node to populate the details in the right-hand side panel. **Element/Attribute Details** @@ -135,7 +137,7 @@ Data Type Used -Choose *Select* to assign a referenced data type from the existing data types. The structure of the selected data type gets loaded in the tree table. +To assign another user-defined data type, choose *Select*. Choose the integration packages from which you wish to list the data types and select the one to be used. The structure of the selected data type gets loaded in the tree table. > ### Note: > You can edit the referenced data type of the root node only. @@ -161,12 +163,10 @@ Displays the namespace to which the referenced data type belongs to or where it' Package Name -\(appears only if the Type is Data Type\) - -Displays the package name of the data type reference assigned to the node. +Displays the package name of the user-defined data type assigned to the node. @@ -224,7 +224,14 @@ Displays the description of the selected node. -The displayed value range [restrictions](data-types-97ad101.md#loio97ad10142fc34269902006e488af1eff__table_xtn_yqp_l5b) can't be edited for Message Types. +**Saving Message Types** + +Choose *Save* to save the draft. Choose *Save as version* to save the message type with a new version. All modifications are also reflected in the XSD tab. + +> ### Note: +> You can save the artifact even if you have validation errors in your structure tab. + +The displayed value range [restrictions](configuring-data-types-97ad101.md#loio97ad10142fc34269902006e488af1eff__table_xtn_yqp_l5b) can't be edited for Message Types. @@ -360,17 +367,6 @@ ES Repository Information - - -## Saving Message Type - -Choose *Save* to save the draft. Choose*Save as version* to save the message type with a new version. All modifications are reflected in XSD tab. - -> ### Note: -> You can save te artifact even if you have validation errors in your Structure tab. - - - ## XSD diff --git a/docs/ISuite/50-Development/connect-to-your-business-systems-1a0dd22.md b/docs/ISuite/50-Development/connect-to-your-business-systems-1a0dd22.md new file mode 100644 index 00000000..0ae7493a --- /dev/null +++ b/docs/ISuite/50-Development/connect-to-your-business-systems-1a0dd22.md @@ -0,0 +1,82 @@ + + +# Connect to Your Business Systems + +As an administrator, you need to set up the data sources you want to use in your business data graphs, setup the connectivity between Graph and your business systems, and create destinations. + +Graph supports data sources based on SAP S/4HANA \(all editions, cloud and on-premise\), SAP SuccessFactors, and SAP Sales Cloud. + +> ### Note: +> Graph supports SAP ERP Central Component \(ECC\) content which has been prepared and exposed as an OData service. To create the service interface, you can use Gateway Builder starting from SAP Gateway version GW\_FND 7.52 and the latest SP \(refer to [2217489 - Maintenance and Update Strategy for SAP Fiori Front-End Server](https://me.sap.com/notes/2217489 - Maintenance and Update Strategy for SAP Fiori Front-End Server)\) or OData Provisioning. + + + + + +## Set Up Data Sources + +To create a business data graph, you must have data sources \(business systems\). Adding data sources to your subaccount consists of two steps for each data source: + +1. Establish trust between the business systems and the SAP BTP subaccount. You can include various SAP systems into a formation and thus combine diverse SAP solutions into an extended business scenario. + + For more information, see [Including SAP Systems in a Formation](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/68b04fa73aa740cb96ed380a85a4761a.html). + +2. Create a destination for each service of these data sources that is exposed to client applications. + + + + + +## Custom SAP BTP Destination Annotations + +Graph supports custom annotations for SAP BTP destinations. + +In the SAP BTP cockpit, you can add *Additional Properties* to destinations. The properties provide additional configuration options. You can add predefined properties forSAP BTP or add freestyle properties using any name and value. + +The following table provides an overview of the custom annotations that Graph supports for SAP BTP destinations: + + + + + + + + + + + + + +
+ +**Name** + + + +**Value** + + + +**Description** + +
+ +`Graph.Ignore` + + + +true + + + +A destination is ignored during Graph configuration, generation, and activation. + +
+ +**Related Information** + + +[Create a Business Data Graph in Integration Suite](create-a-business-data-graph-in-integration-suite-42daf3b.md "As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph.") + +[Actions and Functions](actions-and-functions-3572dfb.md "Actions and functions provide a way to introduce server-side behaviors into the otherwise data-centric model. Graph mirrors actions and functions as provided by connected business systems.") + diff --git a/docs/ISuite/50-Development/consider-basic-layout-principles-32e4f6e.md b/docs/ISuite/50-Development/consider-basic-layout-principles-32e4f6e.md index 74901456..625eba70 100644 --- a/docs/ISuite/50-Development/consider-basic-layout-principles-32e4f6e.md +++ b/docs/ISuite/50-Development/consider-basic-layout-principles-32e4f6e.md @@ -12,5 +12,21 @@ Consider basic layout principles when modeling an integration flow. SAP Integration Suite offers a graphical modeling environment in the *Design* section that allows you to design integration flows. This tool provides various capabilities supporting you in increasing the readability of an integration flow. -Align participants to either the left or the right of the integration process. The flow direction must be from left to right and top to bottom. Message flow must be in straight horizontal or vertical lines. +- Align participants to either the left or the right of the integration process. The flow direction must be from left to right and top to bottom. Message flow must be in straight horizontal or vertical lines. + +- Remove all flow steps that are unused and not connected via message flows. + + Unused and dangling flow steps always lead to deployment errors. If there are valid flow steps, then each one of them must be connected using message flows to be part of the your integration scenario. + +- Create additional integration flow to handle more number of process pools and flow steps. + + An integration flow can handle: + + - 1 Main Integration Process pool + + - 5 Local Integration Process pool + + - 25 flow steps per pool + + diff --git a/docs/ISuite/50-Development/consuming-imported-archives-e7562a7.md b/docs/ISuite/50-Development/consuming-imported-archives-e7562a7.md new file mode 100644 index 00000000..e7d3a7eb --- /dev/null +++ b/docs/ISuite/50-Development/consuming-imported-archives-e7562a7.md @@ -0,0 +1,102 @@ + + +# Consuming Imported Archives + +Understand how to consume an imported archive object in a Function Libraries artifact. + + + + + +## Prerequisites + +1. [Reuse Imported Archives Objects from ES Repository](reuse-imported-archives-objects-from-es-repository-4196091.md) + +2. Deploy the Imported Archives artifact. + + + + + + +## Context + +Consuming an imported archive object is a two-step process: + +1. Create an artifact-to-artifact reference – create a reference from the Function Libraries artifact to the Imported Archives artifact. You can refer to the same Imported Archives artifact from multiple Function Libraries artifacts. + +2. Use the archive in a function library object – add the archive object to one of the function library objects. You can add the same archive object to multiple function library objects. + + + + + + +## Creating a Reference With Function Libraries Artifact + + + + + +## Prerequisites + +[Import Function Library from ES Repository](import-function-library-from-es-repository-d6e7585.md) + + + + + +## Procedure + +1. Open the Function Libraries artifact in edit mode. + +2. In the left-side resource pane, choose the *References* tab. + +3. Choose *Add References* \> *Imported Archives*. + +4. Choose one or more integration packages. + + All Imported Archives available in the selected packages appear. + +5. Choose one or more Imported Archives artifacts based on your requirement and choose *OK*. + +6. Choose *Save* to save the Function Libraries artifact. + + + + + + +## Add an Imported Archive Object To The Function Library Object + + + + + +## Procedure + +1. Open the Function Libraries artifact in edit mode. + +2. In the left-side resource pane, choose the *Function Libraries* tab. + +3. Choose a function library object. + + The java class opens up in the editor. + +4. In the right side editor, choose the *Archives Used* tab. + +5. Choose *Add* and select an imported archive. Choose *OK*. + +6. Change the code for loading the archive object. + + The default line of code that comes with an ESR object is as follows: + + `InputStream in = this.getClass().getClassLoader().getResourceAsStream("com/customer/appl/MyConfig.properties");` + + For the function library object to be able to rightly fetch the imported archive object in Integration Suite, change the existing code line as follows: + + `InputStream in = super.loadResourceFromArchive("ID of the Imported Archive artifact", "path of the file in archive");`. + +7. Choose *Save* to keep your changes and add archive object to the Function Libraries artifact. + + diff --git a/docs/ISuite/50-Development/coupa-receiver-adapter-648ac01.md b/docs/ISuite/50-Development/coupa-receiver-adapter-648ac01.md new file mode 100644 index 00000000..c3fe72ca --- /dev/null +++ b/docs/ISuite/50-Development/coupa-receiver-adapter-648ac01.md @@ -0,0 +1,407 @@ + + +# Coupa Receiver Adapter + +The Coupa receiver adapter connects SAP Integration Suite to Coupa. Coupa is a business spending management software. The Coupa adapter helps you exchange data between the two systems. + +> ### Note: +> This adapter is available on SAP Business Accelerator Hub. +> +> For more information, see [Consuming Integration Adapters from SAP Business Accelerator Hub](consuming-integration-adapters-from-sap-business-accelerator-hub-b9250fb.md). +> +> The availability of the adapter is dependent on your SAP Integration Suite service plan. For more information about different service plans and their supported feature set, see SAP Notes [2903776](https://launchpad.support.sap.com/#/notes/2903776) and [3188446](https://launchpad.support.sap.com/#/notes/3188446). + +> ### Note: +> This adapter exchanges data with a remote component that might be outside the scope of SAP. Make sure that the data exchange complies with your company’s policies. + + + + + +## How the Coupa Receiver Adapter Works + +If you have configured a Coupa receiver adapter, the data exchange is performed as follows at runtime: The SAP through SAP Integration Suite tenant sends the request to Coupa \(this is a receiver system\), the Coupa works on the request and sends back the data to the SAP. + +For Example, SAP S4/HANA generates and pushes the list of suppliers to be copied to Coupa. SAP Integration Suite receives the request and transforms it to the Coupa format. SAP Integration Suite then queries the existing suppliers in Coupa, updates the data for them, and creates a new supplier for the non-existent suppliers. + +The following diagram illustrates the example. + +![](images/Coupa_Receiver_Adapter_dccbe44.png) + + + + + +## Configuring the Coupa Receiver Adapter + +Once you have created a receiver channel and selected the Coupa receiver adapter, you can configure the following attributes. + +Select the *Connection* tab. + +The *Connection* tab contains the connection and the authentication parameters for the Coupa. The adapter supports only OAuth 2.0 authentication type. + +**Connection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Parameter + + + +Description + +
+ +*Address* + + + +Specifies the recipient's endpoint URL, this is Coupa tenant’s URL of the organization. + +Example: + +`https://.coupacloud.com` + +
+ +*OAuth Credential Name* + + + +Specifies the name of the *User Credentials* artifact configured or saved under *Monitor* \> *Manage Security* \> *Security Material*. It contains the Coupa OAuth key and client secret pair. This property enables the system to fetch the security token from the keystore for authentication. + +
+ +*Scopes* + + + +Specifies the permissions configured in Coupa. Enter the different scope values with a space in between. + +Example: + +`core.accounting.read core.account.write core.budgeting.write` + +
+ +*Connection Timeout* + + + +Specifies the connection timeout in milliseconds. This timeout allows the user to configure the maximum waiting time for the connection to be established between SAP and Coupa. + +Example: + +`3000` + +
+ +*Response Timeout* + + + +Specifies the response timeout in milliseconds. This timeout allows the user to configure the maximum waiting time for SAP until a response is received from Coupa. + +Example: + +`3000` + +
+ +The *Processing* tab contains all operation configurations for the Coupa adapter. + +**Processing** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Parameter + + + +Description + +
+ +*Operation* + + + +To access and exchange data with Coupa, you can choose one of the provided operations. Here, you specify the type of action you want to run in Coupa. + +
+ +*Resource* + + + +Select the name of the Coupa resources to perform the API operation. It can be any of the Coupa defined resources like reference data resource, transactional resources or shared resources or any user defined custom object resources. This is an editable dropdown field. You can manually add any other resources that are not listed in the dropdown. + +> ### Note: +> Since the dropdown is editable, ensure you do not leave the operation field blank. + + + +
+ +*Resource Parameters* + + + +To specify the resource key and value in case resource path included parameters. For example, if Account/:id is the resource, name should be specified with `id`, and `` value should be specified as corresponding value pair. This is mostly used in Get Resources, Modify Resources and Update Resource Operations. + +
+ +*Return Object Fields* + + + +To specify only the set of fields to be passed in the response payload. The return objects format should be in JSON. + +For example: + +`["firstname","lastname",{"roles":["id","name"]}]` + +
+ +*Payload Format* + + + +Specifies the format of the request message to be sent to and the response to be returned from Coupa. Values include *Application/XML* and *Application/JSON*. + +Default value: *Application/XML* + +
+ +*Data from Attachment* + + + +Specify whether the attachment object should be obtained from an attachment of the message exchange in SAP Integration Suite or the from the body in SAP Integration Suite. + +> ### Note: +> The Create Resource operation allows working with attachments. After selecting a resource including attachments such as invoices/:invoice\_id/attachment, additional options appear. + + + +
+ +*Attachment Name* + + + +When selecting data from attachment, specify the name of the attachment on the exchange in SAP Integration Suite to retrieve the file. + +Example: + +`Filename.zip, ${property.filename}.zip` + +This field appears when you select *Data from Attachment*. + +
+ +*File Name* + + + +Specify the name of the file to be uploaded to Coupa. + +
+ +*Type* + + + +Specify the attachment type expected by Coupa. + +Default value: *file* + +
+ +*Attachment Properties* + + + +Specify the key and value in case attachment includes parameters. You can add Property Name and Property Value pairs for various fields like file-url, linked-to, intent, text, url. + +
+ +*Limit* + + + +Specify the limit to query records with maximum of 50 records. + +Example: `20` + +When auto pagination is enabled the limit value does not work as all the records will be queried or up to the pre-defined limit value of 100. + +> ### Note: +> Query Resource operation allows querying of any Coupa Resource. After selecting this operation additional fields appear that help you to customize your query requests. + + + +
+ +*Offset* + + + +Specify the offset value for the number of records to be acquired after. + +Example: `20` + +
+ +*Auto Pagination* + + + +Enable to retrieve all the records in case the query result has more than one page of records. + +
+ +*Query Filter Parameter* + + + +Specify the querying parameters to use to retrieve the records. + +This parameter has the following options: + +- *Name* + +- *Operator* + +- *Value* + + +Example: + +`Name Contains Created date` + +`Operator Contains Greater Than` + +`Value Contains 2202-01-01` + +
+ +*Order by Field* + + + +Specify the field or resource property to perform the sorting of the queried records. + +
+ +*Sorting Direction* + + + +Specify the sorting order of the records. There are the following options: + +- *Ascending* + +- *Descending* + + +The default value is *Ascending*. + +
+ diff --git a/docs/ISuite/50-Development/create-a-business-data-graph-in-integration-suite-42daf3b.md b/docs/ISuite/50-Development/create-a-business-data-graph-in-integration-suite-42daf3b.md new file mode 100644 index 00000000..78afcd17 --- /dev/null +++ b/docs/ISuite/50-Development/create-a-business-data-graph-in-integration-suite-42daf3b.md @@ -0,0 +1,58 @@ + + +# Create a Business Data Graph in Integration Suite + +As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph. + + + + + +## Prerequisites + +You have: + +- Assigned the role of Graph Key User. + + You need this role to use the configuration tool. + +- Set up your data sources and provided your user with authorization to access all the data sources \(destinations\) in the landscape. + + Your user needs this authorization to allow Graph to discover the data models. + + + + + + +## Procedure + +1. Go to Integration Suite, *Design* \> *Graph* \> *Business Data Graphs*. + +2. Create a new business using one of the following options: + + - To create a new business data graph, choose *Create new business data graph*. + - To create a business data graph from an existing configuration file, choose *Create from file*. + +3. Enter the business data graph ID and description. The ID is part of the business data graph URL. Choose *Next*. + + > ### Note: + > You can enter up to 20 alphanumeric characters and hyphens for the ID. + +4. Select one or more data sources for your business data graph. Choose *Next*. + +5. \(Optional\) Select a model extension to include in the business data graph. Choose *Next*. + + For more information, see [Extend Your Business Data Graph](extend-your-business-data-graph-bb4f072.md). + +6. When the summary appears, review your configuration. You can edit the business data graph in this step. When you're ready, choose *Create*. + + + + + + +## Results + +After the business data graph is created, it appears in a table where you can view the detailed information. You can also edit or delete your business data graph from the table. For more information, see, [Modify Your Business Data Graph](modify-your-business-data-graph-0084c4d.md). + diff --git a/docs/ISuite/50-Development/create-an-api-artifact-using-url-914f57e.md b/docs/ISuite/50-Development/create-an-api-artifact-using-url-914f57e.md index 224d3bd0..848fd825 100644 --- a/docs/ISuite/50-Development/create-an-api-artifact-using-url-914f57e.md +++ b/docs/ISuite/50-Development/create-an-api-artifact-using-url-914f57e.md @@ -222,11 +222,18 @@ Create an API artifact of the type REST, SOAP, and OData using the HTTP endpoint -10. For a given resource, choose *Show/Hide* to view the list of properties and their associated API documentation. You can add descriptions for each resource in the editor. +10. For a given OData-based API artifact, you can import an .edmx file to update the API artifact with the latest resources. -11. To define policies on the API, go to the *Policies* tab. For more information about how to add a policy, see [Policy Definition and Types of Policies Supported by Edge Integration Cell](policy-definition-and-types-of-policies-supported-by-edge-integration-cell-c744df5.md). + Importing an .edmx file will overwrite the existing list of resources in the API artifact. However, the description for each resource will still be maintained and not be changed. -12. Once you’ve filled in all the required details of the API, you can select one of the following actions for the API: + > ### Note: + > Importing the .edmx file will convert the API artifact to OpenAPI Specification 3.0.0. Please review the changes carefully before saving the API artifact. + +11. For a given resource, choose *Show/Hide* to view the list of properties and their associated API documentation. You can add descriptions for each resource in the editor. + +12. To define policies on the API, go to the *Policies* tab. For more information about how to add a policy, see [Policy Definition and Types of Policies Supported by Edge Integration Cell](policy-definition-and-types-of-policies-supported-by-edge-integration-cell-c744df5.md). + +13. Once you’ve filled in all the required details of the API, you can select one of the following actions for the API: diff --git a/docs/ISuite/50-Development/create-an-api-proxy-c0842d5.md b/docs/ISuite/50-Development/create-an-api-proxy-c0842d5.md index dbe6c3f2..67f83d3a 100644 --- a/docs/ISuite/50-Development/create-an-api-proxy-c0842d5.md +++ b/docs/ISuite/50-Development/create-an-api-proxy-c0842d5.md @@ -258,11 +258,27 @@ Instead of consuming services directly, application developers can access API pr > > For more information on how to define multiple target endpoints using Route Rule, see [Enable Dynamic Routing](enable-dynamic-routing-49cbe91.md). -10. To define multiple target endpoints, navigate to the *Target EndPoint* tab and choose *Add*. +10. To define target endpoint properties, navigate to the *Target EndPoint* tab and choose *Add*. - Enter the *Property Name* and the *Values*. For the Target Endpoint property specifications, see [Target Endpoint Properties](target-endpoint-properties-edeed6a.md). + Enter the *Property Name* and the *Values*. For the target endpoint property specifications, see [Target Endpoint Properties](target-endpoint-properties-edeed6a.md). -11. Once you’ve filled in all the required details of the API, you can select one of the following two actions for the API: +11. To define multiple target endpoints, navigate to the *Target EndPoint* tab. + + Choose *Add* next to the *Target EndPoint* dropdown menu. + + In the *Add Target EndPoint* dialog, fill in the target endpoint *Name*, select the *API Provider*, where you want the target endpoint to point to, and specify the *Relative URL*, then choose *Add*. + + > ### Note: + > Only target endpoints of the type API provider can be added in this dialog. + + > ### Note: + > If you have an API proxy with a multi-target endpoint, it is recommended that the name of the target endpoint should be between 2 and 255 characters. If you enter a single character in the name field for the provider types OpenConnector or Cloud Integration Flow, the API proxy cannot be deployed to the runtime. + + Once added, the target endpoint will appear in the *Target EndPoint* dropdown menu. You can also change the type of the target endpoint from API provider to API proxy or URL. + + To add policies to the target endpoint, choose *Policies* from the top-right corner of the page. You can then view the target endpoint flow and the policies applied to it in the*Policy Editor*. To view the policies associated with a different target endpoint, you can navigate back to the *Target EndPoint* tab on the proxy details page. Select the desired target endpoint and return to the *Policy Editor*. + +12. Once you’ve filled in all the required details of the API, you can select one of the following two actions for the API:
diff --git a/docs/ISuite/50-Development/create-an-api-using-api-specification-39c2b30.md b/docs/ISuite/50-Development/create-an-api-using-api-specification-39c2b30.md index 19efa3f5..5d4a48e7 100644 --- a/docs/ISuite/50-Development/create-an-api-using-api-specification-39c2b30.md +++ b/docs/ISuite/50-Development/create-an-api-using-api-specification-39c2b30.md @@ -185,7 +185,14 @@ To know more about OAS 3.0 support in API Management, see [OpenAPI Specification 10. To add additional attributes, see [Additional Attributes in OpenAPI Specification](additional-attributes-in-openapi-specification-4ab4c8e.md). -11. Once you’ve modeled the API, you can select one of the following actions for the API: +11. For a given OData-based API artifact, you can import an .edmx file to update the API artifact with the latest resources. + + Importing an .edmx file will overwrite the existing list of resources in the API artifact. However, the description for each resource will still be maintained and not be changed. + + > ### Note: + > Importing the .edmx file will convert the API artifact to OpenAPI Specification 3.0.0. Please review the changes carefully before saving the API artifact. + +12. Once you’ve modeled the API, you can select one of the following actions for the API:
diff --git a/docs/ISuite/50-Development/creating-a-communication-partner-profile-49a6b02.md b/docs/ISuite/50-Development/creating-a-communication-partner-profile-49a6b02.md new file mode 100644 index 00000000..e127b2d9 --- /dev/null +++ b/docs/ISuite/50-Development/creating-a-communication-partner-profile-49a6b02.md @@ -0,0 +1,1070 @@ + + + + +# Creating a Communication Partner Profile + +Create a Communication Partner profile. + + + +## Context + +A communication partner profile is similar to trading partner profile. Using a communication partner profile, you can create AS2 specific configurations and use them across other entities. Most of the AS2 specific agreements and templates have different trading partners, identifiers and type systems, but they almost have the same AS2 configurations. Instead of defining them individually for each trading partner profile, you can now define them once in your communication partner and reuse them indefinitely. To know more about creating such partner, follow the procedure below. + + + +## Procedure + +1. Login to your application and navigate to *Design* \> *B2B Scenarios* from the left pane. + +2. In the resulting screen, navigate to *Partner Profiles* tab. + +3. Choose *Create* and select *Communication Partner* from the drop-down list. + +4. Under the *Overview* tab, maintain the following fields under the *Details* section: + + +
+ + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + **Company Name** + + + + Provide a valid name of your company. This field is mandatory. + +
+ + **Company Short Name** + + + + Enter a short name of your company. This field is mandatory. + +
+ + **URL** + + + + The web link to access your company + +
+ +5. You can also provide the address of your company under the *Address* section. + +6. Choose *Save* to save your changes. + +7. Navigate to the *Systems* tab and choose *Create System*. + +8. In the*Create System* dialog, maintain the following fields: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field Name + + + + Description + +
+ + **Name** + + + + Enter a valid name for the system. + +
+ + **Alias** + + + + Enter an alias for the system. + +
+ + **Type** + + + + Select the type of the system from the drop-down list. + + If you want to modify the system type details, choose the edit icon :pencil2: + + If your system type is not available in the list, choose add :heavy_plus_sign: and enter the details of the new system and choose *Apply*. The newly created system will be selected now in the *Type* field. + +
+ + **Purpose** + + + + Select the purpose of the type system from the drop-down list. You can choose *Dev*, *Test* or *Prod*. The value that you set here will be picked up during the agreement activation to denote in the payload the purpose of the transaction. + + To know more, see [Payload Indicator in Integration Flow Message Processing](payload-indicator-in-integration-flow-message-processing-7f322c0.md) + +
+ + **Link** + + + + Provide a link to the system. + +
+ + **Description** + + + + Provide a description for the system. + +
+ +9. Choose *Save*. The new system gets created. + +10. The *Status* of this newly created system is set to *Incomplete* as you need to configure the communication channel details for the system. Open the system and choose *Create Communication*. + +11. In the *Add Communication* dialog, maintain the following fields: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field Name + + + + Description + +
+ + **Name** + + + + Enter a valid name for your communication + +
+ + **Alias** + + + + Enter an alias name for your communication + +
+ + **Description** + + + + Provide a meaningful description + +
+ + **Direction** + + + + Choose whether the communication channel is a *Sender* or *Receiver*. + +
+ + **Adapter** + + + + Select an adapter from the drop-down list. + + > ### Note: + > Only AS2 adapter is supported adapters for *Sender* and *Receiver* communication. + + + +
+ +12. If you chose *AS2* for the *Sender*, the following fields appear: + + 1. *Security Configuration Mode*: Set your configuration mode to *Profile* or *Channel* from the drop-down list. + + > ### Note: + > It is highly recommended to use *Profile* mode as this mode supports reuse of configurations. *Channel* mode is only used for backward compatibility. + + 2. *User Account*: Enter the user account in this field. This field appears for *Channel* mode. + + 3. *AS2 Partner ID*: Select a partner ID from the drop-down list. This field appears for *Profile* mode. + + +13. If you chose *Channel* as the configuration mode, you need to maintain the following tabs that appear below the fields: + + **MDN Tab** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Name + + + + Description + +
+ + Private Key Alias for Signature + + + + This field should be maintained under the *Security* tab to sign the MDN on partner's request. + +
+ + Signature Encoding + + + + Select the MDN signature encoding type from the drop-down list. + +
+ + Proxy Type + + + + Select the proxy type using which the request is sent to the receiver. + +
+ + Location ID + + \(Only if you chose *On-Premise* as the *Proxy Type*.\) + + + + Enter the location ID to connect to the cloud connector associated with your account. + +
+ + Authentication + + + + Select the authentication type for your MDN. + +
+ + Credential Name + + \(Only if you chose *Basic Authentication*\) + + + + Select the deployed user credential alias from the drop-down list. + +
+ + **Security Tab** + + + + + + + + + + + + + + + + + + + + + + + +
+ + Name + + + + Description + +
+ + Decrypt Message + + + + Select this checkbox to ensure that the message is decrypted. + +
+ + Private Key Alias + + \(only if you select *Decrypt Message*\). + + + + Specify the private key alias to decrypt the AS2 message. + + > ### Note: + > You need to first maintain the Private Key Alias in the Keystore of the Cloud Integration tenant. + + + +
+ + Verify Signature + + + + Ensure that the signature is verified by selecting one of the following options: + + - *Not Required* + + - *Trusted Certificate*: Used to verify the Signature. + + - *Trusted Root Certificate*: The trust chain begins with the use of the public alias as an intermediate certificate to verify the inbound certificate. After successful verification the inbound certificate is used to verify the Signature. + + > ### Note: + > If *Trusted Root Certificate* is selected mention the public key alias immediate root certificate of the incoming message. + + + + +
+ + Public Key Alias \(Only if you have selected *Trusted Certificate* or *Trusted Root Certificate*\) + + + + Specify the public key alias\(in case of *Trusted Certificate*\) or public key aliases\(in case of *Trusted Root Certificate*\) to verify the signature of the AS2 message. + + > ### Note: + > You need to first maintain the certicates under the *Certificates* tab of the trading partner profile. + + + +
+ +14. If you chose *Profile* as the configuration mode, maintain the following tabs: + + > ### Note: + > The *AS2 Partner ID* tab gets auto-filled based on the values provided in th fields above. + + **MDN Tab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Name + + + + Description + +
+ + Signature Encoding + + + + Select the MDN signature encoding type from the drop-down list. + +
+ + Proxy Type + + + + Select the proxy type using which the request is sent to the receiver. + +
+ + Location ID + + \(Only if you chose *On-Premise* as the *Proxy Type*.\) + + + + Enter the location ID to connect to the cloud connector associated with your account. + +
+ + Authentication + + + + Select the authentication type for your MDN. + +
+ + Credential Name + + \(Only if you chose *Basic Authentication*\) + + + + Select the deployed user credential alias from the drop-down list. + +
+ +15. If you chose *AS2* adapter for your *Receiver* communication, maintain the following tabs: + + **Connection Tab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + Receipient URL + + + + Enter the URL of the AS2 receiver system + +
+ + Proxy Type + + + + Select the type of proxy you want to use for connecting to receiver system. + + - Internet + + - On-Premise + + + +
+ + Location ID \(only if you chose *On-Premise* for the *Proxy Type*\) + + + + Enter the location ID that you defined for this instance in the destination configuration. + +
+ + Authentication Type + + + + Select one of the following authentication methods: + + - None + + - Basic Authentication + + + +
+ + Credential Name + + Only if you choose *Basic Authentication* + + + + Provide the credentials for basic authentication + +
+ + **Processing Tab** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + File Name + + + + Specify the AS2 file name. + +
+ + Append Timestamp + + + + Appends a timestamp at the end of the file name. + +
+ + Include Millisecond \(appears only if you select the checkbox for *Append Timestamp*\) + + + + Select this checkbox if you want milliseconds to be included the AS2 timestamp \(yyyyMMddHHmmssSSS\). + +
+ + Message ID Left Part + + + + Specify the left side of the AS2 message ID. Regular expression or '.\*' is allowed. + +
+ + Message ID Right Part + + + + Specify the right side of the AS2 message ID. Regular expression or '.\*' is allowed. + +
+ + Own AS2 ID + + + + Specify your own AS2 ID. Regular expression or '.\*' is allowed. + +
+ + Partner AS2 ID + + + + Specify the partner's AS2 ID. + +
+ + Message Subject + + + + Specify an AS2 message subject. + +
+ + Own E-mail address + + + + Specify your own e-mail address. + +
+ + Content-Type + + + + Enter the content type of the outgoing message. + +
+ + Content Transfer Encoding + + + + Select the AS2 message encoding type from the drop-down list. + +
+ + **Security Tab** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + Compress Message + + + + Select this checkbox to ensure that the outgoing AS2 message is compressed. + +
+ + Sign Message + + + + Select this checkbox to ensure that the outgoing AS2 message is signed. + +
+ + Algorithm \(appears only if you select the checkbox for *Sign Message*\) + + + + Select an AS2 message signing algorithm from the drop-down list. + +
+ + Private Key Alias \(appears only if you select the checkbox for *Sign Message*\) + + + + Specify the private key alias to sign the AS2 message. + +
+ + Encrypt Message + + + + Select this checkbox to ensure that the message is encrypted. + +
+ + Algorithm \(appears only if you select the checkbox for *Encyrpt Message*\) + + + + Select an AS2 encryption algorithm from the drop-down list. + +
+ + Public Key Alias \(appears only if you select the checkbox for *Encrypt Message*\) + + + + Specify the public key alias to encrypt the AS2 message. + +
+ + **MDN Tab** + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + Type + + + + Choose one of the following for the MDN request: + + - Asynchronous + + - None + - Synchronous + + + +
+ + Request Signing + + \(only if you select the *Synchronous* or *Asynchronous* MDN type\) + + + + Enable this option to request the partner to sign AS2 MDN. + +
+ + Request MIC + + \(only if you select the *Synchronous* or *Asynchronous* MDN type\) + + + + Enable this option if you want to request an integrity check. + +
+ + Message Failure on Negative MDN + + \(only if you select the *Synchronous* MDN type\) + + + + Enable this option to set message status to *Failed* on negative MDN. + +
+ +16. Choose *Save*. + +17. Navigate to the *Certificates* tab and choose *Create Certificate*. + +18. In the *Add Certificate* dialog, enter an alias for the certificate in the *Alias* field. + +19. Choose *Browse* to browse and upload a certificate to the *File* field. + +20. Choose *Add*. The certificate is added successfully. + +21. Navigate to the *Security* tab. This tab allows you to create signature verification configurtions. Choose *Create*. + +22. In the resulting dialog, maintain the following fields: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Name + + + + Description + +
+ + **AS2 Partner ID** + + + + Enter the ID of the AS2 Partner + +
+ + **Alias** + + + + Maintain an alias for the configuration + +
+ + **Signature** + + + + Select the signature mode for the configuration from the drop-down list + +
+ + Public Key Alias \(appears only when you choose the option *Trusted Certificate* for *Signature*\) + + + + Select a certificate from the drop-down list. + +
+ + **Verify MIC\(MDN Only\)** + + + + Select this checkbox if you want to enable the Message Integrity Check \(MIC\). This applies only for AS2 MDN. + +
+ +23. Choose *Save*. You have now successfully created a communication partner. + + diff --git a/docs/ISuite/50-Development/creating-a-trading-partner-agreement-9bd43c9.md b/docs/ISuite/50-Development/creating-a-trading-partner-agreement-9bd43c9.md index f4852ba5..9b828df1 100644 --- a/docs/ISuite/50-Development/creating-a-trading-partner-agreement-9bd43c9.md +++ b/docs/ISuite/50-Development/creating-a-trading-partner-agreement-9bd43c9.md @@ -363,6 +363,8 @@ The creation modes apply only for the agreements you newly create. The agreement > The application now provides you with the *ProcessDirect* adapter that allows you to use your customised integration flow within the generic integration flow. To know more about how it works, see [Interchange Processing Flow](interchange-processing-flow-7d3bce9.md) 20. The *Enable Payload Validation* checkbox allows the system to validate the incoming payload. Check/Uncheck the option if you want to enable or disable the payload validation. + - If enabled, the generic integration flow will perform a validation check for the sender interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + 21. The *Enable Syntax Validation* checkbox allows the system to validate the syntax using EDI splitter and this option is selected by default. Check/Uncheck the option if you want to enable or disable the syntax validation. > ### Note: @@ -371,8 +373,10 @@ The creation modes apply only for the agreements you newly create. The agreement > - ASC X12 > > - UN/EDIFACT + > + > If the identifier used in the agreement has **Custom Scheme Code**, then this option will be skipped irrespective of the field selection. -22. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see . +22. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md). 23. Choose the *Mapping* step. 24. Select a mapping guideline using the value help provided for the field *Mapping Guideline\(MAG\)*. @@ -417,7 +421,9 @@ The creation modes apply only for the agreements you newly create. The agreement > To know more about how it works, see [Interchange Processing Flow](interchange-processing-flow-7d3bce9.md) 33. The *Enable Payload Validation* checkbox allows the system to validate the outgoing payload. It is selected by default. Uncheck the option if you want to disable the payload validation. -34. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see . + - If enabled, the generic integration flow will perform a validation check for the receiver interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + +34. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md). 35. If your receiver type system is UN/EDIFACT, you might want to set a target encoding. To do so, under the field *Target Encoding*, select a value from the list. 36. Select the *Enable* checkbox under *Receiver Functional Acknowledgement* if you want to enable the functional acknowledgement for the receiver. @@ -804,6 +810,8 @@ The creation modes apply only for the agreements you newly create. The agreement > The application now provides you with the *ProcessDirect* adapter that allows you to use your customised integration flow within the generic integration flow. To know more about how it works, see [Interchange Processing Flow](interchange-processing-flow-7d3bce9.md) 23. The *Enable Payload Validation* checkbox allows the system to validate the incoming payload. Check/Uncheck the option if you want to enable or disable the payload validation. + - If enabled, the generic integration flow will perform a validation check for the sender interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + 24. The *Enable Syntax Validation* checkbox allows the system to validate the syntax using EDI splitter and this option is selected by default. Check/Uncheck the option if you want to enable or disable the syntax validation. > ### Note: @@ -813,9 +821,11 @@ The creation modes apply only for the agreements you newly create. The agreement > > - UN/EDIFACT > + > If the identifier used in the agreement has **Custom Scheme Code**, then this option will be skipped irrespective of the field selection. + > > This option is not editable if you have created the agreement with reference mode \(created using *Bind with Template* option\). -25. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see +25. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md) 26. Choose the *Mapping* step. 27. Select a mapping guideline using the value help provided for the field *Mapping Guideline\(MAG\)*. @@ -860,7 +870,9 @@ The creation modes apply only for the agreements you newly create. The agreement > To know more about how it works, see [Interchange Processing Flow](interchange-processing-flow-7d3bce9.md) 36. The *Enable Payload Validation* checkbox allows the system to validate the outgoing payload. It is selected by default. Uncheck the option if you want to disable the payload validation. -37. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see + - If enabled, the generic integration flow will perform a validation check for the receiver interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + +37. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md) 38. Select the *Enable* checkbox under *Receiver Functional Acknowledgement* if you want to enable the functional acknowledgement for the receiver. > ### Note: diff --git a/docs/ISuite/50-Development/creating-an-agreement-template-9692cb1.md b/docs/ISuite/50-Development/creating-an-agreement-template-9692cb1.md index 75ea239b..2665e073 100644 --- a/docs/ISuite/50-Development/creating-an-agreement-template-9692cb1.md +++ b/docs/ISuite/50-Development/creating-an-agreement-template-9692cb1.md @@ -384,7 +384,10 @@ Follow the next procedure to create an agreement template. This step is carried out using the ProcessDirect adapter. To know more about how it works, see [Interchange Processing Flow](interchange-processing-flow-7d3bce9.md). -23. If you want to enable the payload validation, select the checkbox under *Validation Option*. +23. If you want to enable the payload validation, select the checkbox *Enable Payload Validation*under *Validation Option* section. + + 1. If enabled, the generic integration flow will perform a validation check for the sender interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + 24. The *Syntax Validation* checkbox is selected by default to enable syntax validation through the EDI splitter. If you do not want to use this validation, you can disable this option. @@ -394,7 +397,9 @@ Follow the next procedure to create an agreement template. - ASC X12 -25. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see + If the identifier used in the agreement has **Custom Scheme Code**, then this option will be skipped irrespective of the field selection. + +25. To archive the sender payload, select the checkbox for the field *Archive Sender Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md) 26. Similarly, choose the *Communication Channel* on the receiver side and enter a value for the field *Alias for Communication*. @@ -431,9 +436,12 @@ Follow the next procedure to create an agreement template. You can view the status of the Functional Acknowledgement through the *Monitor* tab. To know more, see [Monitoring B2B Messages](monitoring-b2b-messages-b5e1fc9.md) -34. If you want to enable the payload validation, select the checkbox under *Validation Option*. +34. If you want to enable the payload validation, select the checkbox for the field *Enable Payload Validation* under *Validation Option*. + + 1. If enabled, the generic integration flow will perform a validation check for the receiver interchange. And regardless of the outcome, the interchange processing will continue to run. If you want to stop processing the interchange when payload validation fails, enable the checkbox for the field *Stop Processing if Payload Validation Fails*. + -35. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see . +35. To archive the receiver payload, select the checkbox for the field *Archive Receiver Payload*. To know more about archiving data, see [Archiving Payload Data](archiving-payload-data-b927e01.md). 36. If your receiver type system is UN/EDIFACT, you might want to set a target encoding. To do so, under the field *Target Encoding*, select a value from the list. diff --git a/docs/ISuite/50-Development/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md b/docs/ISuite/50-Development/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md index 8576bca9..a771cb02 100644 --- a/docs/ISuite/50-Development/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md +++ b/docs/ISuite/50-Development/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md @@ -94,7 +94,7 @@ Instead of directly consuming API services, application developers can access AP 8. Choose *Create*. - An API provider is auto-created with the name that is populated in the *Name* field of the *Create API* dialog. This auto-created API provider helps in storing the user credentials provided in the *Authentication* dialog and connects to the API proxy. + An API provider is auto-created with the name that is populated in the *Name* field of the *Create API* dialog. This creates an API provider of type *Cloud Integration Flow*. This auto-created API provider helps in storing the user credentials provided in the *Authentication* dialog and connects to the API proxy. 5. A *Create API* screen opens with the API proxy name on the top. You can edit the API proxy details, if necessary and choose*Save*. diff --git a/docs/ISuite/50-Development/creating-an-imported-archives-artifact-e555caf.md b/docs/ISuite/50-Development/creating-an-imported-archives-artifact-e555caf.md new file mode 100644 index 00000000..612715bc --- /dev/null +++ b/docs/ISuite/50-Development/creating-an-imported-archives-artifact-e555caf.md @@ -0,0 +1,104 @@ + + +# Creating an Imported Archives Artifact + +Create an Imported Archives artifact to which later you can add imported archive objects. + + + + + +## Procedure + +1. Open your integration package and choose *Edit*. + +2. In the *Artifacts* tab, choose *Add* \> *Imported Archives*. + +3. In the *Add Imported Archives* dialog box, choose one of the following options: + + - *Create* – to create an artifact. + + - *Upload* – to upload a .zip file that contains the resources for an Imported Archives artifact. You can download such a file from other integration packages. + + +4. Enter the details as listed in the following table: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Field + + + + Description + +
+ + Imported Archives \(only for upload\) + + + + Upload a .zip file containing the resources. + +
+ + Name + + + + Name for the Imported Archives. + +
+ + ID + + + + Uniquely identifies the Imported Archives. + +
+ + Runtime Profile + + + + Select the runtime where you want to execute the Imported Archives. For more information, see [Runtime Profiles](IntegrationSettings/runtime-profiles-8007daa.md). + +
+ + Description + + + + Description of the Imported Archives and its purpose. + +
+ +5. Choose *OK*. + + diff --git a/docs/ISuite/50-Development/creating-an-integration-flow-da53d93.md b/docs/ISuite/50-Development/creating-an-integration-flow-da53d93.md index bdbaab45..4e7d6220 100644 --- a/docs/ISuite/50-Development/creating-an-integration-flow-da53d93.md +++ b/docs/ISuite/50-Development/creating-an-integration-flow-da53d93.md @@ -18,6 +18,13 @@ You’ve created an integration package. For more information, see [Creating an An integration flow is a graphical representation of the flow and processing of messages between two or more participants using an integration runtime platform, ensuring successful communication. +You can create an integration flow in different ways: + +- Let AI generate your integration flow based on the descriptions you provide. + +- Manually add an integration flow either by creating or uploading. + + @@ -30,7 +37,81 @@ An integration flow is a graphical representation of the flow and processing of 3. Navigate to the *Artifacts* tab and choose *Add* \> *Integration Flow*. -4. If you want to create a new integration flow, execute the following substeps: + + + + + +## Generate Integrations with AI Assistance + + + + + +## Context + +> ### Note: +> This information is relevant only when you use the Cloud Integration capability as a part of SAP Integration Suite. Availability of this feature depends upon the SAP Integration Suite service plan that you use. For more information about different service plans and their supported feature set, see SAP Note [2903776](https://launchpad.support.sap.com/#/notes/2903776). + + + + + +## Procedure + +1. In the *Add Integration Flow* dialog, choose the method *Generate Integrations with assistance from AI*. + +2. Describe your integration scenario for which you want to generate an integration flow. + +3. Choose \(Send\). + +4. In the *AI Response* section, you see a positive response if your inputs are fine. Else, you see suggestions from Generative AI tool to add missing information in your scenario description. + +5. In the *Sender System*, one of your registered SAP system is selected. If you want to select another SAP system of same type, choose *Select* and pick a system of your choice. + + > ### Note: + > If you haven't enabled system landscape in SAP BTP cockpit, you see an empty *Sender System* field. + +6. Similarly, in the *Receiver System*, one of your registered SAP system is selected. If you want to select another SAP system of same type, choose *Select* and pick a system of your choice. + + > ### Note: + > If you haven't enabled system landscape in SAP BTP cockpit, you see an empty *Receiver System* field. + +7. A *Name* generated by the Generative AI tool – modify the name, if needed. + +8. Choose *Create*. + + + + + + +## Results + +An integration flow with the following shapes is created: + +- *Sender*: Represents your source system auto-filled with the details of the same in the adapter channel. + +- *Receiver*: Represents your target system auto-filled with the details of the same in the adapter channel. + +- *Integration Process*: The shape where you add all the steps that define how a message is processed in the tenant. + + + + + + +## Add Integrations Manually + + + + + +## Procedure + +1. In the *Add Integration Flow* dialog, choose the method *Add Integrations manually*. + +2. If you want to create a new integration flow, execute the following substeps: 1. Choose the *Create* radio button. @@ -55,7 +136,7 @@ An integration flow is a graphical representation of the flow and processing of 6. Choose *Add* to just create an integration flow or *Add and Open in Editor* to open the integration flow in its editor. Alternatively, you can press the [Enter\]/[Return\] key to create an integration flow. -5. If you want to upload an integration flow, execute the following substeps: +3. If you want to upload an integration flow, execute the following substeps: 1. Choose the *Upload* radio button. @@ -80,7 +161,7 @@ An integration flow is a graphical representation of the flow and processing of - + ## Results @@ -90,11 +171,6 @@ A template-based integration flow with the following shapes is created: - *Receiver*: Represents the receiver system. -- *Integration Process*: The shape where you add all the steps that define how a message is processed in the tenant. This shape has two tabs: - - - *General*: allows you to set the name of the integration process - - - *Processing*: allows you to maintain the *Transaction Handling* and the *Timeout* details under *Transaction Management*. - +- *Integration Process*: The shape where you add all the steps that define how a message is processed in the tenant. diff --git a/docs/ISuite/50-Development/creating-data-types-and-message-types-d5bbbee.md b/docs/ISuite/50-Development/creating-data-types-and-message-types-d5bbbee.md index 208eb878..474d2552 100644 --- a/docs/ISuite/50-Development/creating-data-types-and-message-types-d5bbbee.md +++ b/docs/ISuite/50-Development/creating-data-types-and-message-types-d5bbbee.md @@ -2,48 +2,75 @@ # Creating Data Types and Message Types -Data Type and Message Type artifacts can be imported from the Enterprise Services \(ES\) Repository. +Create new Data Type and Message Type artifacts or import from the Enterprise Services \(ES\) Repository. + + - +## Create Data Type and Message Type Artifacts + + + + ## Prerequisites -- You’ve created an integration package. For more information, see [Creating an Integration Package](creating-an-integration-package-9126d79.md). -- You've configured connection to ES Repository. For more information, see [Configuring Connectivity to an SAP Process Orchestration System](IntegrationSettings/configuring-connectivity-to-an-sap-process-orchestration-system-8c36fd2.md). +You’ve created an integration package and opened it in edit mode. For more information, see [Packaging Integration Content in Integration Suite](packaging-integration-content-in-integration-suite-89da0a2.md). -## Context +## Procedure -You can use the Message Type artifacts in message mapping and integration flows once it's imported from the ES repository. See: [Consuming Message Types in Message Mapping](consuming-message-types-in-message-mapping-34f6345.md) +1. Navigate to the *Artifacts* tab and choose *Add* \> *Data Type* or *Add* \> *Message Type* to add a data Type or message Type artifact. +2. In the dialog box, choose *Create*. +3. Enter all the mandatory information in the fields. -## Procedure +4. Choose *Add* to just add the artifact or *Add and Open in Editor* to open the artifact in its editor. To further define the structure of a data type, see [Configuring Data Types](configuring-data-types-97ad101.md). -1. Choose *Design* \> *Integrations and APIs* to view the list of integration packages. -2. Select the integration package in which you want to add a Data Type or Message Type and choose *Edit*. + -3. Navigate to the *Artifacts* tab and choose *Add* \> *Data Type* or *Add* \> *Message Type* to add a data Type or message Type artifact. + -4. In the dialog box, *ES Repository* appears as the *Source*. Choose the ES Repository *Name*. The *Address* is automaticaly populated. +## Import Data Type and Message Type Artifacts from Enterprise Service Repsository -5. Choose *Connect*. A list of available data types or message types in ES repository appears. -6. Select the data type or message type that you wish to import. -7. Select the *Include Dependent Data Types* checkbox if you wish to include the dependent data type objects while importing the selected data type or message type. + + +## Prerequisites + +- You’ve created an integration package and opened it in edit mode. For more information, see [Packaging Integration Content in Integration Suite](packaging-integration-content-in-integration-suite-89da0a2.md). +- You've configured connection to ES Repository. For more information, see [Configuring Connectivity to an SAP Process Orchestration System](IntegrationSettings/configuring-connectivity-to-an-sap-process-orchestration-system-8c36fd2.md). + -8. Choose *View Summary* to view a summary of all the artifacts to be imported. From the list of objects, you can view the following object status in the *Information* column: + +## Procedure + +1. Navigate to the *Artifacts* tab and choose *Add* \> *Data Type* or *Add* \> *Message Type* to add a data Type or message Type artifact. + +2. In the dialog box, choose *Import from ES Repository*. + +3. *ES Repository* appears as the *Source*.In the *Name* list, select an ES Repository from the list of connected systems. The *Address* is automaticaly populated. + +4. Choose *Connect*. A list of available data types or message types in ES repository appears. + +5. Select the data type or message type that you wish to import. + +6. Select the *Include Dependent Data Types* checkbox if you wish to include the dependent data type objects while importing the selected data type or message type. + +7. Choose *View Summary* to view a summary of all the artifacts to be imported. From the list of objects, you can view the following object status in the *Information* column: - *Create artifact*: Means that this object will be created for the first time. - *Skips; version already exists*: Means that the selected version of this object already exists in an integration package, which can be reused. Hence, object import is skipped. Duplicate object isn't created. - *Adds new version:* Means that a version of this object already exists in an integration package. But, it is not the latest version, which is being imported from the ES repository. So, latest version of the object is created. - *Error; ID already exists:* Means that an artifact with the same ID as the selected primary data type or message type already exists in an integration package. Choose *Resolve*, to assign another ID for this artifact. Then, choose *View Summary*. -9. Choose *Add*. Import results with the details of created, skipped, failed artifacts appear. +8. Choose *Add*. Import results with the details of created, skipped, failed artifacts appear. + + The artifact is added to the *Artifacts* tab. To further edit the data type, open the artifact in its editor and see [Configuring Data Types](configuring-data-types-97ad101.md). diff --git a/docs/ISuite/50-Development/creating-oauth-client-credentials-for-cloud-foundry-environment-50b63c6.md b/docs/ISuite/50-Development/creating-oauth-client-credentials-for-cloud-foundry-environment-50b63c6.md new file mode 100644 index 00000000..ca8b8d0f --- /dev/null +++ b/docs/ISuite/50-Development/creating-oauth-client-credentials-for-cloud-foundry-environment-50b63c6.md @@ -0,0 +1,71 @@ + + + + +# Creating OAuth Client Credentials for Cloud Foundry Environment + +You can create OAuth client credentials to access your SAP Cloud Integration tenant hosted on the Cloud Foundry environment. + + + + + +## Prerequisites + +- You’ve access to a subaccount in the SAP BTP cockpit. + +- You’ve activated the Process Integration service or the Cloud Integration capability of SAP Integration Suite in your subaccount. + + + + +## Procedure + +1. Log into the SAP BTP cockpit and navigate to your subaccount. + +2. Choose *Services* \> *Service Instances* on the navigation sidebar. + +3. Choose *Create Instance*. + +4. In the *New Instance* dialog box, enter the following values: + + 1. In the *Service* field, select *Process Integration Runtime*. + + 2. In the *Service Plan* field, select *api*. + + 3. Enter a name for your instance in the *Instance Name* field and choose *Next*. + + +5. On the next screen, specify the configuration parameter for the instance. + + - Enter the following configuration parameter inline in JSON format. + + > ### Source Code: + > ``` + > { + > "roles":[ + > "WorkspacePackagesEdit" + > ] + > } + > + > ``` + + - Optional: Choose *Browse* to upload the JSON file containing the configuration parameter. + +6. Choose *Next* to review and verify the instance details. + +7. Choose *Create Instance*. + +8. Choose \(Actions\) and then select *Create Service Key* on the service instance created in the previous step. + +9. In the *New Service Key* dialog box, enter a value in the *Service key name* field and choose *Create*. + + The service key is created successfully. You can view the service key under the *Service Keys* section. + +10. Choose \(Actions\) and then select *View* on the service key to display the details. + + The service key details containing the OAuth client credentials including the clientid, clientsecret, and token url are displayed. + +11. Choose *Download* or *Copy JSON* to use the client credentials in the *Destination Configuration* section of your subaccount. + + diff --git a/docs/ISuite/50-Development/creating-the-landscape-0f86e9a.md b/docs/ISuite/50-Development/creating-the-landscape-0f86e9a.md new file mode 100644 index 00000000..47d7bb29 --- /dev/null +++ b/docs/ISuite/50-Development/creating-the-landscape-0f86e9a.md @@ -0,0 +1,10 @@ + + +# Creating the Landscape + +A Graph landscape is represented by an SAP BTP subaccount. + +This is the context in which authentication and security access to Graph are established, business systems \(data sources\) are connected, and business data graphs are created and activated in the SAP Integration Suite. Commercially, an SAP BTP subaccount is also where data usage is registered. + +For more information, see [Authentication](authentication-79aabda.md) in the [Developer Guide](developer-guide-93b23df.md). + diff --git a/docs/ISuite/50-Development/creating-the-references-ddc5fdf.md b/docs/ISuite/50-Development/creating-the-references-ddc5fdf.md index dfae4471..e7d0b83a 100644 --- a/docs/ISuite/50-Development/creating-the-references-ddc5fdf.md +++ b/docs/ISuite/50-Development/creating-the-references-ddc5fdf.md @@ -36,7 +36,7 @@ You can use the CertificateStoreReferences API to create a new certificate store > ### Sample Code: > ``` > { - > "name": "reference-name" + > "name": "reference-name", > "certificateStoreName": "store-name" > } > diff --git a/docs/ISuite/50-Development/cross-actions-69bec18.md b/docs/ISuite/50-Development/cross-actions-69bec18.md index bf7764cd..1d4ae686 100644 --- a/docs/ISuite/50-Development/cross-actions-69bec18.md +++ b/docs/ISuite/50-Development/cross-actions-69bec18.md @@ -9,5 +9,5 @@ You can now perform cross actions on Agreements such as, import and export. - [Update MIGs/MAGs](update-migs-mags-c47533b.md) - [Activate/Deactivate Agreements](activate-deactivate-agreements-e068e37.md) -- +- [Migrate Templates/Agreements](migrate-templates-agreements-ad58414.md) diff --git a/docs/ISuite/50-Development/custom-entities-b6318bf.md b/docs/ISuite/50-Development/custom-entities-b6318bf.md new file mode 100644 index 00000000..60891272 --- /dev/null +++ b/docs/ISuite/50-Development/custom-entities-b6318bf.md @@ -0,0 +1,72 @@ + + +# Custom Entities + +Custom entities are created by a skilled customer modeler to extend the data graph, by designing and adding their own projections as a collection of attribute mappings from available SAP and non-SAP data source entities. The modeler can submit a set of custom entity definition files, developed with a text editor of their choice. + +The ability to extend the SAP data graph with custom entities is a powerful capability – customers can essentially design their own corporate data model. Here are some of the advantages: + + + + + +## Use the Same Protocols + +By mediating your data sources as a data graph, developers enjoy the use of a single data endpoint, a simplification of access and security, and the consistent use of the same query language and protocol. Investments in client-side SDKs, frameworks, and data access abstractions apply to all of the data sources. + + + + + +## Create Your Own API Shape + +From simple renaming, to more powerful transformations, custom entities allow you to control how the data is perceived by app developers. You can: + +- Replace an existing entity with one that is simpler to understand, by filtering out unnecessary or undesired attributes. + +- Rename entities and attributes to match a consistent corporate or SAP data naming convention. + +- Design your interface to precisely match the API expectations of application developers, or of existing applications. + + + + + + +## Hide Landscape Inconsistencies + +Hide incompatibilities between data-source variations or versions as an abstraction. This is useful while preparing for major system upgrades or migrations involving API incompatibilities. Custom entities can hide such API changes, providing you with more control over how to implement the migration, while not breaking dependent applications. + + + + + +## Add or Change Semantics + +- Replace a hard-to-understand normalized data representation \(often representing the way that the data is stored\) into a denormalized view that is easier to consume by client applications. + +- Connect separate entities \(with string-type foreign keys\) into a navigable graph of entities, by introducing associations and compositions into the graph. + +- Turn associations into compositions \(to many\) or a structured type \(of one\), making the semantics of the relationship more obvious to understand for consumers. + +- Combine attributes from separate source entities into one virtual, composed entity. Combine data attributes into compositions that hide underlying implementation technicalities. A common example is a side-car extension, such as a CAP-created application that extends an SAP S/4HANA data model, such as a `BusinessPartner`. Using custom entities, you can present a new natural entity with attributes from both. + + > ### Note: + > Certain restrictions apply, such as the inability to guarantee atomic data modification, when writing back to two separate data sources. + + + + + + +## Introduce More Control and Security + +In many cases, IT administrators can use Graph to avoid the need to create data copies, replications, and complex ETLs \(Extract Transform Load\) to serve the need for simpler data APIs for certain application developers and use cases. Administrators can do the following: + +- Secure their data, by only exposing data that is safe to use. + +- Using a data-filter, custom entities can be used to systematically access only a subset of.data. + +- Projections can support finer-grain authorization: a custom entity can be read-only, for example, while the underlying entities are not. + + diff --git a/docs/ISuite/50-Development/custom-type-systems-884bb25.md b/docs/ISuite/50-Development/custom-type-systems-884bb25.md index 035d5423..53ecc444 100644 --- a/docs/ISuite/50-Development/custom-type-systems-884bb25.md +++ b/docs/ISuite/50-Development/custom-type-systems-884bb25.md @@ -37,5 +37,5 @@ To upload and use custom messages/codelists, you need to have a custom type syst To know how to add a message to the custom type system, see: [Adding a Custom Message](adding-a-custom-message-8b7eb45.md). -To know how to add a codelist to the custom type system, see: [Adding a Custom Codelist](https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/fa0c76f3a3834580be89674c25c5a230.html "Create and add a codelist to the Custom Codelist.") :arrow_upper_right:. +To know how to add a codelist to the custom type system, see: [Adding a Custom Codelist](adding-a-custom-codelist-fa0c76f.md). diff --git a/docs/ISuite/50-Development/data-locating-policy-28d2c2c.md b/docs/ISuite/50-Development/data-locating-policy-28d2c2c.md new file mode 100644 index 00000000..0fcd8d04 --- /dev/null +++ b/docs/ISuite/50-Development/data-locating-policy-28d2c2c.md @@ -0,0 +1,124 @@ + + +# Data Locating Policy + +Data in the business data graph is connected via key-based references. + +When we say that a `SalesOrderItem` refers to a `Product`, what we mean is that the `SalesOrderItem` instance provides a key-based reference \(a foreign key, in database terminology\), that matches one `Product` instance with the same key. + +Developers of client applications use Graph to access data, without being aware of where it comes from, Graph accesses the data on behalf of the developer. + +All of this is simple if there’s only one data source for `Product`. Then all the searches and key-based references refer to that one data source. But that is usually not the case in real enterprise landscapes. It’s common to have the same data in more than one business system, either because of: + +- Replication, where different systems have their own concept of product and business partner. + +- Partitioning, where the same entity type that is based on data-specific criteria is distributed over multiple systems. + + +In both situations, there might be more than one data source for a certain entity instance, creating a challenge for Graph to solve. It doesn’t make assumptions about the enterprise landscape; instead, Graph determines a specific data source for each search query or key-based reference, by following a business data graph locating algorithm. The algorithm is configured by the owner of the landscape, in the form of a set of locating rules and foreign keys that form a *locating policy*. + + + + + +## Locating Rules + +A locating rule describes the location of data of a specific entity type. The rule specifies the entity it applies to by name or by using a trailing wildcard. For example, *sap.graph.Product* refers to one entity, while *sap.s4.\** refers to all entities in SAP S/4HANA. A specific name overrides the less specific rule that uses a wildcard. + +The most important aspect of a rule is the specification of a *leading system*: the data source that is considered the default source of truth for that entity type in the landscape. When the data changes, this is where it's changed. Graph by default uses the leading system for search queries. + +An application can access entities in the business data graph in two ways: + +1. **List queries**: read-only queries that return a list, such as *return the top five customers in California*. A list query may match zero or more entity instances, each with their own unique key. This example returns five entity instances. + +2. **Key-based requests**: requests that read, write, update, or even delete an entity, based on a key, like in `customer('1256')`. A key-based request only matches, at most, one entity. + + +For key-based requests, a rule can list data sources that override the leading system. This allows you to use a locality-of-reference principle. For example, if a `SalesOrderItem` in system X references a `Product`, then the locality-of-reference principle dictates that X is also the data source of the referenced `Product` when you follow that reference. Even though X is not the leading system for `Product` in the landscape. This is done using the `local` list of data sources. Whenever a key-based request is received with a key originating from one of these sources, then this source is used to answer the query instead of the leading system. + +Key users can create multiple rules for each entity, and annotate additional rules with a short string label, called a *cue*. Defining a cue for a locating rule makes the rule more specific. If a request contains a cue, then the locating policy looks for a locating rule with the given cue and use that rule instead of the rule without cue. Cues provided in a data access request apply to all parts of the request, that is, in a request like `CustomerQuote('123')/Customer?cue=mycue` the cue `mycue` applies to both `CustomerQuote` and `Customer`. For each entity, a locating policy must have one default rule without a cue. + + + + + +## Key Mapping + +Another aspect of the locating policy is the specification of key mapping. Here, a key-based reference from system X refers to an entity in system Y, which is the leading system for that entity. The key identifying the instance from system X doesn't match the key of the entity in system Y. Therefore, Graph needs to swap keys \(using key mapping\), to be able to access the entity in system Y. It's easy to think of such references as intersource foreign keys. + +The `keyMapping` section of the locating policy consists of a list of foreign key constraints. A foreign key constraint contains a `foreignKey` and a `references` section that are inspired by the notation of foreign keys known from SQL. Each of these two sections consists of: + +- A fully qualified entity name. + +- A data source qualifier specifying where to find the entity. + +- A list of attributes that are part of the foreign key. Only a single attribute is supported. + + +Like locating rules, the scope of foreign keys can be further specialized using a list of cues. Each foreign key applies to all locating rules with exactly the same set of cues. + + + + + +## Locating Algorithm + +The locating algorithm uses the available foreign keys to translate keys, if this is necessary, for navigating associations. While doing so, the same foreign key can usually be used in both directions to translate keys. Intuitively, each foreign key constraint refers to one or more locating rules depending on the qualifier, entity name, and cues. + +To implement the locality-of-reference principle, Graph manages a key modifier, called a qualifier, which is a name for the data source. Qualified keys are used in unified entities and references. Graph forms them by prefixing the qualifier to the system-specific local key, separated by a tilde character, for example, *s4EU~1356*. This is opaque to applications. + +The locating algorithm consists of three steps where Graph: + +1. Identifies the applicable locating rule from the set of rules in the policy. + +2. Identifies an applicable foreign key constraint from the set of foreign keys in the policy. + +3. Applies the rule and if available, a foreign key to determine the data source for the request. If necessary, it also translates the identifier using the foreign key. + + + + +### Identify Applicable Rule + +Given a request for entity E and cue C \(which may be empty\): + +``` +If there’s a rule matching the name of E and the cue, select it +Else if there’s a rule with a wildcard matching E and the cue, select it +Else ignore the cue and treat the request as a cue-less request. +``` + +A cue-less request: + +``` +If there’s a default rule (a rule with no cue) matching the name of E, select it +Else if there’s a default rule with a wildcard matching E, select it +Else return an error: there’s no applicable rule. +``` + + + +### Identify Applicable Foreign Key Constraint + +Let Q be the qualifier used in the request. Let M = E if E is a mirrored entity. If E is a unified entity, then let M be the main source entity of E in the definition of the unified entity. + +``` +If there’s a foreign key where foreignKey.dataSource=Q, references.entityName=M and the same cues as the selected rule, select it +Else if there’s a foreign key with references.dataSource=Q and foreignKey.entityName=M, and the same cues as the selected rule, select it +Else return none +``` + + + +### Apply Rule + +``` +If the request is a qualified key-based request, and the qualifier is in the local list of the selected rule, then use it as the data source for the request +Else if the request is a qualified key-based request and a foreign key has been identified, then use the qualifier as the data source and use the foreign to translate the key to that source +Else use the leading system as the data source. +``` + +The result of this algorithm is always a single data source, and a translated key if a foreign key is found, or an error. Graph doesn't support queries that would lead to searches over multiple data sources or that would require unions of data sets. Developers can implement such relatively infrequent and complex business logic in their own applications. + +Graph accesses the selected data source using its own native API. For this, it uses protocol conversions, advanced translations, and transform technology \(including type conversions and key mapping\) to access the data in the source system and present it to developers as a fully connected business. + diff --git a/docs/ISuite/50-Development/data-protection-and-privacy-for-graph-9b09c0e.md b/docs/ISuite/50-Development/data-protection-and-privacy-for-graph-9b09c0e.md new file mode 100644 index 00000000..82d0be45 --- /dev/null +++ b/docs/ISuite/50-Development/data-protection-and-privacy-for-graph-9b09c0e.md @@ -0,0 +1,15 @@ + + +# Data Protection and Privacy for Graph + +Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data protection and privacy acts, it’s necessary to consider compliance with industry-specific legislation in different countries/regions. + +SAP provides specific features and functions to support compliance with regard to relevant legal requirements, including data protection. SAP doesn’t give any advice on whether these features and functions are the best method to support company, industry, regional, or country/region-specific requirements. Furthermore, this information isn't intended as advice or a recommendation regarding additional features for specific IT environments. Decisions related to data protection are made on a case-by-case basis and take into consideration the system landscape and the applicable legal requirements. + +In order to comply with General Data Protection Regulation \(GDPR\) guidelines, don't upload sensitive personal data as part of configuring or modeling graph. + +**Related Information** + + +[Security](security-7a9198c.md "This highlights the security aspects of using Graph.") + diff --git a/docs/ISuite/50-Development/decoupling-via-data-store-d115669.md b/docs/ISuite/50-Development/decoupling-via-data-store-d115669.md index e934ad80..287c4aa9 100644 --- a/docs/ISuite/50-Development/decoupling-via-data-store-d115669.md +++ b/docs/ISuite/50-Development/decoupling-via-data-store-d115669.md @@ -218,7 +218,7 @@ At receiver side, the scenario uses the SOAP \(SAP RM\) receiver adapter. When c See: [Configure the SOAP \(SAP RM\) Receiver Adapter](configure-the-soap-sap-rm-receiver-adapter-8366495.md) -These integration flow settings ensure that Cloud Integration passes on a unique ID to the receiver system. If there's an error during message processing, Cloud Integration retries the message from the data store. Because the retry is performed within the same instance of the message processing log, the message processing log ID and, as a result, the mapped unique ID remain the same. +These integration flow settings ensure that Cloud Integration passes on a unique ID to the receiver system. If there's an error during message processing, Cloud Integration retries the message from the data store. If message delivery fails, the data store ensures that the message is retried. If the message hasn't been sent to the receiver in the first place, a unique ID does not have any effect anyway. If the message has been delivered successfully to the receiver, however, the positive acknowledgment got lost in between, a unique and repeatable ID is required. Otherwise, this behavior can lead to duplicate messages arriving at the receiver. Because the receiver is idempotent, it recognizes the duplicate message based on the ID and discards it. diff --git a/docs/ISuite/50-Development/define-mapping-between-group-identifiers-047f4eb.md b/docs/ISuite/50-Development/define-mapping-between-group-identifiers-047f4eb.md new file mode 100644 index 00000000..e88696ea --- /dev/null +++ b/docs/ISuite/50-Development/define-mapping-between-group-identifiers-047f4eb.md @@ -0,0 +1,109 @@ + + +# Define Mapping between Group Identifiers + +Define your custom integration flow to establish mapping between group identifiers. + + + +## Context + +For agreements containing single identifiers between partners, the mapping is one to one and is already established. In scenarios, where group identifiers are used in agreements, a mapping has to be defined in order to connect the individual identifiers present in the identifier groups of the partners. You can achieve this using your custom integration flow. To know more, follow the procedure below: + + + +## Procedure + +1. Open the agreement that has group identifers defined in it and navigate to the *B2B Scenarios* tab. + +2. Choose *Edit*. + +3. In the corresponding transaction, select the *Interchange* step on the receiver side. + +4. Select the checkbox for the field *Customized Post-Processing* and provide an address in the *Process Direct Address* field. + +5. For the custom integration flow, create an integration flow with Process Direct adapter for the sender adapter and provide the same address in the *Address* field for the adapter. + +6. In the integration flow, create a groovy script with correct headers to maintain the mapping. The following camel headers can be used in the cutom integration flow: + + Ensure that all the headers start with term **SAP\_**. + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Header + + + + Definition + +
+ + **SAP\_EDI\_Sender\_ID** + + + + Represents the single sender identifier on the inbound. + +
+ + **SAP\_EDI\_Receiver\_ID** + + + + Represents the single receiver identifier on the inbound. + +
+ + **SAP\_TPM\_REC\_Sender\_ID** + + + + This is a newly introduced header. It can be used to represent the single sender identifier on the outbound. It will be applied to outbound payload and B2B Monitor. + +
+ + **SAP\_TPM\_REC\_Sender\_Name** + + + + This is a newly introduced header. It represents the sub organization name for sender, if sender identifier in the inbound is configured as Group Identifier. It will be applied to B2B Monitor. + +
+ + **SAP\_TPM\_REC\_Receiver\_Name** + + + + This is a newly introduced header. It represents the sub organization name for receiver, if receiver identifier in the outbound is configured as Group Identifier. It will be applied to B2B Monitor. + +
+ +7. In the *Runtime Configuration* of your integration flow, enter the value `SAP_.*` for the field *Allowed Headers* field. + + diff --git a/docs/ISuite/50-Development/define-message-digest-e5d2867.md b/docs/ISuite/50-Development/define-message-digest-e5d2867.md index 0cda2748..0fd8f5e1 100644 --- a/docs/ISuite/50-Development/define-message-digest-e5d2867.md +++ b/docs/ISuite/50-Development/define-message-digest-e5d2867.md @@ -129,10 +129,10 @@ You can use this feature to implement scenarios like the following ones: You can choose between the following hash algorithms: - *MD5* - - *SHA-1* - - *SHA-256* - - *SHA-384* - - *SHA-512* + - *SHA1* + - *SHA256* + - *SHA384* + - *SHA512* > ### Caution: > Algorithms starting with SHA1, MD2, or MD5 are still supported for compatibility reasons, but they no longer meet today's security requirements. Therefore, we recommend using stronger algorithms where possible. Check with your security experts or authorities like NIST for more detailed security recommendations. diff --git a/docs/ISuite/50-Development/define-multicast-17de3ea.md b/docs/ISuite/50-Development/define-multicast-17de3ea.md index c5801a50..27e69f99 100644 --- a/docs/ISuite/50-Development/define-multicast-17de3ea.md +++ b/docs/ISuite/50-Development/define-multicast-17de3ea.md @@ -10,6 +10,21 @@ You can use the *Multicast* step to send copies of the same message to multiple routes. You can send copies to all routes at once using *Parallel Multicast* or in an order of your choice using *Sequential Multicast*. This allows you to perform multiple operations on the same message in a single integration process. Without *Multicast*, you needed multiple integration processes to perform this task. +There are certain best practices and limitations that you must know when using Multicast: + +- The number of outgoing branches using a *Multicast* step must be equal to the number of incoming branches in a *Join* step. + +- Use only one *Multicast* step per *Integration Process* pool. + + To handle errors, you must move all inner *Multicast* steps \(Multicast steps within a Multicast step\) along with its branches to a new *Local Integration Process* pool with its own *Exception Subprocess* pool. For more information, see [SAP Note 3028577](https://me.sap.com/notes/3028577). + +- Use *Router* and *Multicast* steps in different Integration Process pools. + + Always include the *Router* step in a separate *Local Integration Process* pool and call it from the multicast branch. + +- If you like to combine the resulting output from multicast branches, use a *Gather* step immediately after the *Join* step to avoid data loss. + + ## Procedure diff --git a/docs/ISuite/50-Development/define-pgp-encryptor-7a07766.md b/docs/ISuite/50-Development/define-pgp-encryptor-7a07766.md index 438441bb..81078ead 100644 --- a/docs/ISuite/50-Development/define-pgp-encryptor-7a07766.md +++ b/docs/ISuite/50-Development/define-pgp-encryptor-7a07766.md @@ -180,7 +180,7 @@ You use the PGP Encryptor to encrypt or sign and encrypt the payload using OpenP The signature is created by transferring the message content into a digest \(hash value\) using a digest algorithm. - Supported signature algorithms for PGP signing: MD5, RIPE-MD/160, SHA-1, SHA224, SHA256, SHA384, SHA512. + Supported signature algorithms for PGP signing: MD5, RIPE-MD/160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. > ### Caution: > Algorithms starting with SHA1, MD2, or MD5 are still supported for compatibility reasons, but they no longer meet today's security requirements. Therefore, we recommend using stronger algorithms where possible. Check with your security experts or authorities like NIST for more detailed security recommendations. diff --git a/docs/ISuite/50-Development/deleting-a-custom-codelist-01ad9ee.md b/docs/ISuite/50-Development/deleting-a-custom-codelist-01ad9ee.md new file mode 100644 index 00000000..28680df8 --- /dev/null +++ b/docs/ISuite/50-Development/deleting-a-custom-codelist-01ad9ee.md @@ -0,0 +1,46 @@ + + + + +# Deleting a Custom Codelist + +Delete a codelist from the custom type system **Custom Codelists**. + + + +## Context + +Follow the procedure below to delete a codelist from *Custom Codelists*. + + + + + +## Procedure + +1. Navigate to the *Custom Type Systems* from the left pane. + +2. Open the *Custom Codelists*. The *Codelists* tab is displayed by default with all the codelists created. + +3. Choose *Delete* :wastebasket: for the specific custom codelist that you want to delete. + +4. In the resulting dialog box, the following options are displayed. Select the desired option and choose *Delete*. + + 1. *Delete this \(latest\) version*: This will delete only the latest version of the codelist. + + 2. *Delete complete custom codelist \(including history\)*: This will delete the entire codelist including its previous versions. + + +5. Alternately, if you want to delete a specific version of a codelist, you can do so by following the steps below: + + 1. Select the expand button next to the codelist to view all the versions. + + 2. Select the more options button for the version you want to delete and choose *Delete*. + + > ### Note: + > You cannot delete codelists that are in *Active* state. + + 3. In the resulting dialog, choose *Delete* again to confirm deletion. + + + diff --git a/docs/ISuite/50-Development/design-guidelines-view-d62dfe0.md b/docs/ISuite/50-Development/design-guidelines-view-d62dfe0.md index 2988fd5e..91d7ee39 100644 --- a/docs/ISuite/50-Development/design-guidelines-view-d62dfe0.md +++ b/docs/ISuite/50-Development/design-guidelines-view-d62dfe0.md @@ -28,15 +28,26 @@ Follow these simple steps to run the design guidelines and validate your integra 1. In the *Design Guidelines* view, choose *Execute Guidelines*. - You see the result across three columns. + You see the result across these columns: In the *Applicability* column – you get to know the applicable design guidelines against which your integration flow is validated. In the *Compliance* column – you find if your integration flow is compliant with all the applicable design guidelines. + In the *Skipped Status* column – you get to know the skipped status of the non-compliant design guidelines. + In the *Action* column – for every non-compliant design guideline, you find the analysis of what are the expected and actual configurations. -2. Based on the analysis, update your integration flow and resolve the non-compliance. +2. Based on the analysis, do one of the following: + + - Update your integration flow and resolve the non-compliant design guidelines. + + - Skip the non-compliant design guidelines – You can skip a non-compliant design guideline by providing a reason and consent to this operation. You can revert any skipped guidelines at any time and reapply them. + + For the non-compliant design guidelines that you want to skip, in the *Skipped Status* column, switch the toggle button. Enter a reason, provide the consent by enabling the checkbox, and choose *Skip*. Once the guideline is skipped, the status changes to *Yes*. Also, an information icon appears next to toggle button where you can view the reason and user who skipped it. + + You can reapply any skipped design guideline by reverting the skip action. To revert, switch the toggle button, provide your consent by enabling the checkbox, and choose *Revert*. + 3. Run the design guidelines again to verify if your integration flow is fully compliant. @@ -45,7 +56,7 @@ Follow these simple steps to run the design guidelines and validate your integra ### Assess Your Integration Flow -In the *Design Guidelines* view, choose *Download Report* to download the last execution report. +In the *Design Guidelines* view, choose *Download Report* to download the last execution report. In the compliance report, you can also see the non-compliance guidelines that were skipped, along with details such as skipped status, reason for skipping, and who skipped them. You can download the report multiple times. You can download the report with compliance errors too. diff --git a/docs/ISuite/50-Development/develop-68ce43a.md b/docs/ISuite/50-Development/develop-68ce43a.md new file mode 100644 index 00000000..038cc717 --- /dev/null +++ b/docs/ISuite/50-Development/develop-68ce43a.md @@ -0,0 +1,20 @@ + + +# Develop + +As a developer you want to build applications that consume data from business data graphs. This section provides all the information you need to start developing. + + + +## Developer Guide + +This guide gets you started and provides all of the conceptual information you need to connect Graph APIs to your applications. + + + +## Developer Reference + +This reference provides information about how to connect to the *Graph Navigator* in SAP Business Accelerator Hub Enterprise and on the public SAP Business Accelerator Hub. + +This reference also contains the *Graph Syntax* diagrams that give you a graphical representation of the APIs. + diff --git a/docs/ISuite/50-Development/developer-guide-93b23df.md b/docs/ISuite/50-Development/developer-guide-93b23df.md new file mode 100644 index 00000000..b7394825 --- /dev/null +++ b/docs/ISuite/50-Development/developer-guide-93b23df.md @@ -0,0 +1,36 @@ + + +# Developer Guide + +This guide provides the conceptual information you need to use the Graph API in your applications. + +SAP is famous for its ERP software, but today SAP customers have increasingly complex requirements and are managing intricate and hybrid on-premise and cloud solutions. Customers want to become intelligent enterprises. To support their journey, SAP has augmented its ERP-centric business suite with substantial additional functions through the acquisition of cloud solutions like SAP SuccessFactors, SAP Concur, SAP Ariba, and SAP Customer Experience \(SAP CX\). SAP’s Intelligent Suite portfolio now supports all key business processes and spans all enterprise functions, but this expanded role and diversity of solutions has introduced some complexity and heterogeneity. + +From the perspective of a software developer, this means that accessing SAP-managed data is complex. Data may be federated across hybrid networks of on-premise and cloud systems with different security protocols, replication processes, and multiple master data copies. You don’t only have to worry about the data you are interested in, you have to know exactly where that data is located, and how to deal with connecting to these different customer systems. Different products have different connection protocols, security requirements and APIs, and those APIs expose data using different and application-specific data models. Developing SAP extension apps requires mastering a broad set of skills, and the applications you develop are sensitive to the smallest product and landscape configuration changes. + +This is the problem that Graph addresses. + +Graph is a  unified API for SAP. It addresses this run-away API complexity and integration challenge by providing developers a single connected and unified view of all their business data, consolidating the data models of data sources like SAP S/4HANA, SAP Sales Cloud, and SAP SuccessFactors into one, unified and connected data model of the data in a specific landscape. We call this the *Business Data Graph*. + +A data graph is a connected graph, with data entities serving as the nodes of the graph and edges that represent relationships \(which we call associations\) between those entities. The nodes of the business data graph are the common enterprise business objects, like `Customer`, `Supplier`, `Product`, `Sales`, `Purchase Order`, `General Ledger`, and so forth. + +As a developer, you face a dilemma. The concept of a `Product` or a `Customer` is common to many of the business systems that make up a landscape. Which of these definitions should you use? Where in the landscape is this data managed? Graph resolves this dilemma by introducing unified entities that provide the most common attributes of a business model for easy consumption and connect to the corresponding system-specific business objects for a full 360° view of the business object. You can use the unified entities for simple use-cases, and easily access over 4,500 additional mirrored entities, via over 2,000 root entities, for advanced usage. + +To illustrate these aspects of the data business graph, it is best if we use a simple example taken from the enterprise world of sales. + +A salesperson entered a quote on behalf of a customer. This quote is represented by a unified `SalesQuote` entity. The quote has an association to a `Customer` entity. The quote also has multiple items, each of which refer to a `Product` entity, which in turn has multiple associations to other entities, like `Division`. + +![](images/SalesQuote_Business_Data_Graph_ede046e.png) + +Each entity has many additional *attributes*, such as a key \(called `id` in unified entities\), and various other attributes, which can be flat, arrays, or more complex structured compositions of other attributes. For instance, `items` is an array of a structured type. + +With Graph you navigate to and access the data you need, regardless of where this data resides. Graph abstracts the physical landscape and the details of the different product stacks and offers you a simple view of the SAP-managed data, which you can access through a single API, spanning all key use cases. Graph accesses the data in the customer-configured landscape on your users’ behalf, technically acting as middleware. Graph itself doesn’t store or cache any data. + +![](images/Graph_Landscape_62258b9.png) + +The illustration shows your \(client\) app accessing quote, product, customer, and supplier data – but the app cannot tell if this data is accessed from an on-premise SAP S/4HANA system, SAP Sales Cloud, or another system. This is determined by the specific landscape configuration that Graph accesses on behalf of the app. As a developer, you are exempted from knowing these system details, or how to access data in these heterogeneous systems. More importantly, your application is portable across multiple and diverse landscapes without changes to your code. + +But what if your app requires detailed attribute information that is not modeled in the unified entity? For instance, your app may be interested in `Product` inventory information, that is unique to data sources of type *SAP S/4HANA*. No problem, just navigate to the * \_s4* association to access the required system-specific information, like the `CountryOfOrigin` of the product, or navigate further to the product storage. + +[Graph Navigator](https://api.sap.com/graph) is the single source of information about the collection of over 2200 root entities that you can access via Graph. It lists the unified entities, as well as the system-specific entities. + diff --git a/docs/ISuite/50-Development/developer-reference-74668b7.md b/docs/ISuite/50-Development/developer-reference-74668b7.md new file mode 100644 index 00000000..1d6abaa1 --- /dev/null +++ b/docs/ISuite/50-Development/developer-reference-74668b7.md @@ -0,0 +1,19 @@ + + +# Developer Reference + +This reference provides information about the Graph Navigator and Graph syntax diagrams. + +You can consume Graph APIs using one of the following: + +- [Graph Navigator](https://api.sap.com/graph) on SAP Business Accelerator Hub. + + A public listing of all supported entities from SAP business systems in a business data graph. You can try out the Graph APIs using the provided sandbox system. + +- Graph Navigator on SAP API Business Hub Enterprise. + + This tool is available in Graph on the SAP Integration Suite home page. You can inspect your configured business data graphs and try them out on your own system, including custom services, model extensions, and more. + + +The Graph syntax diagrams, or railroad diagrams, are also available so that you can view an interactive graphical representation of the Graph unified OData API. + diff --git a/docs/ISuite/50-Development/development-de1ae81.md b/docs/ISuite/50-Development/development-de1ae81.md index 831deb85..338e477b 100644 --- a/docs/ISuite/50-Development/development-de1ae81.md +++ b/docs/ISuite/50-Development/development-de1ae81.md @@ -220,7 +220,7 @@ Create products and view application details as they’re the key components use -*Monitor* \> *Analyze APIs* +*Analyze* @@ -230,7 +230,7 @@ Analyze API usage and performance. -[Analyze APIs](analyze-apis-7712c61.md) +[Analyze API Proxies](analyze-api-proxies-7712c61.md) diff --git a/docs/ISuite/50-Development/different-methods-of-creating-an-api-proxy-4ac0431.md b/docs/ISuite/50-Development/different-methods-of-creating-an-api-proxy-4ac0431.md index cc3ad114..8ef2fbed 100644 --- a/docs/ISuite/50-Development/different-methods-of-creating-an-api-proxy-4ac0431.md +++ b/docs/ISuite/50-Development/different-methods-of-creating-an-api-proxy-4ac0431.md @@ -65,5 +65,7 @@ You can also view the applications you’ve subscribed to. To know more, see [Vi [Key Components of an API](key-components-of-an-api-19c0654.md "This section introduces you to some of the key components of an API that you need to know before building APIs.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the Integration Suite, or by using the embedded API designer.") + [Additional Configurations](additional-configurations-de7285c.md " ") diff --git a/docs/ISuite/50-Development/edit-an-api-proxy-a64b952.md b/docs/ISuite/50-Development/edit-an-api-proxy-a64b952.md index fabcc0f1..8261bd9d 100644 --- a/docs/ISuite/50-Development/edit-an-api-proxy-a64b952.md +++ b/docs/ISuite/50-Development/edit-an-api-proxy-a64b952.md @@ -90,12 +90,59 @@ Consider the following examples: - Target Endpoint + Target EndPoint You can choose URL, API Provider, or API proxy, as the target endpoint as well as enter target endpoint rules. + + To define multiple-target endpoints, choose *Add* next to the *Target EndPoint* dropdown menu. + + In the *Add Target EndPoint* dialog, fill in the target endpoint *Name*, select the *API Provider*, where you want the target endpoint to point to, and specify the *Relative URL*, then choose *Add*. + + > ### Note: + > If you have an API proxy with a multi-target endpoint, it is recommended that the name of the target endpoint should be between 2 and 255 characters. If you enter a single character in the name field for the provider types OpenConnector or Cloud Integration Flow, the API proxy cannot be deployed to the runtime. + + > ### Note: + > Only target endpoints of the type API provider can be added in this dialog. + + Once added, the target endpoint will appear in the *Target EndPoint*dropdown menu. You can also change the type of the target endpoint from API provider to API proxy or URL. + + To add policies to the target endpoint, choose *Policies* from the top-right corner of the page. You can then view the target endpoint flow and the policies applied to it in the *Policy Editor*. To view the policies associated with a different target endpoint, you can navigate back to the *Target EndPoint* tab on the proxy details page. Select the desired target endpoint and return to the *Policy Editor*. + + > ### Note: + > If you wish to establish a connection with the Cloud Integration system, you must select an API provider of type *Cloud Integration Flow*. For more information on *Cloud Integration Flow*, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). + > + > If you want to select an API provider of the type *Open Connector*, please make sure that the tenant has a Key Value Map with the "kvm-map-name" that includes the "instance token" for the Open Connector. If this Key Value Map is not already present, you can use the following sample information to create it: + > + > URL : https:///apiportal/api/1.0/Management.svc/GenericKeyMapEntries + > + > Method : POST + > + > > ### Sample Code: + > > ``` + > > { + > > "name": "apim.oc.instance.token", + > > "scopeId": " ", + > > "scope": "APIPROXY", + > > "isEncrypted": true, + > > "genericKeyMapEntryValues": [ + > > { + > > "name": "default", + > > "mapName": "apim.oc.instance.token", + > > "value": "", + > > "scopeId": """, + > > "scope": "APIPROXY" + > > } + > > ] + > > } + > > + > > ``` + > + > Here, the refers to the name of the API Proxy, and \`default\` is the name of the Target Endpoint. The is the secret key associated with the Open Connector instance that you wish to establish a connection with. + + @@ -145,3 +192,12 @@ Consider the following examples: The changes you've made to the API are saved and deployed successfully. +**Related Information** + + +[Key Components of an API](key-components-of-an-api-19c0654.md "This section introduces you to some of the key components of an API that you need to know before building APIs.") + +[Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") + +[Additional Configurations](additional-configurations-de7285c.md " ") + diff --git a/docs/ISuite/50-Development/enable-archiving-0fbbe93.md b/docs/ISuite/50-Development/enable-archiving-0fbbe93.md index 41a85795..1c05e52e 100644 --- a/docs/ISuite/50-Development/enable-archiving-0fbbe93.md +++ b/docs/ISuite/50-Development/enable-archiving-0fbbe93.md @@ -2,24 +2,26 @@ # Enable Archiving -To enable data archiving on a tenant in the Cloud Foundry environment, use the official OData API. +To enable data archiving on a tenant in the Cloud Foundry environment, use the OData API. -To enable data archiving on your tenant, use the function `activateArchivingConfiguration` of the official OData API. +To enable data archiving on your tenant, use the function `activateArchivingConfiguration` of the *Message Processing Logs* OData API \(at: [https://api.sap.com/api/MessageProcessingLogs](https://api.sap.com/api/MessageProcessingLogs), select *Data Archiving* resource\). -A successful activation call checks: +A successful activation call performs the following steps: -- that a destination with the correct name exists, +- Checks if a destination with the correct name exists. -- activates the archiving job, -- and enables configuration of the archiving settings in the user interface. +- Activates the archiving job. -Upon creation of the archiving job, the system defines a random start time for it. +- Enables configuration of the archiving settings on the user interface. + + +On creation of the archiving job, the system defines a random start time for it. > ### Remember: -> To avoid job execution errors, ensure to have the destination and, if you use it, the cloud connector, configured correctly. +> To avoid job execution errors, ensure to have the destination and \(if you use it\) the Cloud Connector configured correctly. > ### Note: -> To call the archiving function, you've to be a Tenant Admin with the role `DataArchiving.Activate`. +> To call the archiving function, you need the role `DataArchiving.Activate`. > ### Note: > For authorization to the following APIs, follow the instructions provided under [Setting Up Inbound HTTP Connections \(for API Clients\)](../40-RemoteSystems/setting-up-inbound-http-connections-for-api-clients-8db3d51.md). @@ -28,7 +30,7 @@ Upon creation of the archiving job, the system defines a random start time for i To enable archiving, send a `POST` call to the URL : `https://path-to-odata-api/api/v1/activateArchivingConfiguration`, where `path-to-odata-api` is specific to your environment. -If the enabling of the archiving function is successful, you get a response code `200` and a message of success. After a successful activation call, you can configure the archiving for integration flows in the Monitoring UI. To do so, you've to reload the *Operations View* in the WebUI Monitor, to be able see the configuration options for your integration flows. +If enabling the archiving function is successful, you get a response code `200` and a message of success. After a successful activation call, you can configure archiving for integration flows in the *Monitor* section. To do so, you've to reload the *Monitor* section to be able see the configuration options for your integration flows. If the enablement isn't successful, the system throws an error code as well as an error message. @@ -42,6 +44,8 @@ To check whether archiving is currently configured on a tenant, use the OData AP > > The information for which tenant you want to check the archiving status, is taken from the security token used for the request. -> ### Caution: -> The archiving configuration is lost, if an integration flow is undeployed. You've to reconfigure archiving after redeployment of the integration flow. +**Related Information** + + +[HTTP Calls and URI Components](http-calls-and-uri-components-ca75e12.md "") diff --git a/docs/ISuite/50-Development/enable-client-applications-09d7783.md b/docs/ISuite/50-Development/enable-client-applications-09d7783.md new file mode 100644 index 00000000..18ce4652 --- /dev/null +++ b/docs/ISuite/50-Development/enable-client-applications-09d7783.md @@ -0,0 +1,72 @@ + + +# Enable Client Applications + +Before a client application can consume a business data graph, it must know certain secrets, known as *Graph service credentials* \(Graph root URL, security service URL, client ID, and client secret\). + +This is satisfied by creating a *Graph service instance* and a service binding. + +After creation of the Graph service instance and service binding, Graph API consumers must use service bindings to acquire an access token. The access token can be obtained from a security service during authentication. For more information, see [Authentication](authentication-79aabda.md). + +> ### Note: +> Sharing service bindings enables any client application to consume Graph APIs. From a security perspective, create a dedicated service instance per client application. This helps tracking, auditing, and if necessary, revoking the credentials of a client application, without affecting others. + + + + + +## Prerequisites + +You have already configured an entitlement for Graph. For more information, see [Configure Entitlement for Graph](initial-setup-12ad448.md#loio12ad448225ac47049982d9faab7978a3__section_configEntitlement). + + + + + +## Create a Graph Service Instance + +1. In the SAP BTP cockpit, go to *Services* \> *Instances and Subscriptions*. + +2. In the top-right corner, choose *Create*. The *New Instance or Subscription* wizard opens. + +3. Select the *Graph* service from the dropdown menu and enter the basic information for your instance. +4. Select *api* for your service plan. +5. Select *Other* for your runtime environment. +6. Enter a name for your instance, and choose *Next*. +7. Configure instance parameters by uploading a JSON file, or configure the parameters in the text box, and choose *Next* or *Create*. The default OAuth security configuration only supports applications that are run from a localhost. To support other apps that can access this instance of Graph, you must add them to an allowlist by adding redirect URIs as follows: + + ```json + { + "xs-security": { + "xsappname": "", + "oauth2-configuration": { + "redirect-uris": [ + "http://localhost:*/**", + "https:///" + ] + } + } + } + ``` + + In development subaccounts, it is common for developers to use `localhost` hosted applications for testing purposes. Redirect URIs can contain wildcards, for example, `https://*.bestrun.com`. The `xsappname` should be unique, for example, a universally unique identifier \(UUID\). For more information, see *oauth2-configuration* in [Application Security Descriptor Configuration Syntax](https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.06/en-US/6d3ed64092f748cbac691abc5fe52985.html). + +8. Review and verify the instance details, and choose *Create*. + + + + + +## Create and Download a Service Binding + +Developers or applications that want to access the Graph API require a service binding to obtain the access credentials to the service instance of a service that they want to consume. + +1. In the SAP BTP cockpit, go to *Services* \> *Instances and Subscriptions* and choose *...* to the right of your service instance. + +2. Select *Create Service Binding*, enter any name, and choose *Create*. + +3. Choose the *...* to the right of the service binding to download it as a text file and send it to the relevant stakeholder. + + +For more information, see [Creating Service Bindings in Other Environments](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/55b31ea23c474f6ba2f64ee4848ab1b3.html). + diff --git a/docs/ISuite/50-Development/enabling-anomaly-detection-98534a0.md b/docs/ISuite/50-Development/enabling-anomaly-detection-98534a0.md index fe2ece65..b7b3d249 100644 --- a/docs/ISuite/50-Development/enabling-anomaly-detection-98534a0.md +++ b/docs/ISuite/50-Development/enabling-anomaly-detection-98534a0.md @@ -27,9 +27,9 @@ To enable anomaly detection through the SAP Integration Suite, follow the steps ## Procedure -1. Log on to the SAP Integration Suite. +1. Log on to the **SAP Integration Suite**. -2. Click on the navigation icon on the left and select *Settings* \> *APIs*. +2. From the left navigation pane, choose *Settings* \> *APIs*. 3. Go to the *Anomaly Detection* tab. @@ -56,5 +56,5 @@ Anomaly Detection for API proxy calls is now enabled. [Working with Detected Anomalies](working-with-detected-anomalies-1c677b2.md "Access and analyze anomalies in the analytics dashboard. Discover details about the various types of anomalies, evaluate and resolve them.") -[Subscribing to Email Notification Alerts](subscribing-to-email-notification-alerts-88e96f4.md "Receive real-time email alerts for anomaly detection services.") +[Subscribing to Notification Alerts](subscribing-to-notification-alerts-88e96f4.md "Receive real-time alerts for anomaly detection services, delivered to your preferred communication channel.") diff --git a/docs/ISuite/50-Development/enabling-client-applications-e904119.md b/docs/ISuite/50-Development/enabling-client-applications-e904119.md new file mode 100644 index 00000000..bbfaa8dd --- /dev/null +++ b/docs/ISuite/50-Development/enabling-client-applications-e904119.md @@ -0,0 +1,33 @@ + + +# Enabling Client Applications + +Before a client application can access a Graph business data graph, the client application must know certain secrets, known as Graph service credentials \(Graph root URL, security service URL, client ID, and client secret\), as well as the business data graph identifier. + +This is satisfied by creating a Graph service instance. This consists of two steps: + +1. Create the Graph instance, and explicitly list a redirect-URL for each trusted client application that intends to perform user authentication. These URLs must be provided by the developers of the client applications and are specified within a JSON structure as follows: + + ``` + { + "oauth2-configuration": { + "redirect-uris": [ https://my.client-application.net/callback ] + } + } + ``` + + Each redirect URL must reference the callback handler in the corresponding client application that accepts the OAuth 2.0 authorization code when authenticating a user \("\*" wildcards are also supported\). If you do not specify any `redirect-uris`, SAP BTP automatically allows \(trusts\) the default URL of `localhost/*` \(that is, any sub-path for any application running on a developer's local machine\). You should only allow `localhost` in non-productive development landscapes. Client applications that only use client authentication do not need to be listed in the `oauth2-configuration`. + + > ### Note: + > The service instance must be updated in the future if the location of the user-authenticating client application, or just a callback path inside the application, has changed. In such a case, the same structure must be passed, but with the modified `redirect-uris` value. + +2. Create a binding to the Graph instance. This operation results in a service descriptor \(aka service key or application binding\) of service credentials \(client ID, client secret, authorization service endpoint, and Graph endpoint\). These credentials are then used by the authentication code of the client applications. + + For more information, see *Create and Download a Service Binding* in [Enable Client Applications](enable-client-applications-09d7783.md). + + > ### Note: + > The list of allowed `redirect-uris` may be changed at a later point in time by updating the Graph instance. For more information, see *Create a Graph Service Instance* in [Enable Client Applications](enable-client-applications-09d7783.md). + + +Sharing service bindings enables any client application to consume Graph APIs. From a security perspective, create a dedicated service instance per client application. This helps tracking, auditing, and if necessary, revoking the credentials of a client application, without affecting others. + diff --git a/docs/ISuite/50-Development/enabling-key-users-de14c49.md b/docs/ISuite/50-Development/enabling-key-users-de14c49.md new file mode 100644 index 00000000..dc10e488 --- /dev/null +++ b/docs/ISuite/50-Development/enabling-key-users-de14c49.md @@ -0,0 +1,19 @@ + + +# Enabling Key Users + +The creation and activation of business data graphs is managed by a user with a special role, called the Graph key user. + +The administrator must assign this role to one or more users so that they can create and activate business data graphs for a landscape. + +The key user uses Graph on the Integration Suite home page to configure a business data graph. After activating Graph as a capability of API Management within SAP Integration Suite, the role of `Graph_Key_User` must be assigned to a role collection in the SAP BTP cockpit. + +**Related Information** + + +[Initial Setup](initial-setup-12ad448.md "As a Subaccount or Tenant Administrator, you need to add Graph as a capability of API Management within SAP Integration Suite.") + +[Create a Business Data Graph in Integration Suite](create-a-business-data-graph-in-integration-suite-42daf3b.md "As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph.") + +[Define Users](initial-setup-12ad448.md#loio12ad448225ac47049982d9faab7978a3__section_DefineUsers) + diff --git a/docs/ISuite/50-Development/enabling-users-2d113a1.md b/docs/ISuite/50-Development/enabling-users-2d113a1.md new file mode 100644 index 00000000..8b06ead5 --- /dev/null +++ b/docs/ISuite/50-Development/enabling-users-2d113a1.md @@ -0,0 +1,15 @@ + + +# Enabling Users + +You need users in the system for a scenario to work. Graph does not manage user identities and it cannot directly authenticate clients. Instead, it relies on the XSUAA, SAP Authorization and Trust Management Service to do that. By setting a trust relationship to XSUAA, Graph accepts the identities verified by XSUAA and passed to it in the form of bearer tokens. It supports token-based authentication. + +There are two ways to define users. For the purpose of bootstraps, demos, and PoCs, an administrator can simply add users, one-by-one, to the SAP BTP subaccount \(for example, via the SAP BTP cockpit\). But while XSUAA can manage such user collections, most organizations prefer to use their own user base and Identity Provider \(IdP\). + +SAP BTP supports identity federation, linking and reusing digital identities of a user base across loosely coupled systems. The federation is implemented using [SAP Cloud Identity Services - Identity Authentication \(IAS\)](https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/19f3eca47db643b6aad448b5dc1075ad.html) in the role of federating proxy. Setting up the trust between the SAP BTP subaccount \(XSUAA\) and IAS is described in [Establish Trust and Federation Between UAA and Identity Authentication](https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/161f8f0cfac64c4fa2d973bc5f08a894.html?version=Cloud). + +> ### Note: +> The added IdP must be enabled for interactive user login, to ensure that XSUAA redirects to the IAS login form when authenticating users. Shadow user creation must also be enabled to create copies of users from IAS to XSUAA. + +After setting trust, XSUAA can authenticate users from the given IdP. Since Graph has a trust relationship to XSUAA, it will be able to validate the tokens that it issued. + diff --git a/docs/ISuite/50-Development/encrypt-and-sign-the-message-content-with-pkcs-7-cms-encryptor-21fd211.md b/docs/ISuite/50-Development/encrypt-and-sign-the-message-content-with-pkcs-7-cms-encryptor-21fd211.md index e521422f..692d4f8d 100644 --- a/docs/ISuite/50-Development/encrypt-and-sign-the-message-content-with-pkcs-7-cms-encryptor-21fd211.md +++ b/docs/ISuite/50-Development/encrypt-and-sign-the-message-content-with-pkcs-7-cms-encryptor-21fd211.md @@ -168,7 +168,7 @@ In addition to encrypting the message content, you can also sign the content to Specify the signature \(digest\) algorithm. - Signature algorithms: MD5/RSA, RIPEMD128/RSA, RIPEMD160/RSA, RIPEMD256/RSA, SHA/RSA, SHA224/RSA, SHA256/RSA, SHA384/RSA, SHA512/RSA. + Signature algorithms: AES/GCM/NoPadding, AES/CCM/NoPadding, MD5/RSA, RIPEMD128/RSA, RIPEMD160/RSA, RIPEMD256/RSA, SHA/RSA, SHA224/RSA, SHA256/RSA, SHA384/RSA, SHA512/RSA. > ### Caution: > Algorithms starting with SHA1, MD2, or MD5 are still supported for compatibility reasons, but they no longer meet today's security requirements. Therefore, we recommend using stronger algorithms where possible. Check with your security experts or authorities like NIST for more detailed security recommendations. diff --git a/docs/ISuite/50-Development/enterprise-landscapes-9d7be62.md b/docs/ISuite/50-Development/enterprise-landscapes-9d7be62.md new file mode 100644 index 00000000..4525859d --- /dev/null +++ b/docs/ISuite/50-Development/enterprise-landscapes-9d7be62.md @@ -0,0 +1,34 @@ + + +# Enterprise Landscapes + +A discussion of enterprise landscapes. + +Enterprises and other companies deploy a variety of business software solutions to manage their major business processes, sometimes collectively called ERP solutions. While SAP offers integrated ERP solutions, many enterprises establish a portfolio of different products, sometimes even from other vendors, to address their unique business processes. + +One such process is *Lead to Cash*. This process is composed of SAP's Customer Experience suite: SAP Marketing Cloud, SAP Sales Cloud, and SAP Commerce Cloud, which are integrated with SAP S/4HANA. Revolving around functions such as marketing and lead generation, opportunity management, sales, and delivery to customers, enterprises often manage these processes in multiple solutions. + + + + + +## Replicated Data + +Managing a workflow across multiple solutions and data sources from one, or multiple, vendors, introduces common challenges. Imagine a product catalog. Where is this product catalog managed? One possibility is that one of the solutions \(the leading system\) manages the product catalog. In this situation, all other solutions refer to a product by its unique key \(ID\) and perform a query to the leading system for additional product information. To improve performance and availability, master data like the product catalog is often replicated in multiple systems to avoid these cross-system references. For example, SAP Sales Cloud has an entity `ProductCollection`. Similar information exists in the `A_Product` entity of SAP S/4HANA. + +This commonly leads to a situation of different key ranges: a product appears in one system with a local key \(product ID\) of 123, while the same product is listed in the second system with a local key of AZ-456. While both copies of the same master data instance have common attributes, each business system adds its own unique details. For example, SAP S/4HANA has manufacturing information about products, while SAP Sales Cloud manages product information that is more relevant to the sales cycle. + +Similarly, transactional data is copied or synchronized from one system to another. A common use case is a purchase order that crosses from the system where it was entered, for example, SAP Ariba, to the system where it’s processed, such as SAP S/4HANA. In some landscapes the keys are preserved, but it’s common that each system has its own key-range. + +While it might be desirable for each unique entity, such as product and purchase order, to have a globally unique key that is the same in each system, that isn’t the case in the real world. Therefore, cross-system replications and queries, joins and other navigations, require key-mapping. A key map \(ID map\) is like a translation pair: present an entity's local key in one system, to get the local key in the other system. This isn’t a new problem; the need for key mapping of different local keys exists in every integration scenario between communicating systems with shared data, in particular shared master data. Enterprises address this problem today in multiple ways. For example, SAP NetWeaver Process Integration \(SAP PI\) supports a popular Universal Key Mapping Service \(UKMS\) and SAP Sales Cloudhas its own key mapping for integration solution. Other enterprises use SAP Cloud Integration \(CPI\) or other integration products like SAP Master Data Governance \(MDG\), and commonly add custom fields to replicated business objects, which provide a back reference to the other key in the replication-source system. + + + + + +## Partitioned Data + +Enterprises often deploy multiple data sources of the same type. For example, they could have one instance of SAP Sales Cloud for its North American sales operations, and another for its European sales. Another common occurrence is multiple SAP S/4HANA tenants, because of regulatory or fiscal requirements, like one financial system for the holding company, and one for its subsidiary. Sometimes enterprises separate systems by products \(for example, soap and toothpaste\). + +An entity type is partitioned, or also known as horizontally partitioned, over multiple data sources of the same type, and is content dependent. Unlike the case of replicated data, in a partitioned scenario, an entity only exists in one business system. + diff --git a/docs/ISuite/50-Development/entities-6426313.md b/docs/ISuite/50-Development/entities-6426313.md new file mode 100644 index 00000000..5f73891d --- /dev/null +++ b/docs/ISuite/50-Development/entities-6426313.md @@ -0,0 +1,60 @@ + + +# Entities + +Information and examples about entity and namespace names. + + + + + +## Entity Names + +A fully qualified entity name consists of two parts: + +- The namespace in which the entity is grouped. + +- The entity name, also known as the resource name. + + +Entity names contain only ASCII alphanumeric characters and underscores. By convention, entity names are singular and start with an uppercase letter and use upper CamelCase to mark word parts. Acronyms, when used, remain in capital letters. Technically, entity names match a regex. + +Here are some examples of entity names: + +- `SalesOrder` + +- `HROrganizationUnit` + +- `MRPArea` + +- `AutomobilePart` + + + + + + +## Namespace Names + +Namespaces are, by convention, all lowercase alphanumeric, but can also contain dots \(but not underscores\), to create a pseudo hierarchy. A common convention is to start the namespace with a unique company indicator. The namespaces `sap.*` and `graphql` are reserved for SAP, and can't be used. + +Here are some examples of namespace names: + +- `bestrun` + +- `bestrun.hr` + +- `br.sales` + + +When writing out the full entity name, it's written as a single string with the last dot separating the namespace from the entity name. When using the full entity name in OData URLs, the namespace is considered a service name, and the entity name is considered the resource, separated from the service by a forward slash \(/\), rather than a dot. For example, to get a list of teachers called `Joan`, use the following query: + +``` +GET https://.a.integration.cloud.sap/graph/api/v1/my.new/Teacher?$filter=startswith(name,'Joan') +``` + +**Related Information** + + +[Try Out Regular Expressions \(Regex\)](https://regex101.com/r/NKEN4r/1) + diff --git a/docs/ISuite/50-Development/expose-an-endpoint-for-a-scheduled-integration-flow-d4bb40c.md b/docs/ISuite/50-Development/expose-an-endpoint-for-a-scheduled-integration-flow-d4bb40c.md index 57385519..756723a3 100644 --- a/docs/ISuite/50-Development/expose-an-endpoint-for-a-scheduled-integration-flow-d4bb40c.md +++ b/docs/ISuite/50-Development/expose-an-endpoint-for-a-scheduled-integration-flow-d4bb40c.md @@ -88,7 +88,7 @@ Like before, in a process call the control is then passed to the subprocess, and **Related Information** -[Simulation of an Integration Flow](simulation-of-an-integration-flow-2e2210b.md "The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide whether to continue and deploy the integration flow or changes the same. You can also resolve if there are any errors.") +[Simulation of an Integration Flow](simulation-of-an-integration-flow-2e2210b.md "The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide to deploy the integration flow or resolve any errors.") [Define Local Integration Process](define-local-integration-process-520341a.md "You use the local integration process to simplify your integration process. You can break down the main integration process into smaller fragments by using local integration processes. You combine these fragments to achieve your main integration process.") diff --git a/docs/ISuite/50-Development/extend-your-business-data-graph-bb4f072.md b/docs/ISuite/50-Development/extend-your-business-data-graph-bb4f072.md new file mode 100644 index 00000000..e7074980 --- /dev/null +++ b/docs/ISuite/50-Development/extend-your-business-data-graph-bb4f072.md @@ -0,0 +1,112 @@ + + +# Extend Your Business Data Graph + +To extend your business data graph, you can create model extensions that describe your custom entity projections. + + + + + +## Context + +Once you have modeled your extension, you can add it your business data graph. For more information, see [Model](model-31f8c54.md). + + + + + +## Procedure + +1. Go to the SAP Integration Suite home page *Design* \> *Graph* \> *Model Extensions*. Choose *Create new model extension* or you can upload an existing model extension by choosing *Create from file*. + +2. Enter the name and description of your model extension, and select from which business data graph you want to use metadata. Choose *Create*. + + Once the model extension is created, it appears in the *Model Extensions* overview table. Now, you can add your model extension to a business data graph. + +3. There are two ways to extend a business data graph: + + - Extending new Business Data Graph: + 1. Follow the steps for creating a new business data graph. For more information, see [Create a Business Data Graph in Integration Suite](create-a-business-data-graph-in-integration-suite-42daf3b.md). + + 2. In the optional step of extending your business data graph, select your model extensions from the drop-down list. Choose *Next* and complete the rest of the steps. + + + - Extending existing Business Data Graph: + + 1. Go to the *Business Data Graphs* overview tab, select the business data graph you want to extend, and choose *Edit*. + + 2. Add your extension IDs as an array to the `extensions` attribute of your business data graph configuration file. + + + > ### Note: + > If the `extensions` attribute does not exist in your configuration file, you can add it while you are editing your business data graph. + + + + + +## Example + +Example of Business Data Graph Configuration File with Extensions: + +``` +{ + "businessDataGraphIdentifier": "ff-example", + "graphModelVersion": "^v3", + "schemaVersion": "1.2.0", + "extensions": [ + "frequent-flyer" + ], + "dataSources": [ + { + "name": "s4", + "services": [ + { + "destinationName": "sap-s4" + } + ] + }, + { + "name": "mycustom", + "services": [ + { + "destinationName": "frequent-flyer" + } + ], + "namespace": "mycustom" + } + ], + "locatingPolicy": { + "cues": [], + "rules": [ + { + "name": "sap.s4.*", + "leading": "s4", + "local": [] + }, + { + "name": "sap.graph.*", + "leading": "s4" + }, + { + "name": "mycustom.*", + "leading": "mycustom" + }, + { + "name": "myextension.FrequentFlyer", + "leading": "mycustom", + "local": [] + }, + { + "name": "myextension.FrequentFlyer", + "leading": "s4", + "local": [], + "sourceEntity": "sap.s4.A_BusinessPartner" + } + ] + } +} + +``` + diff --git a/docs/ISuite/50-Development/file-resource-79299d3.md b/docs/ISuite/50-Development/file-resource-79299d3.md index 76a95966..05b8cfae 100644 --- a/docs/ISuite/50-Development/file-resource-79299d3.md +++ b/docs/ISuite/50-Development/file-resource-79299d3.md @@ -2,7 +2,7 @@ # File Resource -File resource is a script or code snippet that can be attached to flows using policies. +File resources are scripts or schemas that can be attached to flows using policies. -An API proxy container supports definition of a number of Java, Python, or XSL scripts. These scripts can be executed in the context of either a java script, python script, or XSL transformation policy. Once a script is defined, it can be applied as a either a java script, python script, or XSL transformation policy in different flows. +An API proxy container supports definition of a number of Javascript, Python, XSL scripts. It also supports XSD ad WSDL schemas. These scripts can be executed in the context of either a java script, python script, or XSL transformation policy. Once a script is defined, it can be applied as a either a java script, python script, or XSL transformation policy in different flows. diff --git a/docs/ISuite/50-Development/getting-started-7bb3603.md b/docs/ISuite/50-Development/getting-started-7bb3603.md new file mode 100644 index 00000000..16e7cac7 --- /dev/null +++ b/docs/ISuite/50-Development/getting-started-7bb3603.md @@ -0,0 +1,60 @@ + + + + +# Getting Started + +As a Subaccount or Tenant Administrator, you need to perform various steps to use the Graph Configuration API. + + + + + +## Prerequisites + +You have: + +- Assigned the role of *Graph\_Key\_User*. You need this role to use the configuration API. + +- Set up your data sources and authorized your user to access all the data sources \(destinations\) in the landscape. Your user needs this authorization to allow Graph to discover the data models. + +- Configured an entitlement for Graph to access the Graph Configuration API. For more information, see [Configure Entitlement for Graph](initial-setup-12ad448.md#loio12ad448225ac47049982d9faab7978a3__section_configEntitlement). + + + + + + +## Create a Graph Service Instance + +In the SAP BTP cockpit, go to *Services Instances and Subscriptions* and do the following: + +1. Choose *Create*. The *New Instance or Subscription* wizard opens. + +2. Select the Graph service from the dropdown menu and enter the basic information for your instance. + +3. Select *configuration* for your service plan. + +4. Select *Other* for your runtime environment. + + > ### Note: + > Other runtime environments are also supported, but not required + +5. Enter a name for your instance, and choose *Create*. + + + + + + +## Create and Download a Service Binding + +The Graph key user must have a service binding to obtain the access credentials to consume it. + +1. In the SAP BTP cockpit, go to *Services Instances and Subscriptions* and choose . Select *Create Service Binding*, enter any name, and choose *Create*. + +2. Choose to download a text file of the service binding. + + For more information, see [Creating Service Bindings in Other Environments](https://help.sap.com/docs/service-manager/sap-service-manager/creating-service-bindings-in-other-environments?version=Cloud). + + diff --git a/docs/ISuite/50-Development/getting-started-8fb14e0.md b/docs/ISuite/50-Development/getting-started-8fb14e0.md new file mode 100644 index 00000000..366b5732 --- /dev/null +++ b/docs/ISuite/50-Development/getting-started-8fb14e0.md @@ -0,0 +1,17 @@ + + +# Getting Started + +There are two important considerations before developing your Graph application: + +1. What type of application are you planning to develop? What is the use case? For more information about the implications of this question, see [Application Archetypes](application-archetypes-4db0c0b.md). + +2. What is your authentication strategy, and how do you plan to retrieve the necessary access token to communicate with Graph? For more information about the possible options, see [Authentication](authentication-79aabda.md). + + +These considerations have some implications for the landscapes that your application can support. The following diagram summarizes your choices as a developer: + +![](images/Flow_Chart_for_Developers_16e4fd5.png) + +There is a [Graph tutorial](https://blogs.sap.com/2021/06/08/sap-graph-multi-part-tutorial-information-map/), which uses a sandbox landscape and introduces developers to Graph through simple examples. As mentioned, the [Graph Navigator](https://api.sap.com/graph) provides detailed information for over 2,200 root entities. + diff --git a/docs/ISuite/50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md b/docs/ISuite/50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md index 07b9a762..0ae5a921 100644 --- a/docs/ISuite/50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md +++ b/docs/ISuite/50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md @@ -17,7 +17,7 @@ Let us get started with creating B2B scenarios in SAP Integration Suite. The ste [Creating a Trading Partner Profile](creating-a-trading-partner-profile-542fb11.md "A trading partner is a company, organization, or a subsidiary that conducts e-business (B2B) with other companies, organizations or subsidiaries.") - +[Creating a Communication Partner Profile](creating-a-communication-partner-profile-49a6b02.md "Create a Communication Partner profile.") [Creating an Agreement Template](creating-an-agreement-template-9692cb1.md "An agreement template is a template of a semantical choreography definition consisting of one or more business transactions. The configurations at the template level serve as defaults that can then be reused and overridden when creating the trading partner agreement.") diff --git a/docs/ISuite/50-Development/graph-7d19a62.md b/docs/ISuite/50-Development/graph-7d19a62.md new file mode 100644 index 00000000..eca9d797 --- /dev/null +++ b/docs/ISuite/50-Development/graph-7d19a62.md @@ -0,0 +1,6 @@ + + +# Graph + +Extending traditional API Management, Graph enables you to expose all your business data in the form of a semantically connected data graph, accessed via a single unified and powerful API. + diff --git a/docs/ISuite/50-Development/graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md b/docs/ISuite/50-Development/graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md new file mode 100644 index 00000000..f0134d0a --- /dev/null +++ b/docs/ISuite/50-Development/graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md @@ -0,0 +1,49 @@ + + +# Graph Navigator in SAP API Business Hub Enterprise + +The Graph Navigator is a tool that you use to inspect business data graphs. + + + + + +## Prerequisites + +- You are assigned the role of *Graph\_Navigator\_Viewer*. For more information, see [Define Users for Graph](initial-setup-12ad448.md#loio12ad448225ac47049982d9faab7978a3__section_DefineUsers). + +- You have already created a business data graph in Graph on the Integration Suite home page. For more information, see: + + - [Create a Business Data Graph in Integration Suite](create-a-business-data-graph-in-integration-suite-42daf3b.md) + + - [Extend Your Business Data Graph](extend-your-business-data-graph-bb4f072.md) + + + + + + + +## Using the Graph Navigator + +> ### Note: +> To access the Graph Navigator in SAP API business hub enterprise, the Graph capability of API Management within SAP Integration Suite must be activated. For more information, see [Configure Graph](initial-setup-12ad448.md#loio12ad448225ac47049982d9faab7978a3__section_AddGraph_APIM). + + + +### Steps + +1. Go to SAP Integration Suite*homepage* \> *Graph Navigator*. + + > ### Note: + > You can also go to *SAP Integration Suite homepage* \> *API Business Hub Enterprise* and choose *Graph* from the menu bar. + +2. Select a business data graph. + +3. Your selected business data graph with a list of available entities appears. + + Select a business system to see all of the available entities. + +4. Go to the *Try Out* tab to make requests for data objects. The *Navigate* panel shows available options to navigate to connected data objects. Choose *Run* to the see the API response. + + diff --git a/docs/ISuite/50-Development/graph-syntax-diagrams-86101be.md b/docs/ISuite/50-Development/graph-syntax-diagrams-86101be.md new file mode 100644 index 00000000..0c411026 --- /dev/null +++ b/docs/ISuite/50-Development/graph-syntax-diagrams-86101be.md @@ -0,0 +1,10 @@ + + +# Graph Syntax Diagrams + +Syntax diagrams, or railroad diagrams, are an interactive graphical representation of the Graph unified API. + +Syntax diagrams or railroad diagrams represent context-free grammar. + + + diff --git a/docs/ISuite/50-Development/graphql-de72309.md b/docs/ISuite/50-Development/graphql-de72309.md new file mode 100644 index 00000000..9e2c39d5 --- /dev/null +++ b/docs/ISuite/50-Development/graphql-de72309.md @@ -0,0 +1,71 @@ + + +# GraphQL + +GraphQL is a query language for APIs that uses similar modeling principles to OData. It features a type system to describe the data model and gives clients the ability to specify the data they want to request. Graph supports GraphQL as an alternative protocol to OData. + +> ### Caution: +> GraphQL is an experimental capability. We do not recommend building productive workflows on top of it yet. There are many limitations of the GraphQL protocol adapter when compared to the OData interface. + +GraphQL is a query language for APIs that provides a type system to describe the data model in a structured way. It provides a type system to describe the data model of an API in a structured way. Additionally, clients of an API use the query language to describe the data they want to request. GraphQL is similar to OData because they both provide a structured, typed schema for APIs and also enable clients to write powerful queries to request exactly the data they need using a single request. Graph offers two protocol adapters out of the box: + +- OData + +- GraphQL + + +The GraphQL adapter builds on the same metadata as the OData adapter. + + + + + +## Explore + +The GraphQL interface is exposed on a single endpoint in any given business data graph: + +``` +POST https://.a.integration.cloud.sap/graph/api//graphql +``` + +- `subdomain` is the subdomain assigned to the tenant. For example, `is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef`. +- `bdg` is the business data graph identifier specified by the Graph configuration. + +Because the Graph API is always protected by OAuth 2.0 authorization, the bearer token is sent with all of the requests in the `Authorization` header. + +The GraphQL interface can be viewed in detail using a number of tools. The following is a list of recommended tools that support exploring GraphQL endpoints: + +- Altair GraphQL Client +- Postman +- Insomnia +- GraphQL Playground + + +All of these tools exploring the GraphQL interface in a similar way. Before you use one of the tools, you need the following: + +- The GraphQL endpoint of your business data graph. +- An OAuth bearer token for your business data graph to send as the `Authorization` header. + +> ### Sample Code: +> ``` +> POST https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/graphql +> Authorization: Bearer +> ``` + +**Related Information** + + +[GraphQL.Org](https://graphql.org/) + +[CAP GraphQL Protocol Adapter](https://pages.github.tools.sap/cap/docs/node.js/protocols#graphql-adapter) + +[Altair GraphQL Client](https://altairgraphql.dev/) + +[Postman: Querying with GraphQL](https://learning.postman.com/docs/sending-requests/graphql/graphql/) + +[Insomnia: GraphQL Queries](https://docs.insomnia.rest/insomnia/graphql-queries) + +[GraphQL Playground](https://github.com/graphql/graphql-playground) + +[The Graph OData V4 API](the-graph-odata-v4-api-79162b2.md "Graph supports the OData v4 protocol to access business data graphs.") + diff --git a/docs/ISuite/50-Development/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md b/docs/ISuite/50-Development/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md new file mode 100644 index 00000000..c661153e --- /dev/null +++ b/docs/ISuite/50-Development/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md @@ -0,0 +1,452 @@ + + +# Handling Faults using FaultRules and DefaultFaultRule + +When servicing a request, an API proxy may encounter various error conditions. These errors occur when a policy is unable to perform its intended function. In this section, we will explore the utilization of FaultRules and DefaultFaultRule to create a customized fault handling branch for handling such errors. + +By default, SAP API Management provides the client application with an Error code \(HTTP Status\) and fault message when an error occurs. The specific Error and HTTP status codes for each policy can be found in the documentation provided by help.sap. To illustrate, let's consider the [Verify API Key](verify-api-key-4d15a04.md) policy as an example. + +**Error Code** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Error Name + + + +HTTP Status + +
+ +DeveloperStatusNotActive + + + +401 + +
+ +FailedToResolveAPIKey + + + +401 + +
+ +InvalidApiKey + + + +401 + +
+ +InvalidApiKeyForGivenResource + + + +401 + +
+ +invalid\_client-app\_not\_approved + + + +401 + +
+ +Customizing the error message and providing additional information can help consumers better understand and resolve errors, as the default error message may be unclear. It is also recommended to return custom headers or HTTP status codes when necessary. In certain situations, it may be necessary to execute a series of policies, such as logging the error and returning a custom message. + +To raise custom HTTP codes and/or messages, the[Raise Fault](raise-fault-c7f2e8d.md) policy can be used. However, for implementing a common error handling pattern, FaultRules and DefaultFaultRule are typically used. + + + + + +## FaultRules and DefaultFaultRule + +When an API proxy encounters an error, it deviates from the normal processing pipeline and enters an error state. In this error state, the API Proxy follows a specific order to execute FaultRules and DefaultFaultRule. + +- **FaultRules**: Contains the necessary logic to trigger custom error messages and other policies based on specific conditions. + +- **DefaultFaultRule**: Contains the logic to trigger custom error messages and other policies when no FaultRule is executed or when the *AlwaysEnforce* element is set to true. + + +> ### Note: +> An API proxy enters the error state only when the *continueOnError* attribute is set to *false* on a policy or when the Raise Fault policy is executed. +> +> In the Proxy Endpoint, FaultRules are evaluated from bottom to top, while in the Target Endpoint, they are evaluated from top to bottom. +> +> Only the first matching FaultRule is executed. + + + + + +## Create the that will trigger the policy + +In the `` or `` sections of the proxy configuration, you will add a `` XML block that contains one or more individual `` sections. Each FaultRule represents a different error that you want to handle. In the folowing example, we will use only one FaultRule to demonstrate its composition: + +You should also include a `` to provide a custom general error message in case none of your FaultRules are executed. + +Example: + +> ### Sample Code: +> ``` +> +> +> "invalid_key_rule" +> (fault.name = "FailedToResolveAPIKey") +> +> +> invalid-key-message +> 1 +> +> +> +> +> +> "default-fault" +> +> +> Default-message +> 1 +> +> +> +> +> ``` + +**Key points:** + +- **``**: FaultRule name. +- **``**: The name of the policy to be executed. The name is derived from the policy's name attribute on the parent element. +- **``**: API Management evaluates the condition and executes the policy only if the condition is true. If multiple FaultRules evaluate to true, API Management will execute the first one that is true. It is important to note that the order in which the FaultRules are evaluated, top to bottom or bottom to top, differs between the TargetEndpoint and ProxyEndpoint. If you don't include a condition, the FaultRule is automatically considered true. However, this is not considered a best practice. It is recommended that each FaultRule has its own condition specified. +- **``**: If no custom FaultRule is executed, the `` is triggered, and it sends a more generic custom message instead of the default API Management-generated message. A `` can also have a ``, but in most cases, you would not include one because you want it to execute regardless of any specific conditions, serving as a last resort. + + The `DefaultFaultRule` is typically used to return a generic error message for any unexpected error. For instance, it can include contact information for technical support. This default response serves the dual purpose of providing developer-friendly information while also obfuscating backend URLs or other information that might be used to compromise the system. + + + + + + +## Multiple FaultRules and Execution Logic + +This section describes the logic API Management uses in handling FaultRules, from how it arrives at a single FaultRule to execute to how "inner" Step conditions are handled when their FaultRule is triggered. Additionally, it provides guidance on when to define FaultRules in the `` versus the ``. + + + +### FaultRules Execution + +**Outer and Inner Conditions**: Now, let us refer to "outer" and "inner" conditions, which can also be called "FaultRule" and "Step" conditions, respectively. It is crucial to understand the difference between these two types of conditions. Here is an example of a FaultRule that includes both an outer FaultRule condition and an inner step condition. We will explore the differences further below. + +> ### Sample Code: +> ``` +> +> +> developer-over-quota-fault +> +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> +> +> (fault.name = "QuotaViolation") +> +> ``` + +In brief, here's the logic that API Management uses when an API proxy goes into an error state. It is important to note that there is a slight difference in the evaluation of FaultRules between the ProxyEndpoint and the TargetEndpoint: + +1. API Management evaluates the FaultRules in either the ProxyEndpoint or TargetEndpoint, depending on where the error occurred: + + - **ProxyEndpoint**: API Management starts from the bottom `` in the configuration XML and proceeds upwards, evaluating the `` of each `` \(the "outer" condition, not the "inner" `` conditions\). + + - **TargetEndpoint**: API Management starts from the top `` in the configuration XML and proceeds downwards, evaluating the `` of each `` \(the "outer" condition, not the "inner" `` conditions\). + + +2. Executes the first FaultRule whose condition is true. If a FaultRule has no condition, it's true by default. + + - When a FaultRule is executed, all Steps within the FaultRule are evaluated sequentially, from top to bottom in the XML configuration. Steps that do not have conditions are automatically executed, meaning their policies are executed, and Steps that have a `` element that evaluates to "true" are executed, while those with conditions that evaluate to "false" are not executed. + + - If a FaultRule is executed, but none of the Steps in the FaultRule are executed \(due to their conditions evaluating to "false"\), the API Management-generated default error message is returned to the client application. The `` is not executed because API Management has already executed its own FaultRule. + + > ### Note: + > The exception to this is if the `` has the child element `true`, which executes the DefaultFaultRule even if a FaultRule was executed. + > + > However, there's one instance where this isn't the case. If a FaultRule other than the DefaultFaultRule invokes a RaiseFault policy, the DefaultFaultRule does not execute, even if the `` element in the `` tag is true. + + +3. If no FaultRule is executed, API Management executes the ``, if present. + + + + +### ProxyEndpoint execution + +The evaluation of ProxyEndpoint FaultRules is done from bottom to top. Therefore, you should begin reading from the last FaultRule in the following sample and proceed upwards. Finally, consider the DefaultFaultRule as the last one to analyze. + +> ### Sample Code: +> ``` +> +> ... +> < faultRules > +> +> +> +> random-error-message +> +> +> Random-fault +> 1 +> +> +> +> +> +> +> +> +> over_quota +> +> +> developer-over-quota-fault +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> global-over-quota-fault +> (ratelimit.global-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> log-error-message +> 1 +> +> (fault.name = "QuotaViolation") +> +> +> +> +> +> +> +> default-fault +> true +> +> +> Default-message +> 1 +> +> +> +> +> ``` + + + +### TargetEndpoint execution + +The evaluation of TargetEndpoint FaultRules follows a top-to-bottom approach. Therefore, begin reading from the first FaultRule in the following sample and proceed downwards. Finally, consider the DefaultFaultRule as the last one to analyze. + +> ### Sample Code: +> ``` +> +> ... +> +> +> +> +> invalid_key_rule +> +> +> invalid-key-message +> 1 +> +> (fault.name = "FailedToResolveAPIKey") +> +> +> +> +> +> +> +> over_quota +> +> +> developer-over-quota-fault +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> global-over-quota-fault +> (ratelimit.global-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> log-error-message +> 1 +> +> (fault.name = "QuotaViolation") +> +> +> +> +> +> +> +> random-error-message +> +> +> Random-fault +> 1 +> +> +> +> +> +> +> +> +> default-fault +> true +> +> +> Default-message +> 1 +> +> +> +> +> ``` + + + + + +## Fault rule order + +As you can see in the previous example, the order in which you place your FaultRules is important, depending on whether the error occurs in the ProxyEndpoint versus the TargetEndpoint. + + + + + + + + + + + +
+ +ProxyEndpoint order + + + +TargetEndpoint order + +
+ +In the following example, since evaluation is performed from bottom to top, FaultRule 3 is executed, which means FaultRules 2 and 1 are not evaluated: + +5. FaultRule 1: FALSE + +4. FaultRule 2: TRUE + +3. FaultRule 3: TRUE + +2. FaultRule 4: FALSE + +1. FaultRule: 5 FALSE + + + +In the following example, since evaluation is performed from top to bottom, FaultRule 2 is executed, which means FaultRules 3, 4, and 5 are not evaluated: + +1. FaultRule 1: FALSE + +2. FaultRule 2: TRUE + +3. FaultRule 3: TRUE + +4. FaultRule 4: FALSE + +5. FaultRule: 5 FALSE + +
+ diff --git a/docs/ISuite/50-Development/header-properties-8951a9f.md b/docs/ISuite/50-Development/header-properties-8951a9f.md new file mode 100644 index 00000000..829dd8ad --- /dev/null +++ b/docs/ISuite/50-Development/header-properties-8951a9f.md @@ -0,0 +1,193 @@ + + +# Header Properties + +A list of header properties that can be found in project definition files. + + + + + +## `label` + +A short description of the custom entity that is used in metadata documentation. + + + + + +## `entity` + +The full name of the custom entity. For example: + +``` +"entity": "bestrun.financials.Receipt" +``` + +In this example,`bestrun.financials` is the namespace, and `Receipt` is the entity name. + + + + + +## `version` + +The current semantic version of the custom entity, using a [semver](https://semver.org/) convention. Using this convention, the format of this property value is `major.minor.patch`. The major version number is incremented to indicate an incompatible change. The minor version is incremented for new backwards-compatible functionality, and the patch number is incremented to indicate a bug fix, documentation change, or other small improvement. + +A data graph can only contain one version of a custom entity, but different data graphs can use different versions of the custom entity. + +``` +"version": "1.0.5" // major version 1, patch 5 +``` + + + + + +## `sourceEntities` + +Custom entities are constructed from attributes, which are mapped to mirrored data source entity attributes. The `sourceEntities` array property lists the mirrored entities whose attributes are used in these mappings. + +> ### Note: +> Only mirrored projection entities can be specified as data source entities. It is not possible to recursively define a custom entity as a mapping of another custom or unified entity. + +Most custom entities only require one source entity. Complex, composed custom entities can have two or more source entities. The first or only source entity is referred to as the *main source* entity, and is the default one if none is specified in an attribute mapping. The subsequent source entities are defined via a join property of the corresponding source attributes that have matching instance values. + +Each source entity is described as an object with the following structure: + + + + + + + + + + + + + + + + + + + + + +
+ +Property + + + +Type + + + +Mandatory + + + +Description + +
+ +`name` + + + +String + + + +Yes + + + +The full name of the source entity. Like the custom entity, the source entity name must be fully qualified, including the namespace. + +The first `sourceEntity` in the array is the default. + +
+ +`join` + + + +Array + + + +Yes + + + +This property doesn't apply to the first, default source entity, but must be present in all nondefault source entity objects. It consists of one or more pairs of primary key attributes, which indicate how the instances of the source entity match the main source entity. The first item in the pair is the name of a source key attribute in the main source entity and the second is the corresponding key attribute name in the current source entity. For example: + +``` +"join": [["BusinessPartner", "Customer"]] +``` + +indicates that the `Customer` key in this source entity corresponds to the `BusinessPartner` key in the main source entity. If more than one pair is specified, they must both match: + +``` +"sourceEntities": [ + { "name": "my.course" }, + { "name": "my.classRoom", "join": [["subject", "Subject"], ["teacher", "Teacher"]] } +] + +``` + +This is interpreted as:`my.course.subject = my.classRoom.Subject AND my.course.teacher = my.classRoom.Teacher` + +
+ +Here's an example of a complex `sourceEntities` property: + +``` +"sourceEntities": [ + { "name": "sap.s4.A_BusinessPartnerRole" }, + { "name": "sap.s4.A_BusinessPartner", "join": [["BusinessPartner", "BusinessPartner"]] }, + { "name": "sap.s4.A_BusinessPartnerContact", "join": [["BusinessPartner", "BusinessPartnerPerson"]] } + ], + +``` + +> ### Note: +> Custom entities based on multiple data sources can't be written atomically, since data changes involve multiple systems, which can't guarantee an atomic transaction. The approach Graph takes is to allow developers to change \(write, update\) only the non read-only attributes of the main data source \(the first one in the list\). Attributes from the source entity, that is not a main source entity, cannot be written and are always read-only, whether explicitly declared so in an annotation, or not. Deleting a custom entity instance only deletes the corresponding underlying main source entity, but not the other source entities. + + + + + +## `dicts` + +The dicts objects contain dictionary objects. Each dictionary object is a simple value mapping. For example, a certain data source attribute is defined as a single digit, 1, 2, … 5 representing five enumeration values, from poor to excellent. Modelers can replace the numeric values by defining them as follows: + +``` +"dicts": { + "qualityDict": { "poor": "1", … "excellent": "5", "not rated": "0" } +} + +``` + +The last entry in the dictionary is the default value, when no other value matches. For more information, see the dict transform in [Transform Functions](transform-functions-cec1e73.md). + + + + + +## `annotations` + +A list \(object\) of annotation properties. You can use the following optional properties: + +- `description` \(String\) + + A comprehensive description of the entity, used in metadata documentation. + +- `readonly` \(boolean, default is false\) + + True if the custom entity is treated as read-only. + + diff --git a/docs/ISuite/50-Development/id-mapping-with-multicast-55f2d4a.md b/docs/ISuite/50-Development/id-mapping-with-multicast-55f2d4a.md index 04a056c6..4d7050aa 100644 --- a/docs/ISuite/50-Development/id-mapping-with-multicast-55f2d4a.md +++ b/docs/ISuite/50-Development/id-mapping-with-multicast-55f2d4a.md @@ -149,7 +149,7 @@ Value -`${property.SplitMessageID}` +`${header.SapMessageIdEx}` @@ -229,7 +229,7 @@ Value -`${property.SplitMessageID}` +`${header.SapMessageIdEx}` diff --git a/docs/ISuite/50-Development/images/Application_Architypes_f65da8e.png b/docs/ISuite/50-Development/images/Application_Architypes_f65da8e.png new file mode 100644 index 00000000..fc8a4620 Binary files /dev/null and b/docs/ISuite/50-Development/images/Application_Architypes_f65da8e.png differ diff --git a/docs/ISuite/50-Development/images/CPI_ODataAPI_a325b4e.png b/docs/ISuite/50-Development/images/CPI_ODataAPI_a325b4e.png new file mode 100644 index 00000000..95231626 Binary files /dev/null and b/docs/ISuite/50-Development/images/CPI_ODataAPI_a325b4e.png differ diff --git a/docs/ISuite/50-Development/images/CPI_OData_Authentication_2fc6272.png b/docs/ISuite/50-Development/images/CPI_OData_Authentication_2fc6272.png new file mode 100644 index 00000000..b5bcfc50 Binary files /dev/null and b/docs/ISuite/50-Development/images/CPI_OData_Authentication_2fc6272.png differ diff --git a/docs/ISuite/50-Development/images/CPI_OData_Query2_6dae5cb.png b/docs/ISuite/50-Development/images/CPI_OData_Query2_6dae5cb.png new file mode 100644 index 00000000..5afb1356 Binary files /dev/null and b/docs/ISuite/50-Development/images/CPI_OData_Query2_6dae5cb.png differ diff --git a/docs/ISuite/50-Development/images/Coupa_Receiver_Adapter_dccbe44.png b/docs/ISuite/50-Development/images/Coupa_Receiver_Adapter_dccbe44.png new file mode 100644 index 00000000..1b9d90b1 Binary files /dev/null and b/docs/ISuite/50-Development/images/Coupa_Receiver_Adapter_dccbe44.png differ diff --git a/docs/ISuite/50-Development/images/Elements_of_Modeling_4eb2b4b.png b/docs/ISuite/50-Development/images/Elements_of_Modeling_4eb2b4b.png new file mode 100644 index 00000000..44e4c696 Binary files /dev/null and b/docs/ISuite/50-Development/images/Elements_of_Modeling_4eb2b4b.png differ diff --git a/docs/ISuite/50-Development/images/Flow_Chart_for_Developers_16e4fd5.png b/docs/ISuite/50-Development/images/Flow_Chart_for_Developers_16e4fd5.png new file mode 100644 index 00000000..5ffb0c79 Binary files /dev/null and b/docs/ISuite/50-Development/images/Flow_Chart_for_Developers_16e4fd5.png differ diff --git a/docs/ISuite/50-Development/images/Graph_Concept_Key_5b01c09.png b/docs/ISuite/50-Development/images/Graph_Concept_Key_5b01c09.png new file mode 100644 index 00000000..a02b5250 Binary files /dev/null and b/docs/ISuite/50-Development/images/Graph_Concept_Key_5b01c09.png differ diff --git a/docs/ISuite/50-Development/images/Graph_Landscape_62258b9.png b/docs/ISuite/50-Development/images/Graph_Landscape_62258b9.png new file mode 100644 index 00000000..fa78a855 Binary files /dev/null and b/docs/ISuite/50-Development/images/Graph_Landscape_62258b9.png differ diff --git a/docs/ISuite/50-Development/images/Graph_URL_Syntax_55a4f49.png b/docs/ISuite/50-Development/images/Graph_URL_Syntax_55a4f49.png new file mode 100644 index 00000000..4b83fb19 Binary files /dev/null and b/docs/ISuite/50-Development/images/Graph_URL_Syntax_55a4f49.png differ diff --git a/docs/ISuite/50-Development/images/Landscape_Partitioned_Data_d6ce31e.png b/docs/ISuite/50-Development/images/Landscape_Partitioned_Data_d6ce31e.png new file mode 100644 index 00000000..3cc9eb73 Binary files /dev/null and b/docs/ISuite/50-Development/images/Landscape_Partitioned_Data_d6ce31e.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Example_1_683b7f3.png b/docs/ISuite/50-Development/images/Modeling_Example_1_683b7f3.png new file mode 100644 index 00000000..4f4e2a2a Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Example_1_683b7f3.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Example_2_e3aad43.png b/docs/ISuite/50-Development/images/Modeling_Example_2_e3aad43.png new file mode 100644 index 00000000..974e4f16 Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Example_2_e3aad43.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Example_3_213d452.png b/docs/ISuite/50-Development/images/Modeling_Example_3_213d452.png new file mode 100644 index 00000000..4eac870a Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Example_3_213d452.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Example_4_bd6d332.png b/docs/ISuite/50-Development/images/Modeling_Example_4_bd6d332.png new file mode 100644 index 00000000..fe0e7900 Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Example_4_bd6d332.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Intro_2b906e7.png b/docs/ISuite/50-Development/images/Modeling_Intro_2b906e7.png new file mode 100644 index 00000000..0d36cf00 Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Intro_2b906e7.png differ diff --git a/docs/ISuite/50-Development/images/Modeling_Reference_44dd2ab.png b/docs/ISuite/50-Development/images/Modeling_Reference_44dd2ab.png new file mode 100644 index 00000000..14f835aa Binary files /dev/null and b/docs/ISuite/50-Development/images/Modeling_Reference_44dd2ab.png differ diff --git a/docs/ISuite/50-Development/images/NetSuite_Adapter_0cae5fe.png b/docs/ISuite/50-Development/images/NetSuite_Adapter_0cae5fe.png new file mode 100644 index 00000000..f1b9bd81 Binary files /dev/null and b/docs/ISuite/50-Development/images/NetSuite_Adapter_0cae5fe.png differ diff --git a/docs/ISuite/50-Development/images/OData_URL_Syntax_3fb43c5.png b/docs/ISuite/50-Development/images/OData_URL_Syntax_3fb43c5.png new file mode 100644 index 00000000..19818db4 Binary files /dev/null and b/docs/ISuite/50-Development/images/OData_URL_Syntax_3fb43c5.png differ diff --git a/docs/ISuite/50-Development/images/SalesQuote_Business_Data_Graph_ede046e.png b/docs/ISuite/50-Development/images/SalesQuote_Business_Data_Graph_ede046e.png new file mode 100644 index 00000000..0788d160 Binary files /dev/null and b/docs/ISuite/50-Development/images/SalesQuote_Business_Data_Graph_ede046e.png differ diff --git a/docs/ISuite/50-Development/images/Token-Based_Authentication_6207efc.png b/docs/ISuite/50-Development/images/Token-Based_Authentication_6207efc.png new file mode 100644 index 00000000..b1f40b67 Binary files /dev/null and b/docs/ISuite/50-Development/images/Token-Based_Authentication_6207efc.png differ diff --git a/docs/ISuite/50-Development/import-and-export-agreements-09400a2.md b/docs/ISuite/50-Development/import-and-export-agreements-09400a2.md index 5c5d448a..ac2360db 100644 --- a/docs/ISuite/50-Development/import-and-export-agreements-09400a2.md +++ b/docs/ISuite/50-Development/import-and-export-agreements-09400a2.md @@ -65,6 +65,11 @@ If you chose *Export Agreement*, - *Skip* to skip the export of all parameters. + - *Security*: Choose + - *Export All* to export all security configurations except the certificate aliases. + + - *Skip* to skip the export of all security information. + Choose *Next* after maintaining the field values. @@ -96,19 +101,31 @@ If you chose *Import Agreement*, > The maximum number of agreements allowed per import is 300. 5. Under the *Configure Import Options*, maintain the following fields: - - *Identifiers*: Choose + - *Single Identifiers*: Choose - *Create Only* if you want to create the identifiers in the system. - *Create or Overwrite* if you want to import the values or, overwrite them in the system if the alias matches. To know more about aliases, see [Understanding the Basic Concepts](understanding-the-basic-concepts-74c068d.md). - *Skip* if you want to skip the import of the identifiers. - - Similary, set the values for the field *System Communication Channels*. - - For the fields *Parameters* and *Activity Paramaters*, choose: + - Similary, set the values for the field *Identifier Groups*. + - For the field *Identifiers in Groups*, select: + - *Import Empty Groups*: If you want to import just the identifier groups without the identifiers within them, choose this option. + + - *Import Identifiers in Groups \(exclude conflicting Identifiers\)*: If you want to import the groups and the identifers within them, choose this option. This will however exclude the identifiers than conflict with identifiers already existing in the system. + - *Import Identifiers in Groups \(include conflicting Identifiers\)*: If you want to import the groups and the identifiers within them, including even the ones that conflict with the identifiers existing already in the system, choose this option. + + - Set the values for the field *System Communication Channels* similar to the identifiers field. + - For the fields *Parameters*, *Activity Paramaters* and *Security*, choose: - *Create or Overwrite* if you want to import the values or, overwrite them in the system if the alias matches. To know more about aliases, see [Understanding the Basic Concepts](understanding-the-basic-concepts-74c068d.md). - *Skip* if you want to skip the import of the identifiers. - - Select if you want to import or skip the *MIG References* and *MAG References* using the radio button. The *Import* button is selected by default. The *Remove* button removes all MIG and MAG references from the agreements. You need to reassign the MIGs and MAGs to the imported agreements. + - For the fields *MIG References* and *MAG References*, choose: + + - *Import* if you want to import all MIG/MAG references. This will work only if the exact version of the referenced MIG/MAG exists in the importing system. If not, the import will throw an error. + + - *Update to the latest version* when there is a higher version of the MIG/MAG in the importing system and you want to update your MIG/MAG references to that version. However, if there is no corresponding MIG/MAG available in the system, an error will be thrown. + - *Skip* to skip importing MIG/MAG references of your agreements. To know how to export and import MIGs/MAGs seperately, see [Import and Export](https://help.sap.com/docs/cloud-integration/sap-cloud-integration/import-and-export?version=Cloud). diff --git a/docs/ISuite/50-Development/import-function-library-from-es-repository-d6e7585.md b/docs/ISuite/50-Development/import-function-library-from-es-repository-d6e7585.md index ddfd11f8..e6936ede 100644 --- a/docs/ISuite/50-Development/import-function-library-from-es-repository-d6e7585.md +++ b/docs/ISuite/50-Development/import-function-library-from-es-repository-d6e7585.md @@ -21,13 +21,11 @@ There are certain limitations while importing and consuming the function library object: -- Function library object with user-defined functions of ExecutionType**ALL\_VALUES\_OF\_QUEUE** is not supported. - -- Function library object that has references to imported archives is not supported. - - The combination of the attributes `category` and `title` in a function library's method must be unique. No two methods within a function library class can have the same combination. -- An imported function library object can be consumed in integration flows via message mapping flow steps and message mapping artifacts. For other artifacts like REST API or OData service, you can consume only via message mapping artifacts; not via message mapping flow steps. +- An imported function library object can be consumed in integration flows via message-mapping flow steps and message mapping artifacts. For other artifacts like REST API or OData service, you can consume only via message mapping artifacts; not via message-mapping flow steps. + +- You must maintain a function library object that contains custom Java code for any underlying Java version changes or platform dependencies changes. @@ -48,7 +46,7 @@ There are certain limitations while importing and consuming the function library 5. Choose a function library object of your choice and choose *Select*. - The selected function library object gets imported to resource pane. + The selected function library object gets imported to the resource pane. 6. Choose the imported object. @@ -56,4 +54,8 @@ There are certain limitations while importing and consuming the function library 7. Make necessary changes to the java class as per your requirement and choose *Save*. + For example, if you want to change the execution type, find the `executionType` key and change its value. The supported values for execution type are: `SINGLE_VALUE`, `ALL_VALUES_OF_QUEUE`, and `ALL_VALUES_OF_CONTEXT`. + +8. Deploy the Function Libraries artifact before consumption. + diff --git a/docs/ISuite/50-Development/initial-setup-12ad448.md b/docs/ISuite/50-Development/initial-setup-12ad448.md new file mode 100644 index 00000000..caa14ffe --- /dev/null +++ b/docs/ISuite/50-Development/initial-setup-12ad448.md @@ -0,0 +1,142 @@ + + +# Initial Setup + +As a Subaccount or Tenant Administrator, you need to add Graph as a capability of API Management within SAP Integration Suite. + + + + + +## Prerequisites + +1. Your SAP BTP Global Account administrator has already created a subaccount. For more information, see [Create a Subaccount.](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/05280a123d3044ae97457a25b3013918.html) + +2. An SAP Integration Suite entitlement has been created for your subaccount. For more information, see [Configure Entitlements](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/37f8871865114f44aebee3db6ac64b72.html). + +3. You have subscribed to the SAP Integration Suite and assigned the *Integration\_Provisioner* role collection to yourself. You must assign this role to add capabilities, such as API Management and Graph, on the Integration Suite home page. + + For more information, see [Set Up API Management from Integration Suite](https://developers.sap.com/tutorials/api-mgmt-isuite-initial-setup.html#0bc64de0-ed01-4d11-a675-6dd6942f909e)\(Steps 1–3\). + +4. You have activated Graph on the Integration Suite home page and assigned yourself to the following Graph role collection: + + - *Graph.KeyUser* + + When you assign yourself to this role collection, you are automatically assigned to the following roles: + + - *Graph\_Key\_User* + + - *Graph\_Navigator\_Viewer* + + + + + + + + +## 1. Configure Entitlement for Graph + +Your global account administrator is responsible for configuring the Graph entitlement as follows: + +1. Go to *Entitlements* in the SAP BTP cockpit. + +2. Choose *Configure Entitlements* \> *Add Service Plans*. + +3. Search for and choose *SAP Graph* and do the following: + + 1. Choose one or more of the following plans: + + - *api* for business data graph consumption + + - *configuration* to configure business data graphs using the Graph Configuration API. + + + 2. Choose *Add Service Plan*. + + 3. Choose *Save*. + + + + + + + +## 2. Configure Graph + +1. Go to the *Integration Suite* home page, and under *Capabilities*, choose *Add Capabilities*. +2. On the *Activate Capabilities* dialog, under *Select Capabilities*, choose *Design, Develop, and Manage APIs* and choose *Next*. +3. To activate *Graph*, select the following, and choose *Next*: + + 1. *Enable SAP API Business Hub Enterprise* + + 2. *Graph* + + > ### Note: + > If you have already set up API Management, choose *Edit*, and select *Graph*. You must select *SAP API Business Hub Enterprise* to activate *Graph*. + +4. Choose *Activate* and once the status on the *Summary* changes from *In Progress* to *Active*, choose *OK*. + + + + + +## 3. Define Users for Graph + +Graph doesn't manage user identities and it can't directly authenticate clients. Instead, it relies on XSUAA, the SAP Authorization and Trust Management Service. + +There are two ways to define users: + +- Add users, one-by-one, for the purpose of bootstraps, demos, and proofs of concepts \(PoCs\) to the SAP BTP subaccount \(for example, via the SAP BTP cockpit\). + +- Use your own user base and Identity Provider \(IdP\). For this, you must establish a trust relationship with a SAML 2.0 IdP in your subaccount. + + For more information, see [Trust and Federation with Identity Providers](https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/cb1bc8f1bd5c482e891063960d7acd78.html). + + +Once you enable Graph, you see both Graph role collections in your list. + + + +### Enable Graph Users + +- Graph Key User + + The creation and activation of business data graphs is managed by a user with a special role, the *Graph\_Key\_User* authorization role. You must assign this role to one or more users so that they can create and activate business data graphs for a landscape. + + To assign the *Graph.KeyUser* role collection to a user, do the following: + + 1. In the SAP BTP cockpit, go to *Security* \> *Users*. + + 2. Select the relevant user. Under *Role Collections*, choose *Assign Role Collection*. + + 3. Search for *Graph.KeyUser*, select the role collection, and choose *Assign Role Collection*. + + 4. To apply the role, go back to the Integration Suite home page. + + +- Graph Navigator Viewer + + Graph Navigator is a tool in SAP API business hub enterprise that developers use to inspect business data graphs. For more information, see [Graph Navigator in SAP API Business Hub Enterprise](graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md). + + To assign the *GraphNavigator.Viewer* role collection to a user with the *Graph\_Navigator\_Viewer* role, do the following: + + 1. In the SAP BTP cockpit, go to *Security* \> *Users*. + + 2. Select the relevant user. Under *Role Collections*, choose *Assign Role Collection*. + + 3. Search for *GraphNavigator.Viewer*, select the role collection, and choose *Assign Role Collection*. + + 4. To apply the role, go back to the Integration Suite home page. + + + +> ### Note: +> Reselect your subaccount to access *Users* after assigning the role collection. + +For more information, see: + +- [Define a Role Collection](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/4b20383efab341f181becf0a947a5498.html) +- [Add Roles to a Role Collection](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/e3130fb95aa64970b07d4dc65b24df1a.html) +- [Assign Users to Role Collections](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/c5766765bda74ad59fe656977c8fa4d6.html) + diff --git a/docs/ISuite/50-Development/inject-mapping-artifacts-to-sap-cloud-integration-47ad97e.md b/docs/ISuite/50-Development/inject-mapping-artifacts-to-sap-cloud-integration-47ad97e.md index 53044a40..c090e9a4 100644 --- a/docs/ISuite/50-Development/inject-mapping-artifacts-to-sap-cloud-integration-47ad97e.md +++ b/docs/ISuite/50-Development/inject-mapping-artifacts-to-sap-cloud-integration-47ad97e.md @@ -129,7 +129,7 @@ You need to maintain the SAP Cloud Integration tenant details into which you nee > > For information on creating OAuuth client credentials for Neo environment, see: [Creating OAuth Client Credentials for Neo Environment](https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/040d8110293d44b1bfaa75674530d395.html "The API is protected by basic authentication and OAuth.") :arrow_upper_right: > - > For information on creating OAuth client credentials for Cloud Foundry, see: [Creating OAuth Client Credentials for Cloud Foundry Environment](https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/50b63c69028643b18016d6795003392d.html "You can create OAuth client credentials to access your SAP Cloud Integration tenant hosted on the Cloud Foundry environment.") :arrow_upper_right:. + > For information on creating OAuth client credentials for Cloud Foundry, see: [Creating OAuth Client Credentials for Cloud Foundry Environment](creating-oauth-client-credentials-for-cloud-foundry-environment-50b63c6.md). diff --git a/docs/ISuite/50-Development/inspect-data-store-usage-fcc08f6.md b/docs/ISuite/50-Development/inspect-data-store-usage-fcc08f6.md index f6b8a299..c478f14c 100644 --- a/docs/ISuite/50-Development/inspect-data-store-usage-fcc08f6.md +++ b/docs/ISuite/50-Development/inspect-data-store-usage-fcc08f6.md @@ -23,7 +23,7 @@ The database usage is plotted in a bar graph against time. > ### Note: > The *Time* filter element allows you to select the time interval \(options: *Past Day*, *Past Week*, *Past Month*, or *Custom*\). > -> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components: a calendar element and a circular watch element. To select the date, interact with the calendar element and choose a specific day. To select the time, manipulate two separate circles on the watch element to set the desired hour ante meridiem \(am\) and post meridiem \(pm\), respectively. You can select valid dates only; selection of dates in the future is disabled. +> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components. You can select valid dates only; selection of dates in the future is disabled. > > You can select dates up to 30 days in the past. diff --git a/docs/ISuite/50-Development/inspect-database-connection-usage-567eb42.md b/docs/ISuite/50-Development/inspect-database-connection-usage-567eb42.md index dc6fbcb3..8a3ba177 100644 --- a/docs/ISuite/50-Development/inspect-database-connection-usage-567eb42.md +++ b/docs/ISuite/50-Development/inspect-database-connection-usage-567eb42.md @@ -16,7 +16,7 @@ You can change the displayed time period be selecting a different option in the > ### Note: > The *Time* filter element allows you to select the time interval \(options: *Past Day*, *Past Week*, *Past Month*, or *Custom*\). > -> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components: a calendar element and a circular watch element. To select the date, interact with the calendar element and choose a specific day. To select the time, manipulate two separate circles on the watch element to set the desired hour ante meridiem \(am\) and post meridiem \(pm\), respectively. You can select valid dates only; selection of dates in the future is disabled. +> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components. You can select valid dates only; selection of dates in the future is disabled. > > You can select dates up to 30 days in the past. diff --git a/docs/ISuite/50-Development/inspect-database-transaction-usage-6736a37.md b/docs/ISuite/50-Development/inspect-database-transaction-usage-6736a37.md index 89704b77..87581124 100644 --- a/docs/ISuite/50-Development/inspect-database-transaction-usage-6736a37.md +++ b/docs/ISuite/50-Development/inspect-database-transaction-usage-6736a37.md @@ -9,7 +9,7 @@ There are no hard limits for the number and duration of database transactions. H > ### Note: > The *Time* filter element allows you to select the time interval \(options: *Past Day*, *Past Week*, *Past Month*, or *Custom*\). > -> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components: a calendar element and a circular watch element. To select the date, interact with the calendar element and choose a specific day. To select the time, manipulate two separate circles on the watch element to set the desired hour ante meridiem \(am\) and post meridiem \(pm\), respectively. You can select valid dates only; selection of dates in the future is disabled. +> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components. You can select valid dates only; selection of dates in the future is disabled. > > You can select dates up to 30 days in the past. diff --git a/docs/ISuite/50-Development/inspect-monitoring-storage-usage-216dc43.md b/docs/ISuite/50-Development/inspect-monitoring-storage-usage-216dc43.md index 517fc965..68383d58 100644 --- a/docs/ISuite/50-Development/inspect-monitoring-storage-usage-216dc43.md +++ b/docs/ISuite/50-Development/inspect-monitoring-storage-usage-216dc43.md @@ -9,7 +9,7 @@ At runtime, monitoring data is written to a database. For each integration flow > ### Note: > The *Time* filter element allows you to select the time interval \(options: *Past Day*, *Past Week*, *Past Month*, or *Custom*\). > -> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components: a calendar element and a circular watch element. To select the date, interact with the calendar element and choose a specific day. To select the time, manipulate two separate circles on the watch element to set the desired hour ante meridiem \(am\) and post meridiem \(pm\), respectively. You can select valid dates only; selection of dates in the future is disabled. +> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components. You can select valid dates only; selection of dates in the future is disabled. > > You can select dates up to 30 days in the past. diff --git a/docs/ISuite/50-Development/inspect-system-memory-usage-e9617dd.md b/docs/ISuite/50-Development/inspect-system-memory-usage-e9617dd.md index 73e68aee..4b4e4334 100644 --- a/docs/ISuite/50-Development/inspect-system-memory-usage-e9617dd.md +++ b/docs/ISuite/50-Development/inspect-system-memory-usage-e9617dd.md @@ -20,7 +20,7 @@ Messages processed by integration flows at runtime consume system memory. > ### Note: > The *Time* filter element allows you to select the time interval \(options: *Past Day*, *Past Week*, *Past Month*, or *Custom*\). > -> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components: a calendar element and a circular watch element. To select the date, interact with the calendar element and choose a specific day. To select the time, manipulate two separate circles on the watch element to set the desired hour ante meridiem \(am\) and post meridiem \(pm\), respectively. You can select valid dates only; selection of dates in the future is disabled. +> When you've selected the option *Custom* for the *Time* filter, you can select date and time with a graphical element with two components. You can select valid dates only; selection of dates in the future is disabled. > > You can select dates up to 30 days in the past. diff --git a/docs/ISuite/50-Development/interchange-processing-flow-v2-cd26ea5.md b/docs/ISuite/50-Development/interchange-processing-flow-v2-cd26ea5.md index 005b918b..8966c185 100644 --- a/docs/ISuite/50-Development/interchange-processing-flow-v2-cd26ea5.md +++ b/docs/ISuite/50-Development/interchange-processing-flow-v2-cd26ea5.md @@ -122,7 +122,11 @@ Follow the procedure below to configure the integration flow: -   + JMS-Receiver-Q + + If you want to use dead letter queue to collect messages that failed after retries, select the drop-down button in this field and choose *Step2-DeadLetterQueue*. + + To enable the dead letter queue for this integration flow, you need to make changes to the retry configuration. To know more, see [Configuration Manager](configuration-manager-7daf06c.md) . @@ -156,7 +160,9 @@ Follow the procedure below to configure the integration flow: - OUTBOUND\_Q + *OUTBOUND\_Q* is the standard value. + + The value **COM\_PROCESSING\_OUTBOUND\_DEAD\_LETTER\_Q** is displayed if you chose dead letter queue for the *Receiver* field. diff --git a/docs/ISuite/50-Development/json-threat-protection-c4991a6.md b/docs/ISuite/50-Development/json-threat-protection-c4991a6.md index deb0f41d..eb20a210 100644 --- a/docs/ISuite/50-Development/json-threat-protection-c4991a6.md +++ b/docs/ISuite/50-Development/json-threat-protection-c4991a6.md @@ -130,3 +130,5 @@ Maximum size allowed for a JSON payload in KB. The maximum value is 10 MB. [Authorization](authorization-6658409.md "This policy evaluates whether a user should be permitted to access a protected API.") +[API Validation](api-validation-02ff41b.md "The API validation policy enables you to validate incoming request messages against an OpenAPI 3.0 Specification.") + diff --git a/docs/ISuite/50-Development/key-components-of-an-api-19c0654.md b/docs/ISuite/50-Development/key-components-of-an-api-19c0654.md index ba9934e1..a23f09f7 100644 --- a/docs/ISuite/50-Development/key-components-of-an-api-19c0654.md +++ b/docs/ISuite/50-Development/key-components-of-an-api-19c0654.md @@ -111,5 +111,7 @@ Describes each API resource in a simple and concise manner. [Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the Integration Suite, or by using the embedded API designer.") + [Additional Configurations](additional-configurations-de7285c.md " ") diff --git a/docs/ISuite/50-Development/manage-business-data-graphs-using-graph-configuration-api-655bf12.md b/docs/ISuite/50-Development/manage-business-data-graphs-using-graph-configuration-api-655bf12.md new file mode 100644 index 00000000..f0093f49 --- /dev/null +++ b/docs/ISuite/50-Development/manage-business-data-graphs-using-graph-configuration-api-655bf12.md @@ -0,0 +1,11 @@ + + +# Manage Business Data Graphs using Graph Configuration API + +As a Graph Key User, you can create a new business data graph using the Graph Configuration API. + +The Graph Configuration API simplifies the process of managing your business data graphs automatically. Whether you need to create, update, or delete business data graphs, this API provides an automated option to achieve these tasks. + +> ### Note: +> The Graph Configuration API is currently limited to managing business data graphs. Managing extensions is not supported. Its primary focus is to enable a seamless integration of business data graph management with your existing CI/CD pipelines. + diff --git a/docs/ISuite/50-Development/message-locks-bce9ae0.md b/docs/ISuite/50-Development/message-locks-bce9ae0.md index e00b38b2..9281f6c5 100644 --- a/docs/ISuite/50-Development/message-locks-bce9ae0.md +++ b/docs/ISuite/50-Development/message-locks-bce9ae0.md @@ -13,7 +13,7 @@ This section allows you to display and manage lock entries that are created \(in > > To prevent double processing, a lock entry is written to the in-progress repository each time a file is processed by a runtime node. As long as this lock entry exists, no other component can access the file. After message processing, the lock is removed by the runtime. -In certain situations \(for example, a runtime node crashes because of an out-of-memory error\), the message is retried after the node is restarted until the expiration time is reached. In this case, lock entries could remain in the in-progress repository and block subsequent message processing. You can't use the *Manage Locks* view to analyze the situation and manually delete lock entries, if necessary, to reprocess the message. +In certain situations \(for example, a runtime node crashes because of an out-of-memory error\), the message is retried after the node is restarted until the expiration time is reached. In this case, lock entries could remain in the in-progress repository and block subsequent message processing. You can use the *Manage Locks* view to analyze the situation and manually delete lock entries, if necessary, to reprocess the message. If you choose the *Message Locks* tile under *Manage Locks* tile in the *Monitor* application, a list of locks is displayed. Be aware that only the most recent 500 lock entries are displayed. diff --git a/docs/ISuite/50-Development/metadata-c90a80c.md b/docs/ISuite/50-Development/metadata-c90a80c.md new file mode 100644 index 00000000..ba74209b --- /dev/null +++ b/docs/ISuite/50-Development/metadata-c90a80c.md @@ -0,0 +1,156 @@ + + +# Metadata + +Due to the OData protocol being self-documented, developers can ensure that their application is compatible with the specific business data graphs that they are accessing. + +This is possible by programmatically reviewing the detailed metadata available to them at runtime as follows: + + + + + + + + + + + + + + + + + + + + + + + +
+ +Metadata API + + + +URL to Use + +
+ +The list of business data graphs in the landscape + + + +`https://.a.integration.cloud.sap/graph/api` + +Example: `https:// is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api` + +
+ +The list of all services \(namespaces\) + + + +`https://.a.integration.cloud.sap/graph/api/` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1` + +
+ +The list of entities in a specific business data graph + + + +`https://.a.integration.cloud.sap/graph/api//` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.s4` + +
+ +The OData EDMX metadata of a service \(namespace\) + + + +`https://.a.integration.cloud.sap/graph/api///$metadata` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.s4/$metadata` + +
+ + + + + + + + + + + + + + + + + + + + + + + +
+ +Catalog API + + + +URL to use + +
+ +The list of business data graphs in the landscape + + + +`https://.a.integration.cloud.sap/graph/catalog` + +`` + +Example:`https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/catalog` + +
+ +The list of all services \(namespaces\) + + + +`https://.a.integration.cloud.sap/graph/catalog/` + +`` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/catalog/v1` + +
+ +The list of entities in a specific business data graph + + + +`https://.a.integration.cloud.sap/graph/catalog//` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/catalog/v1/sap.s4` + +
+ +The OpenAPI metadata of one entity + + + +`https://.a.integration.cloud.sap/graph/catalog///` + +Example: `https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/catalog/v1/sap.s4/A_BusinessPartner` + +
+ diff --git a/docs/ISuite/50-Development/migrate-templates-agreements-ad58414.md b/docs/ISuite/50-Development/migrate-templates-agreements-ad58414.md new file mode 100644 index 00000000..b00b58de --- /dev/null +++ b/docs/ISuite/50-Development/migrate-templates-agreements-ad58414.md @@ -0,0 +1,31 @@ + + +# Migrate Templates/Agreements + +Migrate a group of outdated agreements and templates. + + + +## Context + +If you want to update a group of agreements or templates together, follow the procedure below. + + + +## Procedure + +1. Login to your application. + +2. Navigate to *Design* \> *B2B Scenarios* from the left pane. + +3. Choose the *Cross Actions* tab and select *Migrate Agreements/Templates*. + +4. In the resulting dialog, enter a name for the action in the *Action Name* field. + +5. Provide a description for the action in the *Description* field. + +6. The section *Select Outdated Objects* display the list of agreements and templates that are outdated. The checkbox next to the number of agreements and templates are selected by default. + +7. Choose *Migrate*. + + diff --git a/docs/ISuite/50-Development/mirrored-entities-720a1d8.md b/docs/ISuite/50-Development/mirrored-entities-720a1d8.md new file mode 100644 index 00000000..d429636b --- /dev/null +++ b/docs/ISuite/50-Development/mirrored-entities-720a1d8.md @@ -0,0 +1,86 @@ + + +# Mirrored Entities + +Developers familiar with existing SAP product data models can continue to consume the resources of these models with Graph. Rather than accessing them separately via different system APIs, they’re accessed from the business data graph, using the Graph API. The mirrored entities of supported SAP data sources are added to the data graph under a reserved SAP namespace. Entities from unsupported data sources are mirrored under custom namespaces. + +The following SAP system-specific namespaces are supported: + + + + + + + + + + + + + + + + + + + +
+ +Namespace + + + +Description + +
+ +`sap.s4` + + + +Mirrored entities from the data model of SAP S/4HANA. + +
+ +`sap.c4c` + + + +Mirrored entities from the data model of SAP Sales Cloud, which is part of SAP CX's suite of products. + +
+ +`sap.hcm` + + + +Mirrored entities from the data model of SAP Human Capital Management \(HCM, also known as SAP SuccessFactors\). + +
+ +When referencing a mirrored entity, the namespace is simply prepended. For example: `sap.s4/A_SalesOrder` references sales order information from an SAP S/4HANA data source, and `sap.hcm/PerPerson` references person information from an SAP SuccessFactors data source. + +![](../images/Mirrored_Entities_9bba72e.png) + +Developers can easily combine all these resources in one application, focusing on the data, without having to know where the specific data sources are located or how to connect to them. + + + + + +## Additional Connections + +In addition to consolidating the different system models, Graph introduces hundreds of additional connections between related entities in the business data graph, in the form of associations that are recognized by OData or GraphQL. A common example is the relation from an order item to an ordered product: + +![](../images/Additional_Connections_4f17ccb.png) + +The additional connections are usually named by prefixing an underscore to the name of an attribute of type `String`, which represents the reference value. In the illustrated example, the original attribute `Material` is a string that represents a foreign key, and `_Material` is a relation. + +Such relationships improve the semantic intent of the business data graph and lead to simpler, more intuitive, and more efficient navigational queries. For example, a developer could follow the illustrated relationships to access `sap.s4/A_SalesOrder(15)/to_Item(10)/_Material/Brand` in a single OData query, answering the question: *show the brand of the product ordered in item 10 of the sales order with key 15*. + +Similarly, the business data graph represents hierarchical entities as compositions, which clearly expose the structural boundaries of the model, simplifying the interaction and reducing developer errors. An example of a composition is a book with chapters – you need to access the book to read the chapters. In the diagram, the relationship between `A_SalesOrder` and `A_SalesOrderItem` is modeled as a composition via `to_Item`, ensuring that developers always access a sales order item by going through the root of the composition \(the root entity\). + +To complete the consolidation of the system models, Graph introduces hundreds of additional connections between related root entities in the business data graph, in the form of associations that are recognized by OData or GraphQL. A common example is the relationship from an order item to an ordered product. + +Using a more traditional API, this small example would have required at least three different round-trip API calls, plus the necessary expertise to develop the business logic to extract the keys to match the requirements of the different entity instances. + diff --git a/docs/ISuite/50-Development/model-31f8c54.md b/docs/ISuite/50-Development/model-31f8c54.md new file mode 100644 index 00000000..b0f0b0d7 --- /dev/null +++ b/docs/ISuite/50-Development/model-31f8c54.md @@ -0,0 +1,24 @@ + + +# Model + +It is common knowledge that data-driven software should be modeled on its underlying business processes. + +Methodologies such as Domain-Driven Design are particularly relevant for complex data sets from diverse data sources. Data is arranged as related entities \(representing real-life business objects\) in data domains and connected through relationships \(called associations\) into logical data graphs. It is the ability to describe highly interconnected relationships that make data graphs the basis for modeling high-quality linked and coherent data that structurally represents business processes. In turn, graph-based APIs and protocols represent a growing trend in modern application development. + +![](images/Modeling_Intro_2b906e7.png) + +New business projects start with capturing the essential objects of a business domain in the form of a modeled data graph. The model serves both as the basis for persistence deployed as tables to databases and for the automatic service \(API\) definitions. [SAP Cloud Application Programming Model \(CAP\)](https://cap.cloud.sap/docs/guides/domain-models) and associated methodologies are an excellent starting point for the development of complex systems, "side-car" extensions, microservices, and other data sources. + +But not everything can be modeled from scratch. Companies already use a variety of existing, multivendor business solutions services, on premise and cloud, each with their own data model and APIs. Landscapes are often a diverse collection of loosely coupled applications, systems, microservices, and other data sources, with different and inconsistent dialects, data concepts, APIs, and protocols. Developers have a hard time dealing with this complex diversity. Enterprise IT must track the dependency of client applications on the different APIs, widening the challenge to maintain and manage the lifecycle of the incongruent data models and APIs. + +Traditional API management and API mediation solutions try to address some of these challenges, providing a developer portal and supporting relatively simple syntactic transformations, such as modifying HTTP headers, converting an XML payload to JSON, renaming APIs, or providing traffic management and abuse protection. But they do not address the more fundamental, semantic challenges faced by developers. + +Graph, as a capability of SAP Integration Suite and API Management, is a next generation, semantic API mediation solution. + +Out of the box, Graph provides a complete, semantic data graph spanning all major SAP systems, representing these systems as one single curated and connected data model, with a single API, a single authentication and access method, and a single protocol endpoint. + +This SAP data graph is the foundation of an even broader semantic data graph of a customer's entire business landscape. Graph offers customers the methods, practices, and tools to expand the out-of-box data graph with additional custom entities and compositions, which can be seamlessly connect to the data graph, and consumed by developers in the same way. + +Enterprises can use Graph to create and access their own, unique, enterprise data graph: a connected graph of all their business data. + diff --git a/docs/ISuite/50-Development/modeling-example-b8ab0c4.md b/docs/ISuite/50-Development/modeling-example-b8ab0c4.md new file mode 100644 index 00000000..b51b4884 --- /dev/null +++ b/docs/ISuite/50-Development/modeling-example-b8ab0c4.md @@ -0,0 +1,117 @@ + + +# Modeling Example + +An example of a custom entity. + +Custom entities are designed as a projection on the attributes of one or more existing entities, achieving benefits of simplification and consistency. This example illustrates the following: A data model of a school, with subjects, teachers, and classrooms. The example model has one API with three entities, describing the syllabus of the school, with the concept of a class: a combination of a subject and a teacher, taking place in a classroom. A second API, developed as a separate sidecar microservice, provides location information about the different classrooms. Both APIs are implemented with an underlying database persistence: + +![](images/Modeling_Example_1_683b7f3.png) + +You can see how the two data sources are highly normalized, reflecting how the data is physically stored in two databases. But, while a highly normalized representation is usually the most efficient in storage, it's an inconvenient design for consumers of this data. + +Imagine, as an app developer, you're asked to develop an application that lists the locations, teacher, and subject names of all classes, or perhaps prints a schedule of all of the classes taught by Joan Miller. You would have to access two different APIs, each with a different authentication. Then, write a loop for each class to perform as many as four different cross-API queries, with different protocol dialects, in order to collect all the required information for your app. + + + + + +## Creating New Custom Entities + +Our goal is to simplify the model by creating two custom entities, based on the *mirrored data sources* under their custom namespace. Custom namespaces are established when configuring the business data graphs that reference these data sources: + +![](images/Modeling_Example_2_e3aad43.png) + +Even before we introduce custom entities, the inclusion of the data sources in the business data graph already allows the data to be accessed from one uniform API. For instance, to get a list of teachers called *Joan*, the following query could be called: + +``` +GET https://.a.integration.cloud.sap/graph/api/v1/school/teacher?$filter=startswith(name,'Joan') +``` + +As a data modeler or data architect, you want to redesign the model to make it much simpler for developers to query the data, and to avoid loops and multiple roundtrips. You can achieve this by *denormalizing* the class and classroom data \(`subject`, `teacher`, `location`\), and then by connecting the entities of the new model. You want to end up with a design that looks like this: + +![](images/Modeling_Example_3_213d452.png) + +The entity `my.new.Class` is now self-contained, and includes all of the information that is relevant to most queries. There are also links to and from `my.new.Teacher`, allowing developers to easily navigate the model. Creating a list of all classes or listing Joan's classes is now done easily using single queries. + +Setting up the new model requires the creation of two custom entities: + + + +### `Class` + +``` +1 { +2 "label": "Class information", +3 "entity": "my.new.class", +4 "version": "1.0.0", +5 +6 "sourceEntities": [ +7 { "name": "school.class" }, +8 { "name": "school.subject", "join": ["subjectID", "subjectID"] }, +9 { "name": "school.Room", "join": ["room", "RoomNR"] } +10 ], +11 +12 "attributes": [ +13 { "name": "id", "type": "String","key": true, "transform": "keyConcat", "source": ["subjectID", "teacher"] }, +14 { "name": "subject", "sourceEntity": "school.subject", "annotations": { "description": "what they teach" } }, +15 { "name": "teacher", "source": ["tname"], "sourceEntity": "school.teacher" }, +16 { "name": "location.room", "type": "String", "source": "RoomName", "sourceEntity": "school.Room" }, +17 { "name": "location.building", "source": ["Building"], "sourceEntity": "school.Room" }, +18 { "name": "location.floor", "type": "String", "source": ["Floor"], "sourceEntity": "school.Room" }, +19 { "name": "_teacher", "type": "Association", "associationTarget": "my.new.Teacher" }, +20 { "name": "_teacher.id", "source": ["teacher"] } +21 ] +22 } +``` + + + +### `Teacher` + +``` +23 { +24 "label": "Teacher information", +25 "entity": "my.new.Teacher", +26 "version": "1.0.1", // patch level 1 +27 "annotations": { "description": "An example of how to create a nice-to-use model of a \"teacher\"" } +28 +29 "sourceEntities": [ +30 { "name": "school.teacher" } +31 ], +32 +33 "attributes": [ +34 { "name": "id", "type": "String", "key": true, "source": ["teacherID"], "annotations": {"readonly": true} }, +35 { "name": "displayId", "type": "String", "source": "teacherID" }, +36 { "name": "name", "type": "String", "source": ["tname"] }, +37 { "name": "_classes[]", "type": "Assocation", "associatonTarget": "my.new.Class", "on": "_teacher" } +38 ] +39 } + + +``` + +There's a lot going on here. Let's start from the second custom entity, `Teacher`. + +Lines 23 and 39 enclose the custom projection object, whose full name is `my.new.Teacher`, the entity `Teacher` in the namespace `my.new` \(line 25\). By convention, entity names are singular and capitalized, while namespace names are all lower-case. + +Line 26 defines the version of this custom entity. By convention, the first version is `1.0.0`. Here, we've upgraded to the first patch, so the version is `1.0.1`. + +![](images/Modeling_Example_4_bd6d332.png) + +Lines 29–31 define the list of data sources that are used to define this new custom entity. Most custom entities are a projection on just one source entity. The source entity name is that of one of the mirrored entities. Here, the mirrored source entity is `school.teacher`, the teacher entity within the school namespace. + +Lines 34–37 define the four attributes of our new `Teacher`. The first and second attributes are common attributes, both based on the same source attribute, `teacherID`. Observe that the default `integer` type is overwritten with the `String` type. And since the same source attribute is used to populate two different attributes, the `id` is defined as `readonly`. The `id`, `displayID`, and `name` are of the type `String`, without a maximal length. This overrides the default of inheriting the type of the attribute in the source system \(Integer and String\(70\) respectively\). + +Pay special attention to line 37, where an association-to-many is defined, by listing the backlink, `_teacher in my.new.Class`. + +Now, to the `Class` entity. This entity is composed of attributes coming from three different source entities. The relationship between these source entities is described in lines 6–9. + +There are three data source entities, and `Class` is a composed projection, hiding the data sources from the consumer of the Graph API. The first and default source entity is `school.class`. Other source entities are defined in relation to its source attributes: `subjectID` and `room`, respectively. + +The `school.class` entity has a composite key, in which only the combination of its two key attributes creates a unique value. Line 13 shows the use of the `keyConcat` transform to turn these into a single key, called `id`. Observe how most of the other attributes \(lines 14–18\) use source attributes from the other source entities, and they have to declare the source entity explicitly, using the `sourceEntity` property. + +Line 14 is an example of an attribute whose name is the same as the source attribute \(subject\). It also shows how to provide a description for the attribute. + +Finally, line 19 shows an association-to-many, with a single key reference, on line 20. + diff --git a/docs/ISuite/50-Development/modeling-guide-5e0bb49.md b/docs/ISuite/50-Development/modeling-guide-5e0bb49.md new file mode 100644 index 00000000..02830b8e --- /dev/null +++ b/docs/ISuite/50-Development/modeling-guide-5e0bb49.md @@ -0,0 +1,178 @@ + + +# Modeling Guide + +SAP employs a set of best-practice modeling guidelines, known as the SAP One Domain Model guidelines. These guidelines are for the data models of new SAP applications, and are used in this guide as recommendations for creating custom entities. + + + + + +## Modeling Principles and Design Guidelines + + + + + +## Elements of a Model + + + +### Terminology + + + + + + + + + + + + + + + +
+ +Term + + + +Definition + +
+ +Entity + + + +The structural design of the entity, the entity type. + +It also refers to the data values, the entity instances. + +
+ +Attribute + + + +The design of the attribute or the value of a specific attribute instance. + +
+ +A data model consists of connected entities, which represent the business objects of the real world. + +The detailed properties \(fields\) of an entity are called *attributes*. Entity instances must be uniquely addressable, via the use of key attributes. As a best practice, new custom entities only have one key attribute. Existing \(mirrored\) entities may have a composite key, consisting of several separate attributes. + +Structurally, most attributes are simple \(primitive\) types, but can also be: + +- A nested array of primitive types + +- A structured type or a nested array of a structured type + + +A nested array of structured type is called a *Composition* \(a composition of many\) if the items can be uniquely identified within the array via the use of key attributes. Compositions represent a relationship of whole parts. They are composed of one root-entity and one or more subentities. The top-level entity containing a composition is the root-entity, and contained entity-arrays are called *subentities* or *component entities*. For example, a `Book` entity has a title \(a primitive attribute of type `String`\) and chapters, a nested subentity with its own title, description, page count, and so forth. Subentities can have further nested subentity compositions. + +Semantically related attributes can be grouped together under a single name. For example, a book's ISBN and CIP codes are part of `publisher` data. This grouping is called *structured type*, rather than a *composition of one*. + +The structure of an entity is easily represented as a pseudo JSON structure, for example: + +![](images/Elements_of_Modeling_4eb2b4b.png) + + + + + + + + + + + +
+ +Entity Type Structure + + + +Entity Instance + +
+ +``` +Book: { + key id: String, + title: String, + publisher: { // structured type + ISDN: String, + CIP: String + } + chapters: [ // Composition + { + key id: String, + title: String, + pageCount: Integer + } + ] +} + +``` + + + + + +``` +Book: +{ + id: "5", + title: "Harry Potter", + publisher: { + ISDN: "123abc", + CIP: "aGh2" + } + chapters: [ + { id: "01", title: "chapter 1", pageCount: 12 } + { id: "02", title: "chapter 2", pageCount: 14 } + ] +} + +``` + + + +
+ +Entities are connected to each other through attributes known as *Associations*. An association is a reference to another entity, known as the target of the association. Unlike compositions, associations always target another independent entity. There are two types of associations: + +- Association to one: a link to one specific target entity instance + +- Association to many: a link to an array \(zero or more\) of target entities + + +Developers use associations to naturally navigate the data graph. + + + + + +## Custom Entities + +Custom entities are designed as a projection on the attributes of one or more existing entities. The following example describes a database model of a school, with subjects, teachers, and classrooms. The example model has one API with three entities, describing the syllabus of the school, with the concept of a class: a combination of subject and teacher, taking place in a classroom. A second API, that is developed as a separate sidecar microservice, provides location information about the different classrooms. Both APIs are implemented with an underlying data persistence: + +![](images/Modeling_Example_1_683b7f3.png) + +You can see how the two data sources are highly normalized, reflecting how the data is physically stored in two databases. But, while a highly normalized representation is usually the most efficient in storage, it's a deeply inconvenient design for consumers of this data. + +Imagine that, as an app developer, you're asked to develop an application that provides a list of the locations, teacher, and subject names of all classes, or, perhaps, print a schedule of all classes taught by Joan Miller. You would have to access two different APIs, each with a different authentication, and then write a loop for each class to perform as many as four different cross-API queries \(with different protocol dialects\), in order to collect all the required information into your app. + +While this example looks simplistic, it is representative of many bottom-up designed REST APIs. + +As data modelers or data architects, you want to redesign the model to make it easier for developers to query the data, and to avoid loops and multiple round trips. You can achieve this by denormalizing the class and classroom data \(subject, teacher, location\), and then by connecting the entities of the new model. You might end up with an easier design that looks more like the following: + +![](images/Modeling_Example_3_213d452.png) + +The `my.new.Class` entity is now self-contained and includes all information that is relevant to most queries. Using the links to and from the `my.new.Teacher` entity, developers can easily navigate this simple model. Creating a list of all of the classes or listing Joan Miller's classes are now easy, single-step queries. + diff --git a/docs/ISuite/50-Development/modeling-reference-8790d64.md b/docs/ISuite/50-Development/modeling-reference-8790d64.md new file mode 100644 index 00000000..fe17bcbd --- /dev/null +++ b/docs/ISuite/50-Development/modeling-reference-8790d64.md @@ -0,0 +1,6 @@ + + +# Modeling Reference + +This reference provides information that data modelers need to create a model for their applications. + diff --git a/docs/ISuite/50-Development/modify-your-business-data-graph-0084c4d.md b/docs/ISuite/50-Development/modify-your-business-data-graph-0084c4d.md new file mode 100644 index 00000000..a75977ed --- /dev/null +++ b/docs/ISuite/50-Development/modify-your-business-data-graph-0084c4d.md @@ -0,0 +1,30 @@ + + +# Modify Your Business Data Graph + +When you edit your business data graph configuration, it overwrites the existing configuration. + + + + + +## Procedure + +1. Go to Integration Suite, *Design* \> *Graph* \> *Business Data Graphs*. + +2. Select the business data graph you want to modify and choose *Edit*. + +3. After you have modified the business data graph, choose *Apply Changes* to update the configuration file assigned to your business data graph. + + + + + + +## Results + +After applying your changes, the business data graph will be reprocessed. Choose *Show Logs* to check that the status of your business data graph is set from *Updating* to *Available* after successful reprocessing. + +> ### Note: +> If an error occurs, the log shows the status *Available \(Update failed\)*. This status indicates that your new changes are not applied, and Graph kept your previous business data graph configuration. + diff --git a/docs/ISuite/50-Development/monitor-650995c.md b/docs/ISuite/50-Development/monitor-650995c.md index 0b4f84b7..f0988dcf 100644 --- a/docs/ISuite/50-Development/monitor-650995c.md +++ b/docs/ISuite/50-Development/monitor-650995c.md @@ -6,8 +6,6 @@ Analyze the usage and performance of the artifacts available on the SAP Integrat The following tabs are available for each capability: -**** - @@ -23,7 +21,7 @@ Tab @@ -35,7 +33,7 @@ Cloud Integration + + + + + @@ -69,7 +84,7 @@ Trading Partner Management
-Document Link +Help Link
-Integrations +*Monitor* \> *Integrations and APIs* @@ -52,12 +50,29 @@ API Management -APIs +*Monitor* \> *Integrations and APIs* + + + +[Monitor APIs](monitor-apis-399b6c6.md) + +
+ +Event Mesh + + + +*Monitor* \> *Event Mesh* -[Analyze APIs](analyze-apis-7712c61.md) +[Monitor Event Mesh](monitor-event-mesh-d975934.md)
-B2B Messages +*Monitor* \> *B2B Scenarios* diff --git a/docs/ISuite/50-Development/monitor-event-mesh-d975934.md b/docs/ISuite/50-Development/monitor-event-mesh-d975934.md index 41dfea82..2eca8b56 100644 --- a/docs/ISuite/50-Development/monitor-event-mesh-d975934.md +++ b/docs/ISuite/50-Development/monitor-event-mesh-d975934.md @@ -2,3 +2,23 @@ # Monitor Event Mesh +Observe the usage of Event Mesh resources. + +The monitoring page gives an overview of the Event Mesh resources like spool size, queues, connection, and consumers. You also see the number of messages that are handled by the broker. + +Navigate to *Monitor* \> *Event Mesh*. + + + + + +### Message Rate + +The chart show the number of messages that were handled by the message broker over a period of time. Published messages \(ingress\) and consumed messages \(egress\) are differentiated using different colours. You can change the time of measure to understand the volume of messages handled by the message broker. + + + +### Resource Usage + +Observe the usage of the resources like spool size, queues, connection, and consumers with the help of easy-to-use cards. + diff --git a/docs/ISuite/50-Development/mutations-499950b.md b/docs/ISuite/50-Development/mutations-499950b.md new file mode 100644 index 00000000..f1854dd9 --- /dev/null +++ b/docs/ISuite/50-Development/mutations-499950b.md @@ -0,0 +1,146 @@ + + +# Mutations + +While queries focus on reading data from the API, mutations allow data to be modified by creating, updating, or deleting it. + +The schema for mutations looks like this: + +``` +mutation { + { + { + create ( + input: { + + ... + } + ) { + + ... + } + + delete ( + filter: [ + { + : { + : [] + } + }, + ... + ] + ) + + update ( + input: { + + ... + }, + filter: [ + { + : { + : [] + } + }, + ... + ] + ) { + + ... + } + } + } +} +``` + +`Create` mutations specify the entity body as the input argument of the create field. Additionally, the fields that are queried from the created entity are specified in the body of the create field. + +`Delete` mutations specify a filter for selecting the entities to be deleted. All entities matching the specified filters are deleted. It returns the count of deleted entities. + +`Update` mutations specify the entity body to be updated as the input argument of the update field. Additionally, the filter field specifies one or more multiple filter expressions to select the entities to be updated. Finally, the fields that are queried from the updated entities are specified in the body of the update field. + + + + + +## Examples + + + +### Example 1 + +Create `A_Product` in the `sap.s4` namespace. + +``` +mutation { + sap_s4 { + A_Product { + create ( + input: { + Brand: "...", + CountryOfOrigin: "...", + ... + } + ) { + Product + Brand + CountryOfOrigin + ... + } + } + } +} +``` + + + +### Example 2 + +Delete `A_Product` entities filtering on the `Product` field to be equal to `1` in the `sap.s4` namespace. + +``` +mutation { + sap_s4 { + A_Product { + delete ( + filter: [ + { + Product: { eq: "1" } + } + ] + ) + } + } +} +``` + + + +### Example 3 + +Update `A_Product` entities on the `Brand` and `CountryOfOrigin` fields filtering on the `Product` field to start with 10 and querying the `Product`, `Brand`, and `CountryOfOrigin` fields. + +``` +mutation { + sap_s4 { + A_Product { + update ( + input: { + Brand: "...", + CountryOfOrigin: "..." + }, + filter: [ + { + Product: { startswith: "10" } + } + ] + ) { + Product + Brand + CountryOfOrigin + } + } + } +} +``` + diff --git a/docs/ISuite/50-Development/navigation-b4378a0.md b/docs/ISuite/50-Development/navigation-b4378a0.md new file mode 100644 index 00000000..4a322187 --- /dev/null +++ b/docs/ISuite/50-Development/navigation-b4378a0.md @@ -0,0 +1,83 @@ + + +# Navigation + +Unlike the data models found in SAP's business systems, the data model of Graph is highly interconnected. This ensures that developers develop highly efficient code for navigating across the systems, without being concerned about where the data originated. + +Graph reference attributes enable navigation through SAP-managed data. For example, a sales order contains references to the customer, and to the products ordered. A purchase order includes references to the requisition owner and organization, to materials ordered, recommended vendors, includes and more. + +The following describes the metadata of a `SalesOrder`: + +```json +{ + id: key string(70) + displayId: string(10) + orderType: string(4) + soldToParty: string(10) + _soldToParty: sap.graph/Customer + paymentTerms: string(4) + items: array +} +``` + +A `SalesOrder` has a key, called `id`, and a variety of attributes. Note the `_soldToParty` attribute. This is a reference, or association to a `Customer`. It's used to navigate across the business data graph, for example, obtain the name of the customer for this `SalesOrder` in a single efficient request. + +```json +GET https://.a.integration.cloud.sap/graph/api/v1/SalesOrder/14/_soldToParty/name +``` + +Without these navigation attributes, this would have required two OData calls, plus some logic to extract the value of `_soldToParty` from the first response and interpret it as a key in the second call. + + + + + +## Cross-system Navigation + +Enterprises commonly have the same data in more than one data source. They're referred to as *multi-source entities*. They can occur for a number of reasons: + +- Overlapping data models \(for example, multiple data sources have product catalogs or concepts of person\). + +- Intentional replication from one system to another, to optimize and simplify local access and references. + +- Partitioning of the same type of data over multiple systems \(of the same type\) based on data-specific criteria. + +- Traversal of data from one system to another because of lifetime workflows. + + +Within a single data source, such references are local references: they refer to unique identifiers \(keys\) of the referenced objects. However, navigating across systems, there's the problem that the same data object has one local key in one system and another in a second system. A reference is to a local or external key. + +As a developer, you use Graph to navigate and access SAP-managed data, regardless of where this data resides. Graph accesses the data on your behalf, so you don't have to deal with these complexities. + +Graph must solve the following data-locating challenges on behalf of client applications: + +1. Which data source can provide the data that the application wants to access? If the data is in more than one data source, which one is accessed? + +2. Is the reference to the data applicable for a cross-system reference? + + +These problems are particularly challenging, because Graph makes no assumptions about: + +- The customer's landscape + +- How keys are allocated or defined, uniquely, immutable or not. + +- How data is replicated or distributed, consistently or not. + + +Graph is configured with a locating policy, and makes references to globally unique entities by adding a source-specific prefix to local key references. For example, the key `14` of an entity in a certain data source, and all its references, appear as `s4hq~14`. In most cases, this is opaque to client application developers. + + + +### Cues + +Locating data under such conditions isn't always a simple decision: client apps sometimes need the data from one system, and sometimes from another, based on application-specific considerations. + +*Cues* are used to overwrite the default data source in the landscape, by adding them as OData query options. A common use case is when the same type of data, for example sales orders, is managed in two different systems, because different sales territories: European sales in oneSAP S/4HANA instance, and North American sales in another. To address this, the key user who configured the landscape policy, may have added a differentiating cue to the appropriate rules for locating sales data, allowing applications to issue a request like: + +```json +GET https://.a.integration.cloud.sap/graph/api/v1/SalesOrder/14/items?cue=NA +``` + +This request overrides the default of European sales. The use of cues, a type of landscape-specific convention, must of course be communicated to the developers of client applications. Technically, a cue is just an alphanumeric string, or in the form of string=string \(alphanumeric\). Only a single cue can be provided for any query. This cue only applies to the root entity of the query. + diff --git a/docs/ISuite/50-Development/netsuite-receiver-adapter-618127a.md b/docs/ISuite/50-Development/netsuite-receiver-adapter-618127a.md new file mode 100644 index 00000000..2a64c08c --- /dev/null +++ b/docs/ISuite/50-Development/netsuite-receiver-adapter-618127a.md @@ -0,0 +1,419 @@ + + +# NetSuite Receiver Adapter + +The NetSuite receiver adapter connects SAP Integration Suite to NetSuite. + +> ### Note: +> This adapter is available on SAP Business Accelerator Hub. +> +> For more information, see [Consuming Integration Adapters from SAP Business Accelerator Hub](consuming-integration-adapters-from-sap-business-accelerator-hub-b9250fb.md). +> +> The availability of the adapter is dependent on your SAP Integration Suite service plan. For more information about different service plans and their supported feature set, see SAP Notes [2903776](https://launchpad.support.sap.com/#/notes/2903776) and [3188446](https://launchpad.support.sap.com/#/notes/3188446). + +> ### Note: +> This adapter exchanges data with a remote component that might be outside the scope of SAP. Make sure that the data exchange complies with your company’s policies. + +NetSuite is an integrated cloud business software suite, including business accounting, ERP, CRM, and e-commerce software. The NetSuite receiver adapter helps you exchange data between the two systems. + + + + + +## How the NetSuite Receiver Adapter Works + +If you have configured a NetSuite receiver adapter, the data exchange is performed as follows at runtime: SAP sends the request to NetSuite \(this is a receiver system\) through SAP Integration Suite. NetSuite works on the request and sends back the data to SAP. + +For Example, SAP S4/HANA generates and pushes the list of Business Partners to be copied to NetSuite. SAP Integration Suite receives the request and transforms it to the required NetSuite format. SAP Integration Suite then queries the existing Customers in NetSuite, updates data for existing customers, or creates a new entry for non-existent customers. + +![](images/NetSuite_Adapter_0cae5fe.png) + + + + + +## Configuring the NetSuite Receiver Adapter + +Once you have created a receiver channel and selected the NetSuite receiver adapter, you can configure the attributes in the *Connection* and *Processing* tabs. + +Select the *Connection* tab. + +The *Connection* tab contains the connection and the authentication parameters for connecting to NetSuite. The adapter employs a based Authentication \(TBA\) mechanism. + +**Connection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Parameter + + + +Description + +
+ +*Address* + + + +Specify the address of the NetSuite tenant to be used for the connection. This address typically includes your NetSuite Account ID. NetSuite URLs often follow the pattern: `https://.suitetalk.api.netsuite.com`. + +Example: `https://12345-sb1.suitetalk.api.netsuite.com` + +
+ +*Account ID* + + + +Specify the Account ID to be used for the connection. + +Example: `1112711_SB1` + +
+ +*Authentication* + + + +Select the Authentication Mechanism. Currently, only the Token-Based Authentication \(TBA\) is supported. + +
+ +*Consumer Credentials Alias* + + + +Specify the name of the *User Credentials* artifact \(to be deployed in the *Monitor* \> *Integrations and APIs* section under *Security Material*\). The *User Credentials* artifact includes both Consumer Key \(as username\) and Consumer Secret \(as password\). + +
+ +*Token Credentials Alias* + + + +Specify the name of the *User Credentials* artifact \(to be deployed in the *Monitor* \> *Integrations and APIs* section under *Security Material*\). The *User Credentials* artifact includes both Token ID \(as username\) and Token Secret \(as password\). + +
+ +*Timeout \(in ms\)* + + + +Specify the response timeout in milliseconds. This timeout allows you to configure the maximum waiting time for SAP until a response is received from NetSuite. + +Example: `6000` + +
+ +Select the *Processing* tab. + +The *Processing* tab contains all operational-related configurations for the NetSuite adapter. + +**Processing** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Parameter + + + +Description + +
+ +*Version* + + + +Specify the version of the API to be used for this interaction with NetSuite. + +
+ +*Operation* + + + +To access and exchange data with NetSuite, you can choose one of the available operations to specify the type of action you want to run in NetSuite. + +
+ +*Record* + + + +Specify the NetSuite Object/Entity on which to perform the selected operation. It can be any of the NetSuite-defined records like Accounting records, Employee records, or any Custom records. This is an editable dropdown field; the user can manually add any other records that are not listed in the dropdown. + +> ### Note: +> Since the dropdown is editable, ensure you do not leave the operation field blank. + + + +
+ +*Handle Multiple Record Types* + + + +Enable if the request intends to perform a list operation on multiple record types in a single call. For example: In addList operation, you can add both `Contact` and `Customer` records within a single request. + +
+ +*Create Request From Properties* + + + +Enable this property to create the body from the properties. + +
+ +*Id Type* + + + +Select the desired ID type of the record from the dropdown. + +Example: *InternalID* + +
+ +*Id Value* + + + +Specify the required ID value of the record. + +Example: `1091144` + +
+ +*Treat Functional Error as Exception* + + + +Enable to treat a functional error returned by NetSuite as an exception. + +
+ +*Enable Request Level Preferences* + + + +Enable to specify various request-Level preferences \(additional parameters below\). + +
+ +*Disable Mandatory CustomField Validation* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to change the handling of custom fields that are configured in the UI to be mandatory. When enabled, these fields won't be required during SOAP web services requests. If the property is disabled, it will be mandatory. + +
+ +*Disable System Notes For CustomFields* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to prevent the creation of system notes for modifications to custom fields. System notes are automatically generated entries that track changes to a record, including changes to specific field values. Depending on your integration, utilizing this preference could enhance performance. + +
+ +*Ignore ReadOnly Fields* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to modify the system's behavior if you mistakenly send a value for a read-only field in your request. If this property is selected, the system ignores these read-only in your request payload. + +
+ +*Warning As Error* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to process all NetSuite warning messages as errors. This parameter changes the handling of custom fields that are configured on the user interface to be mandatory. When enabled, these fields won't be required in requests. If the property is disabled, it will be mandatory. If disabled and the required fields aren't provided, the system returns a `USER_ERROR`, prompting for the missing field value. + +
+ +*Body Fields Only* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to determine if sublist values should be included in search results. When enabled, only body fields are returned. If disabled, sublist values are also included. Selecting this property can significantly improve performance. + +
+ +*Page Size* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Specify the number of records to be returned on a single page for the Search operation. + +Example: When you set a value for page size, the following limits apply: for Synchronous operations, a minimum of 5 and a maximum of 1000, and for Asynchronous operations, a minimum of 5 and a maximum of *2000*. + +
+ +*Return Search Columns* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to return full records, as opposed to columns. The default value for the preference is true. If this property is enabled, it is also required to specify search return columns, otherwise, the system returns an error. + +
+ +*Run Server SuiteScript And Workflow Triggers* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enable to control SuiteScript and trigger workflows per request. If not selected, the company preference set on the SOAP Web Services Preferences page is used. If selected, it overrides the company preference set in the UI. + +
+ +*Request Headers* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enter a list of custom headers, separated by a pipe `|`, to send to the target system. By default, no custom headers are sent. Use an asterisk `*` to send all custom headers to the target system. Alternatively, you can dynamically pass on the values by defining a property that includes a list of headers. + +
+ +*Response Headers* + +\(Only available if parameter *Enable Request Level Preferences* is selected\) + + + +Enter a list of headers coming from the target system's response, separated by a pipe `|`, to be received in the message. Use an asterisk `*` to receive all the headers from the target system, which is also the default value. + +
+ diff --git a/docs/ISuite/50-Development/odata-37e592e.md b/docs/ISuite/50-Development/odata-37e592e.md new file mode 100644 index 00000000..9ef8124e --- /dev/null +++ b/docs/ISuite/50-Development/odata-37e592e.md @@ -0,0 +1,762 @@ + + +# OData + +The Graph API follows the OData protocol; all payloads are JSON documents. + +OData \(Open Data Protocol\) is an ISO/IEC-approved standard that defines a set of best practices for building and consuming RESTful APIs. OData helps you focus on your business logic while building RESTful APIs without having to worry about the various approaches to define request and response headers, status codes, HTTP methods, URL conventions, media types, payload formats, query options, and so forth. OData also provides guidance for tracking changes, defining functions/actions for reusable procedures, and sending asynchronous/batch requests. + +OData RESTful APIs are easy to consume. What follows is a short introduction; see also our multipart tutorial series for an introduction to the Graph data protocol, and the reference material at [https://www.odata.org/](https://www.odata.org/). + + + +## OData Resources + +In OData, every request refers to a *resource*. A resource can be an entity, such as a sales order, a customer, or a bank account, or a subset of its attributes. For example, `GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.graph/Product` returns the entire list of `Product` entities. + +In many cases, you don't require a list, but a specific instance of an entity, for example the `Product` with the key \(identifier\) of 345, which can be accomplished by: + +`GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.graph/Product/345` + +or + +`GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.graph/Product('345')` + +Both requests are the same, and they retrieve the matching instance only. And `GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.graph/Product/345/displayId` returns the single `displayId` attribute. + +Using navigations, you can view additional connected resources or their attributes. For example, `GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v2/sap.graph/Product('345')/_division` results in the `Division` entity relevant to this `Product` entity instance. + + + + + +## Query Parameters + +Where OData becomes interesting is through its usage of query parameters. The following is a brief introduction to the topic. + + + +### Filtering: $filter + +Graph API filtering follows the[OData filtering specifications](https://docs.oasis-open.org/odata/odata/v4.01/csprd06/part1-protocol/odata-v4.01-csprd06-part1-protocol.html#_Toc21423805). The initial step in retrieving data is to perform a `GET` request to a collection of resources, which can be a list of customers, a list of customer orders, or a list of customer quotes. In many cases, these lists can have extensive amounts of data, and filtering them means that you can get only the data that matches certain criteria. + +To filter the result set of a query, the `$filter` URL parameter needs to be added with the filter string. Within this filter string, operators are used to construct the conditions. Depending on the entity type, there are specific fields and operators that can be used for filtering. + +> ### Note: +> This query parameter is only supported for top-level properties and not for a property of a contained \(nested\) entity. + +For example, if the result set should only contain customer orders with a net amount below the value of 30,000 \(netAmount < 30000\), the following filter needs to be applied: + +`netAmount lt 30000` + + + +### Supported Comparison Operators + +Graph supports the following comparison operators: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Operator + + + +Sign + + + +`$filter` Operator + +
+ +Equals + + + += + + + +`eq` + +
+ +Not equals + + + +!= + + + +`ne` + +
+ +Greater than + + + +\> + + + +`g`t + +
+ +Greater than or equals + + + +\>= + + + +`ge` + +
+ +Less than + + + +< + + + +`lt` + +
+ +Less than or equals + + + +<= + + + +`le` + +
+ +Example: + +```json +GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/SalesQuote?$filter=netAmount le 8400 +``` + +This example filters for customer quotes that have a `netAmount` less than or equal to 8400. + + + +### Using Logical Operators + +Multiple statements can be combined into a larger filter condition, by applying one of the following logical operators: + + + + + + + + + + + + + + + + + + + +
+ +Logical Operator + + + +`$filter` Operator + +
+ +AND \(both need to be true\) + + + +`and` + +
+ +OR \(at least one needs to be true\) + + + +`or` + +
+ +NOT \(negate the following statement\) + + + +`not` + +
+ +Example: + +```json +GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/SalesOrder?$filter=netAmount lt 15000 and orderDate lt 2017-01-01 +``` + +> ### Note: +> String values need to be escaped with single quotes. + +Find more information about the logical operators in the official OData documentation [here](https://docs.oasis-open.org/odata/odata/v4.01/csprd06/part1-protocol/odata-v4.01-csprd06-part1-protocol.html#_Toc21423805). + + + +### Projection of Results: `$select` + +You can tell the Graph API to return only a subset of properties you need. + +The projection of results is a standard OData query modifier and selected properties are specified via the `$select` query parameter. + +To select only the properties that you need, use the `$select` query parameter in combination with one or more top-level properties of an entity. + +> ### Note: +> This query parameter is only supported for top-level properties and not for nested properties. + +Example: + +To return only the `id` and `lastName` properties of Employee entities, specify the following in the `$select` query parameter: + +```json +GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/Employee?$select=id,lastName +``` + +Response: + +```json +{ + "@odata.context": "$metadata#Employee(id,lastName)", + "value": [ + { "id": "1018", + "lastName": "Lou" + }, + { "id": "1000031", + "lastName": "Sprengel" + }, + { "id": "1000032", + "lastName": "Rupieper" + }, +... +} +``` + +> ### Note: +> **The resulting `Employee` entities are only represented by the two specified properties.** + + + +### Advanced Filtering Using Any Support + +Lambda can be used to filter for entities along attributes found in compositions. For example, you can filter out all `CorporateAccounts` where any of the addresses meet a given criteria . This can be a `CorporateAccount` that is expanded to its numerous addresses. For more information about Any support, see [OData.org: More Any and All](https://www.odata.org/blog/more-any-and-all/). + +**Example** + +Fetch all `ServiceRequestCollection` where ANY item in `ServiceRequestParty` matches filter + +> ### Sample Code: +> ```json +> /sap.c4c/ServiceRequestCollection?$expand=ServiceRequestParty&$filter=ServiceRequestParty/any(d:d/PartyID eq 'some Party ID') +> ``` + +Response: + +> ### Sample Code: +> ```json +> +> { +> "@odata.context": "$metadata#ServiceRequestCollection(ServiceRequestParty())", +> "value": [ +> { +> "@odata.etag": "W/\"datetimeoffset'2022-04-27T15%3A29%3A28.3907090Z'\"", +> "ObjectID": "00163EA813131EDCB1C7A87A004DEEAF", +> "ProcessingTypeCodeText": "Service Request", +> "Name": "Monarch bike enquiry", +> "ResolvedOnDateTime": "2020-04-09T11:11:08Z", +> "CreatedBy": "Prof. Dr. Graph Tester", +> "LastChangedBy": "Prof. Dr. Graph Tester", +> ... +> "ServiceRequestParty": [ +> { +> "ObjectID": "00163EA813131EDCB1C7A87A004D4EAF", +> "ParentObjectID": "00163EA813131EDCB1C7A87A004DEEAF", +> "PartyID": "some Party ID", +> "PartyUUID": null, +> "RoleCategoryCodeText": "Buyer Party", +> "RoleCode": "1001", +> "RoleCodeText": "Account", +> "Main": true, +> "EntityLastChangedOn": "2022-04-27T15:29:28.390Z", +> ... +> } +> ] +> } +> ] +> } +> ``` + + + +### Result Expansion: $expand + +The SAP API Explorer expands most of the query results. But when using the `$select` query parameter, result set expansion can be used to also include related entities, which would otherwise not be included in the result set. This can be achieved by using the OData `$expand` query parameter and specifying which properties to expand. + +**Example** + +> ### Sample Code: +> ```json +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/dev/sap.graph/SalesOrder?$select=id,orderDate,netAmount +> ``` + +**Response** + +> ### Sample Code: +> ```json +> { +> "@odata.context": "$metadata#SalesOrder(id,orderDate,netAmount)", +> "value": [ +> { +> "id": "00163e37-bedf-1ed9-betaad-514c152dcc55", +> "orderDate": null, +> "netAmount": 15 +> }, +> { +> "id": "00163e37-bedf-1ed9-betaad-e818d2bc2dba", +> "orderDate": null, +> "netAmount": 0 +> }, +> { +> "id": "00163e37-bedf-1ed9-betaad-f41808420dea", +> "orderDate": null, +> "netAmount": 15 +> } +> ... +> ] +> } +> ``` + +**Example** + +To see the items and the status of these customer orders, use `$expand=items,processingStatus` in the request: + +> ### Sample Code: +> ```json +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/SalesOrder?$select=id,orderDate,netAmount&$expand=items,processingStatus +> ``` + +**Response** + +> ### Sample Code: +> ```json +> { +> "@odata.context": "$metadata#CustomerOrder(id,orderDate,netAmount,items(),processingStatus())", +> "value": [ +> { +> "id": "00163e37-bedf-1ed9-betaad-514c152dcc55", +> "orderDate": null, +> "netAmount": 15, +> "processingStatus": { +> "name": "Open", +> "descr": null, +> "code": "A" +> }, +> "items": [ +> { +> "text": "Managed Spare Part (Non-stock)", +> "quantity": 1, +> "id": "10", +> ..., +> "quantityUnit": { +> "code": "C62" +> } +> } +> ] +> }, +> { +> "id": "00163e37-bedf-1ed9-betaad-e818d2bc2dba", +> ... +> } +> ] +> } +> ``` + + + +### Pagination + +To allow easier consumption of the result data, pagination can be used. This means, that the overall result set is split into multiple smaller parts, such as the amount of data that can be displayed on a single page. Client-side pagination uses the `$stop` and `$skip` parameters. + +The pagination concept follows the OData specifications as well. The OData API provides several pagination options for query results. + +- `$top` - this parameter controls how many results are returned. You can add the desired number, such as`$top5` - this displays only the top five results. +- `$skip` - this option skips the desired number of results. Combined with the `$top` parameter, you can narrow the results even more. + +You can use `$skip` or `$top` in combination with other query parameters to narrow down the results even more. + +**Example** + +> ### Sample Code: +> ```json +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/bdg/sap.graph/Product?$select=id&$top=5 +> ``` + +**Response** + +Returns only the first five products from the list, and only the ID of the product is displayed: + +> ### Sample Code: +> ```json +> { +> "@odata.context": "$metadata#Product(id)", +> "value": [ +> { "id": "014e75cf-71c6-4965-ba5d-cb3fa1055ec1" }, +> { "id": "01574be9-f73d-4954-a777-2324b6bb7989" }, +> { "id": "02676ec1-7504-4993-a0e6-8272a026cef1" }, +> { "id": "050e151e-2bb2-44a2-bf3f-7bd08abeta92f7" }, +> { "id": "0dad9cc7-d1f7-4192-b041-a57d871864ad" }, +> ] +> } +> ``` + +For server-side pagination you can use the `$skiptoken` parameter. + + + +### Etag + +Etags \(entity tags\) are versions to track down changes that occur for a given entity. This means that if the entity data changes then the Etag value changes as well. + +Etags are used to allow clients to do caching and to easily check if something has changed. + +**Example** + +This tracks metadata changes. + +> ### Sample Code: +> ``` +> @odata.metadataEtag +> ``` + + + +### `$count` + +With the `$count` parameter you can see how many results your query has in total, even if less are shown due to pagination. To do this, you need to set `?$count=true`. + +**Example** + +> ### Sample Code: +> ```json +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/Product?$count=true +> ``` + +**Response** + +> ### Sample Code: +> ```json +> { +> "@odata.context": "$metadata#Product", +> "@odata.count": 89, +> "value": [...], +> "@odata.nextLink": "Product?$count=true&$skiptoken=20" +> } +> ``` + +The entire result set contains 89 product entries, but only the first 20 entries are displayed as part of the query response due to the server-side paging that Graph has set. + + + +### `$orderby` + +With the `$orderby` option, you can order the entries in your list in ascending or descending order \(`asc` or `desc`\) with all the attributes that track the date or a specific point in time, such as `createdAt`, `deliveryDate`, `modifiedAt`, and so on. Or you can order the list alphabetically with attributes such as `name`. + +**Example** + +> ### Sample Code: +> ```json +> GET https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.graph/Product?$orderby=name asc +> ``` + +**Response** + +This operation displays the list of products ordered alphabetically by name in ascending order. + + + + + +## Create, Read, Update, and Delete \(CRUD\) Operations + +Graph allows you to create, read, update and delete data, considering any existing access rights and data source boundaries, using the following standard HTTP methods: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +HTTP Verb + + + +CRUD + +
+ +POST + + + +Create + +
+ +GET + + + +Read + +
+ +PUT + + + +Update/Replace + +
+ +PATCH + + + +Update/Modify + +
+ +DELETE + + + +Delete + +
+ +As GET is the most common of the CRUD operations, the following examples show you how to create \(POST\) an entity and update \(PATCH\). + +> ### Sample Code: +> ```json +> POST https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.s4/A_BusinessPartner +> +> { +> "Supplier": "", +> "AcademicTitle": "", +> "AuthorizationGroup": "", +> "BusinessPartnerCategory": "1", +> "CorrespondenceLanguage": "EN", +> "FirstName": "Daniel", +> "FormOfAddress": "", +> "Industry": "", +> "InternationalLocationNumber1": "0", +> "InternationalLocationNumber2": "0", +> "IsFemale": false, +> "IsMale": true, +> "IsNaturalPerson": "1", +> "IsSexUnknown": false, +> "Language": "DE", +> "LastName": "Lou", +> "LegalForm": "", +> "OrganizationBPName1": "", +> "OrganizationBPName2": "", +> "OrganizationBPName3": "", +> "OrganizationBPName4": "", +> "OrganizationFoundationDate": null, +> "OrganizationLiquidationDate": null, +> "SearchTerm1": "SIGCUSTBP01", +> "SearchTerm2": "", +> "AdditionalLastName": "", +> "BirthDate": null, +> "BusinessPartnerBirthDateStatus": "", +> "BusinessPartnerBirthplaceName": "", +> "BusinessPartnerDeathDate": null, +> "BusinessPartnerIsBlocked": false, +> "BusinessPartnerType": "", +> "GroupBusinessPartnerName1": "", +> "GroupBusinessPartnerName2": "", +> "IndependentAddressID": "", +> "InternationalLocationNumber3": "0", +> "MiddleName": "", +> "NameCountry": "", +> "NameFormat": "", +> "PersonFullName": "", +> "IsMarkedForArchiving": false, +> "BusinessPartnerIDByExtSystem": "", +> "BusinessPartnerPrintFormat": "", +> "BusinessPartnerOccupation": "", +> "BusPartMaritalStatus": "", +> "BusPartNationality": "", +> "BusinessPartnerBirthName": "", +> "BusinessPartnerSupplementName": "", +> "NaturalPersonEmployerName": "", +> "LastNamePrefix": "", +> "LastNameSecondPrefix": "", +> "Initials": "", +> "TradingPartner": "" +> } +> ``` + +If this operation is run successfully, you'll receive a 201 response and the result is that you created your first `BusinessPartner`. + +**Example** + +This shows how to add the birth date to the `BusinessPartner` object that was created in the previous request. + +> ### Sample Code: +> ```json +> PATCH https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/v1/sap.s4/A_BusinessPartner/ +> +> { +> "BirthDate": "1987-12-06" +> ``` + +**Response** + +After adding the birth date, the result is as follows: + +> ### Sample Code: +> ```json +> { +> "BusinessPartner": "", +> "Supplier": "", +> "AcademicTitle": "", +> "AuthorizationGroup": "", +> "BusinessPartnerCategory": "1", +> "CorrespondenceLanguage": "EN", +> "FirstName": "Daniel", +> "FormOfAddress": "", +> "Industry": "", +> "InternationalLocationNumber1": "0", +> "InternationalLocationNumber2": "0", +> "IsFemale": false, +> "IsMale": true, +> "IsNaturalPerson": "1", +> "IsSexUnknown": false, +> "Language": "DE", +> "LastName": "Lou", +> "LegalForm": "", +> "OrganizationBPName1": "", +> "OrganizationBPName2": "", +> "OrganizationBPName3": "", +> "OrganizationBPName4": "", +> "OrganizationFoundationDate": null, +> "OrganizationLiquidationDate": null, +> "SearchTerm1": "SIGCUSTBP01", +> "SearchTerm2": "", +> "AdditionalLastName": "", +> "BirthDate": "1987-12-06", +> "BusinessPartnerBirthDateStatus": "", +> "BusinessPartnerBirthplaceName": "", +> "BusinessPartnerDeathDate": null, +> "BusinessPartnerIsBlocked": false, +> "BusinessPartnerType": "", +> "GroupBusinessPartnerName1": "", +> "GroupBusinessPartnerName2": "", +> "IndependentAddressID": "", +> "InternationalLocationNumber3": "0", +> "MiddleName": "", +> "NameCountry": "", +> "NameFormat": "", +> "PersonFullName": "", +> "IsMarkedForArchiving": false, +> "BusinessPartnerIDByExtSystem": "", +> "BusinessPartnerPrintFormat": "", +> "BusinessPartnerOccupation": "", +> "BusPartMaritalStatus": "", +> "BusPartNationality": "", +> "BusinessPartnerBirthName": "", +> "BusinessPartnerSupplementName": "", +> "NaturalPersonEmployerName": "", +> "LastNamePrefix": "", +> "LastNameSecondPrefix": "", +> "Initials": "", +> "TradingPartner": "" +> } +> ``` + diff --git a/docs/ISuite/50-Development/partner-directory-0fe80dc.md b/docs/ISuite/50-Development/partner-directory-0fe80dc.md index fc3412c9..6c96a2ae 100644 --- a/docs/ISuite/50-Development/partner-directory-0fe80dc.md +++ b/docs/ISuite/50-Development/partner-directory-0fe80dc.md @@ -15,6 +15,9 @@ This documentation provides additional information. > ### Note: > There's also a Java API to access the Partner Directory using a programming language like Java Script or Groovy. For more information, check out the JavaDoc linked to at [SDK API](sdk-api-c5c7933.md) \(for example, check out the package `com.sap.it.api.pd`\). +> ### Caution: +> The data is stored unencrypted in the Partner Directory. Therefore, make sure that the data does not contain any sensitive information \(for example, passwords or personal information\). + There's no dedicated user interface to access the Partner Directory. You can access its content only based on APIs. diff --git a/docs/ISuite/50-Development/payload-and-operation-71b20d4.md b/docs/ISuite/50-Development/payload-and-operation-71b20d4.md index 5814363e..5c61ce61 100644 --- a/docs/ISuite/50-Development/payload-and-operation-71b20d4.md +++ b/docs/ISuite/50-Development/payload-and-operation-71b20d4.md @@ -126,6 +126,29 @@ Payload is the data that you are sending through the JDBC receiver adapter. You > > ``` +> ### Sample Code: +> ``` +> +> +> +> TESTCOL
+> +> +> +> +> +> +> val2old +> val4 +> +> +> val2old2 +> +> +> +> +> ``` + ### EXECUTE diff --git a/docs/ISuite/50-Development/projection-definition-file-format-fab3489.md b/docs/ISuite/50-Development/projection-definition-file-format-fab3489.md new file mode 100644 index 00000000..855a2caa --- /dev/null +++ b/docs/ISuite/50-Development/projection-definition-file-format-fab3489.md @@ -0,0 +1,482 @@ + + +# Projection Definition File Format + +Custom entities are specified in JSONC files that follow the projection definition file format. + +Technically, a custom entity definition is a single JSON object following the projection definition file format and governed by a JSON validation schema. By convention, each custom entity definition is stored separately in a `JSONC` file, which allows the use of comments. + +> ### Note: +> Download this [schema file](https://help.sap.com/doc/custom-entity-projection/PROD/en-US) to create and validate your projection file. + +Here's an example of a projection definition file with one custom entity, `bestrun.Customer`, which is a projection on the mirrored `A_Customer` entity: + +``` +1 { +2 +3 "label": "example", +4 "entity": "bestrun.Customer", // the name of the new custom entity +5 "version": "1.0.0", +6 +7 "sourceEntities": [ { "name": "sap.s4.A_Customer" } ], +8 +9 attributes: [ +10 // … +11 { "name": "paysOnTime", "transform": "negation", "source": [ "isBlocked" ] }, +12 { "name": "displayId", "transform": "rename", "source": [ "customerName" ] }, +13 { "name": "country.code", "transform": "rename", "source": [ "countryCode" ] }, // flat to structured +14 { "name": "country.name", "transform": "rename", "source": [ "countryName" ] }, +15 { "name": "monikers", "transform": "arrayFill", "source": [ "PrimaryName","AlternativeName" ] }, +16 // … +17 ] +18 } + +``` + +A custom entity definition consisting of two parts: + +- A header with several header key-value pairs + +- Attributes with an array of objects + + +The following header properties are supported: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Property + + + +Type + + + +Mandatory + + + +Description + +
+ +`label` + + + +String + + + +Yes + + + +A short description of the entity, which is used in metadata documentation. + +
+ +`entity` + + + +String + + + +Yes + + + +The full name of the custom entity. + +
+ +`version` + + + +Semver + + + +Yes + + + +The current semantic version of the custom entity. + +
+ +`sourceEntities` + + + +Array + + + +Yes + + + +An array of one or more data source entities, used in attribute mappings. + +
+ +`dicts` + + + +Object + + + +No + + + +A list of dictionaries, used to map source values to or from custom values. For more information, see [Transform Functions](transform-functions-cec1e73.md). + +
+ +`annotations` + + + +Object + + + +No + + + +A list of annotation properties. + +
+ +The `attributes` property is an array of mapping-specification objects. Each object represents the mapping specification for a single attribute of the custom entity. That is, it describes a transform from source attributes of a specific `sourceEntity` to a custom entity attribute with a new name and data type. The transform specification is the essence of creating custom entities. + +The following attribute properties are supported: + +**** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Property + + + +Type + + + +Mandatory + + + +Description + + + +Default + +
+ +`name` + + + +String + + + +Yes + + + +The name of the new attribute. + + + +Not applicable + +
+ +`key` + + + +Boolean + + + +No + + + +Set to true if this attribute \(called `id`\) is the key of the entity. + + + +False + +
+ +`source` + + + +array + + + +No + + + +The source attribute of the corresponding `sourceEntity`. + + + +If the transform is `rename`, then the default is a source attribute with the same name. Not specified for type=`Association` or transform=`join`. In all other cases, specifying a source is mandatory. + +
+ +`sourceEntity` + + + +String + + + +No + + + +The source entity used. + + + +The first in the list of`sourceEntities`. + +
+ +`type` + + + +enum + + + +No + + + +The type of new attribute. + + + +Type is taken from the source or the transform, or is set explicitly. + +
+ +`transform` + + + +enum + + + +No + + + +One of several transformation functions. + + + +`rename` + +
+ +`on` + + + +String + + + +No + + + +The specification expression of an attribute of type `Association to-many`. + + + +Must appear in to-many associations. + +
+ +`associationTarget` + + + +String + + + +No + + + +The target entity name of an attribute `Association`. + + + +Must appear in associations. + +
+ +`annotations` + + + +object + + + +No + + + +A list of annotation properties. + + + + + +
+ diff --git a/docs/ISuite/50-Development/queries-2205ef9.md b/docs/ISuite/50-Development/queries-2205ef9.md new file mode 100644 index 00000000..fda9cdf0 --- /dev/null +++ b/docs/ISuite/50-Development/queries-2205ef9.md @@ -0,0 +1,145 @@ + + +# Queries + +Queries in GraphQL build on fields and arguments. + +Fields represent the properties of an entity. Only fields that are specified in a query are returned by the API \(similar to `$select` in OData\). Arguments are additional options that can be passed in a query to modify the expected response by, for example paginating, filtering, or sorting. + +The specification of fields and arguments works on the root level of a query, but are also deeply nested. This enables traversing the data graph and specifying exactly the data that should be returned by the API. + +The GraphQL interface that Graph exposes is structured similar to the OData interface, and is capable of the same query features. + +``` +query { + { + ( + top: , + skip: , + filter: [ + { + : { + : [] + } + }, + ... + ], + orderBy: [ + { + : + } + ] + ) { + nodes { + + ... + } + } + } +} + +``` + +> ### Note: +> The body of list queries always needs to be wrapped within `nodes { }`. The same applies when querying for nested to-many relationships. + +As the period-character has a special meaning in GraphQL, any occurrence of it is replaced with the underscore \(`_`\) character in the namespace of a GraphQL request. + + + + + +## Example - Query with Token-Based Pagination and Sorting + +In the `sap.s4` namespace, read 10 `A_Product` entities skipping the first 10 and ordering by the`Product` field in ascending order selecting the following fields: + +- `Product` + +- `Brand` + +- `CountryOfOrigin` + + + + +### GraphQL + +``` +query { + sap_s4 { + A_Product ( + top: 10, + skip: 10, + orderBy: [ + { Product: asc } + ] + ) { + nodes { + Product + Brand + CountryOfOrigin + } + } + } +} +``` + + + +### OData Equivalent + +``` +https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api//sap.s4/A_Product?$top=10&$skip=10&$select=Product,Brand,CountryOfOrigin&$orderby=Product asc +``` + + + + + +## Example - Query with Nested To-Many Query + +In the `sap.s4` namespace, read 10 `A_Product` entities skipping the first 10, selecting the following fields: + +- `Product` + +- `ProductType` + +- `ProductDescription` from the extended `to_Description` + + + + +### GraphQL + +``` +query { + sap_s4 { + A_Product ( + top: 10, + skip: 10, + orderBy: [ + { Product: asc } + ] + ) { + nodes { + Product + ProductType + to_Description { + nodes { + ProductDescription + } + } + } + } + } +} +``` + + + +### OData Equivalent + +``` +https://is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api//sap.s4/A_Product?$top=10&$skip=10&$select=Product,ProductType&$expand=to_Description($select=ProductDescription) +``` + diff --git a/docs/ISuite/50-Development/receiver-communication-flow-v2-3897ded.md b/docs/ISuite/50-Development/receiver-communication-flow-v2-3897ded.md index 1db31277..d1805bad 100644 --- a/docs/ISuite/50-Development/receiver-communication-flow-v2-3897ded.md +++ b/docs/ISuite/50-Development/receiver-communication-flow-v2-3897ded.md @@ -89,8 +89,91 @@ Follow the procedure below to configure the integration flow.
-3. Choose *Save* -4. Choose *Deploy*. +3. Choose the *Receiver* tab and maintain the following: + + > ### Note: + > You only need to maintain this tab if you have enabled dead letter queue in your agreement for the receiver interchange. To know more, see [Creating a Trading Partner Agreement](creating-a-trading-partner-agreement-9bd43c9.md). + + : + + **Parameters for Configuration** + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Default Value + + + + Description + +
+ + Receiver + + + +   + + + + The name of the sender. + +
+ + Adapter Type + + + + JMS + + + + The type of the sender adapter which is set to *JMS* by default. + +
+ + Queue Name + + + + COM\_RECEIVER\_OUTOUND\_DEAD\_LETTER\_Q + + + + Dead letter queue where the failed messages after retries are collected. + + To enable the dead letter queue for this integration flow, you need to make changes to the retry configuration. To know more, see [Configuration Manager](configuration-manager-7daf06c.md) . + +
+ +4. Choose *Save* +5. Choose *Deploy*. > ### Note: > To know how to set maximum retries for failed integration flows, see [Configuration Manager](configuration-manager-7daf06c.md). diff --git a/docs/ISuite/50-Development/reuse-imported-archives-objects-from-es-repository-4196091.md b/docs/ISuite/50-Development/reuse-imported-archives-objects-from-es-repository-4196091.md new file mode 100644 index 00000000..2d5d8b72 --- /dev/null +++ b/docs/ISuite/50-Development/reuse-imported-archives-objects-from-es-repository-4196091.md @@ -0,0 +1,63 @@ + + +# Reuse Imported Archives Objects from ES Repository + + + + + +## Prerequisites + +- [Configuring Connectivity to an SAP Process Orchestration System](IntegrationSettings/configuring-connectivity-to-an-sap-process-orchestration-system-8c36fd2.md) + +- [Creating an Imported Archives Artifact](creating-an-imported-archives-artifact-e555caf.md) + + + + + + +## Context + +There are certain limitations while importing and consuming the imported archive objects: + +- You can import archive objects with XSLT mapping but you can't assign the mapping to a *XSLT Mapping* flow step. + +- You can import archive objects with Java mapping but you can't assign the mapping to an *Operation Mapping* flow step. + +- You must maintain custom java code in an imported archive for any underlying Java version changes or platform dependencies changes. + + + + +## Procedure + +1. Open the Imported Archives artifact that you created and choose *Edit*. + + The resource pane and editor comes up on the left and right sides respectively. + +2. In the resource pane, choose *Upload*. + +3. In the dialog box, choose *ES Repository* as the *Source*. + +4. Select the *Name* of the ES Repository that you want to connect with. + + You see the details populated in the *Address* and *Location ID* fields. + +5. Choose *Connect*. + + You see a list of available imported archive objects. + +6. Choose an imported archive object of your choice and choose *Select*. + + The selected imported archive object gets imported to the resource pane. + +7. Choose the imported archive object to view its content. + + The contents of the archive object appear in the editor pane. You see the name and path for all files contained in the archive object. + +8. Choose *Save*. + +9. Deploy the Imported Archives artifact. + + diff --git a/docs/ISuite/50-Development/rfc-receiver-adapter-5c76048.md b/docs/ISuite/50-Development/rfc-receiver-adapter-5c76048.md index bf834feb..5d68f1ed 100644 --- a/docs/ISuite/50-Development/rfc-receiver-adapter-5c76048.md +++ b/docs/ISuite/50-Development/rfc-receiver-adapter-5c76048.md @@ -112,6 +112,14 @@ Description Enter the RFC destination configured in SAP BTP cockpit for your application. +> ### Note: +> You can create dynamic destinations by using expressions \(header, property\) in the Content Modifier. +> +> 1. Select Content Modifier in the integration flow. Then, go to Message Header in Content Modifier properties and set header value as the destination name. For example, abc. +> 2. Select your RFC adapter and. In the *Destination* field, assign dynamic destination by using the expression: $\{header/property.header/property name\}. For example $\{header.abc\} or $\{property.abc\} where abc is the value of the header or property. + + + @@ -157,9 +165,6 @@ If you enable this option, the adapter creates a new RFC connection in the backe -> ### Note: -> You can create dynamic destinations by using regular expressions \(header, property\) in the Content Modifier. Select *Content Modifier* in the integration flow. Then go to *Message Header* in *Content Modifier* properties and assign corresponding value to the header name as the destination name. Select your RFC adapter and assign dynamic destination by using the expression: `${header/property`.*
*\}. For example `${header.abc}` or `${property.abc}` where `abc` is the value of the header or property. - **Related Information** diff --git a/docs/ISuite/50-Development/role-of-the-administrator-7b44365.md b/docs/ISuite/50-Development/role-of-the-administrator-7b44365.md new file mode 100644 index 00000000..509d6c3e --- /dev/null +++ b/docs/ISuite/50-Development/role-of-the-administrator-7b44365.md @@ -0,0 +1,34 @@ + + +# Role of the Administrator + +The term *administrator* is used to describe an enterprise IT specialist who is responsible for administering and configuring Graph. In addition to the administrator role, Graph defines a special user role, called the *key user*. + +The key user is authorized to create the business data graphs that are accessed by developers. + +Graph uses token-based authentication, based on OAuth 2.0. To interact securely with Graph, a client application must present an access token \(A\), as shown in the diagram below. The token represents the authorization of the client and/or the user to access data via Graph. + +Graph, in turn, communicates securely with data sources in the landscape on behalf of the client \(B\), using a variety of security methods. + +![](images/Token-Based_Authentication_6207efc.png) + +For all of this to work, trust must be established. The client application, Graph, and the data sources \(the business systems\) must trust a common security service, which is responsible for authenticating users and clients, and issuing tokens identifying them. This trust is technically established by an administrator in the context of an SAP BTP subaccount and uses SAP Extended Services for User Authentication and Authorization \(XSUAA\) as the security service. + +The administrator addresses the following configuration topics \(the order may vary\): + +- Creating landscapes by setting up SAP BTP subaccounts. + +- Setting up connectivity to data sources in landscapes by setting up destinations. + +- Approving client applications to access Graph by creating Graph instances. + +- Enabling users by establishing an Identity Provider. + +- Supporting the creation of business data graphs by assigning the Graph key user role to one or more users. + +These steps are illustrated in the following diagram: + +![](images/Graph_Concept_Key_5b01c09.png) + +The overall responsibility for security is shared between the administrator and the developer of the client application. The administrator configures the trust relationship between the parties. The developer implements the secure communications using OAuth 2.0. + diff --git a/docs/ISuite/50-Development/sap-s-4hana-cloud-a7eca35.md b/docs/ISuite/50-Development/sap-s-4hana-cloud-a7eca35.md new file mode 100644 index 00000000..342dce48 --- /dev/null +++ b/docs/ISuite/50-Development/sap-s-4hana-cloud-a7eca35.md @@ -0,0 +1,561 @@ + + +# SAP S/4HANA Cloud + +As an administrator of an SAP S/4HANA Cloud configured IAS tenant you need to configure the communication between Graph and SAP S/4HANA Cloud. + +To do this, you need to set up the connectivity on the SAP S/4HANA Cloud tenant and on the SAP BTP tenant for SAP Cloud Identity Access Governance \(IAG\), and create destinations. + + + + + +## Set Up Connectivity + + + +### Prerequisites + +The SAP S/4HANA Cloud administrator must have the following business role assignments: + + + + + + + + + + + + + + + + + + + +
+ +Business Role ID + + + +Area + +
+ +SAP\_BCR\_CORE\_COM + + + +Communication Management + +
+ +SAP\_BCR\_CORE\_IAM + + + +Identity and Access Management + +
+ +SAP\_BCR\_CORE\_EXT + + + +Extensibility + +
+ + + +### Procedure + +1. Configure the single-sign on \(SSO\) Identity Authentication service. +2. Upload your key-pair keystore in SAP BTP cockpit. Otherwise, use the default key-pair keystore. + +3. Set up the SAP S/4HANA Cloud side. +4. Set up the SAP BTP side. + +For a detailed description of each of these steps, see [Using SAML Bearer Assertion Authentication](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/f9d5adca9e414d9b8c42513a8890d782.html). + + + +### Handover Information to the SAP BTP Administrator + +- URL of your SAP S/4HANA Cloud account +- Name of the communication user in the SAP S/4HANA Cloud tenant +- Password for the communication user +- Token Service URL from the OAuth 2.0 details in the communication arrangement +- Provider name for the communication system in SAP S/4HANA Cloud + + + + + +## Create Destinations + +Create a destination to enable the communication between your business system and Graph. + +You can define destinations to data sources using two authentication models: identity propagation \(preferred\) and based on a technical user. Both options are described here for each supported business system. + +> ### Note: +> Graph caches destination settings. If you want to change these settings after the business data graph is created, you need to edit the business data graph configuration and update it. For more information, see [Modify Your Business Data Graph](modify-your-business-data-graph-0084c4d.md). + +As the SAP BTP administrator, you must create and configure an HTTP destination that either supports principal propagation or is based on a technical user. + +> ### Note: +> An HTTP destination can be generated automatically by extending SAP S/4HANA Cloud in the Cloud Foundry and Kyma environments. For more information, follow the steps in: +> +> - [Extending SAP Solutions Using Automated Configurations](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/346864df64f24011b49abee07bbd79af.html) +> +> - [Extending SAP S/4HANA Cloud in the Cloud Foundry and Kyma Environment](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/40b9e6c3cc43498b92472da13e88c7bf.html). + + + +### Destination for Identity Propagation + +**Prerequisites** + +The SAP S/4HANA Cloud Administrator configured the communication between Graph and SAP S/4HANA Cloud. You know the following: + +- URL of your SAP S/4HANA Cloud account + +- Name of the communication user in the SAP S/4HANA Cloud tenant + +- Password for the communication user + +- Token Service URL from the OAuth 2.0 details in the communication arrangement + +- Provider name for the communication system in SAP S/4HANA Cloud + + +For more information, see [Principal Propogation Scenario: Cloud to Cloud](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/scenario-cloud-to-cloud). + +**Procedure** + +Create an *OAuth2SAMLBearerAssertion* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit *Connectivity* \> *Destinations* and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter the destination name. + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + The service URL from the communication arrangement. + + > ### Note: + > Make sure you use the HTTPS protocol. + + + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + OAuth2SAMLBearerAssertion + +
+ + Key Store Location + + + + In the dropdown list, select the key-pair keystore file you uploaded in [Upload Your Key-Pair Keystore in SAP BTP](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/f9d5adca9e414d9b8c42513a8890d782.html#loio1c58ebce86514260a3b5be9fb9587745). + +
+ + Key Store Password + + + + The password for the keystore. + + > ### Note: + > The password for the keystore must be the same as the one for the key-pair entry in the keystore file. + + + +
+ + Audience + + + + The URL of your SAP S/4HANA Cloud account. To get it, log on to your SAP S/4HANA Cloud account. Select the profile picture, choose *Settings*, and copy the value from the *Server* field. Add `https://` to the beginning of the URL. + +
+ + Client Key + + + + The name of the communication user you have in the SAP S/4HANA Cloud tenant. + +
+ + Token Service URL + + + + The token service URL from the OAuth 2.0 details in the communication arrangement. + +
+ + Token Service URL Type + + + + Dedicated + +
+ + Token Service User + + + + The name of the communication user in the SAP S/4HANA Cloud tenant. + +
+ + Token Service Password + + + + The password for the communication user. + +
+ + System User + + + + Leave the field empty. + +
+ +2. Configure the required additional properties. To do so, in the *Additional Properties* panel, choose *New Property*, and enter the following parameters: + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + `authnContextClassRef` + + + + `urn:oasis:names:tc:SAML:2.0:ac:classes:X509` + +
+ + `nameIdFormat` + + + + `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` + +
+ + `scope` + + + + For example: `API_BUSINESS_PARTNER_0001` + +
+ + `userIdSource` + + + + email + +
+ +3. Select the *Use default JDK truststore* checkbox. + +4. Click *Save*. + + + + +### Destination with a Technical User + +**Prerequisites** + +The SAP S/4HANA Cloud administrator configured the communication between Graph and SAP S/4HANA Cloud. You know the following: + +- URL of your SAP S/4HANA Cloud account + +- Name of the communication \(technical\) user in the SAP S/4HANA Cloud tenant + +- Password for the communication user + + +**Procedure** + +Create a *BasicAuthentication* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit *Connectivity* \> *Destinations* and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter a destination name. + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + The service URL from the communication arrangement. + + > ### Note: + > Make sure you use the HTTPS protocol. + + + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + `BasicAuthentication` + +
+ + User + + + + The name of the communication user in the SAP S/4HANA Cloud tenant. + +
+ + Password + + + + The password for the communication user. + +
+ +2. Click *Save*. + + diff --git a/docs/ISuite/50-Development/sap-s-4hana-e1af62b.md b/docs/ISuite/50-Development/sap-s-4hana-e1af62b.md new file mode 100644 index 00000000..f05df149 --- /dev/null +++ b/docs/ISuite/50-Development/sap-s-4hana-e1af62b.md @@ -0,0 +1,357 @@ + + +# SAP S/4HANA + +As an administrator for SAP S/4HANA, you need to configure the communication between Graph and SAP S/4HANA by installing a cloud connector and creating destinations. + + + + + +## Setup Connectivity + +As the Cloud Connector administrator, you must install a cloud connector on your business system. + + + +### Prerequisites + +Your SAP BTP Administrator has provided the following: + +- Region + +- Subaccount + +- Assigned a Cloud Connector administrator to a role or role collections . For more information, see [Initial Configuration](https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/db9170a7d97610148537d5a84bf79ba2.html). + + + + +### Procedure + +1. Install and configure the cloud connector. For more information, see [Cloud Connector](https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/e6c7616abb5710148cfcf3e75d96d596.html). + +2. Add the SAP BTP subaccount to the cloud connector. For more information, see [Manage Subaccounts](https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/f16df12fab9f4fe1b8a4122f0fd54b6e.html). + + + + +### Establish Trust + +1. Configure the single-sign on \(SSO\) Identity Authentication Service +2. Upload your key-pair keystore in SAP BTP cockpit. Otherwise, use the default key-pair keystore. + +3. Set up the SAP S/4HANA side. +4. Set up the SAP BTP side. + +For a detailed description of each of these steps, see [Authenticating Users against On-Premise Systems](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/authenticating-users-against-on-premise-systems?version=Cloud). + + + + + +## Create Destinations + +As the SAP BTP administrator, you must create and configure an HTTP destination that either supports principal propagation or is based on a technical user. + + + +### Destination for Identity Propagation + +**Prerequisites** + +- Cloud Connector administrator has added the SAP BTP subaccount to the cloud connector. + +- To configure the HTTP destination, you need to know the following: + + - Host and port of the system exposed by the cloud connector + + - Authentication type + + - Location ID \(if configured in the cloud connector\) + + - SAP S/4HANA tenant ID + + + +**Procedure** + +Create a *PrincipalPropagation* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit *Connectivity* \> *Destinations*, and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + The destination name. + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + Virtual URL of the protected on-premise application. + +
+ + Proxy Type + + + + OnPremise + +
+ + Authentication + + + + PrincipalPropagation + +
+ +2. Click *Save*. + +To create a destination that uses the host exposed by the cloud connector, make sure that: + +- *Proxy Type* is set to *OnPremise*. + +- *Authentication Type* is supported by your cloud connector configuration. For more information, see [Configuring Principal Propagation](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/configuring-principal-propagation?version=Cloud). + +- The SAP S/4HANA tenant ID is configured as an *Additional Property*: + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + sap-client + + + + SAP S/4HANA tenant ID + +
+ + +For more information about how to create the destination, see [Create HTTP Destinations](https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/783fa1c418a244d0abb5f153e69ca4ce.html). + + + +### Destination with a Technical User + +**Prerequisites** + +The SAP S/4HANA administrator configured the communication between Graph and SAP S/4HANA. You know the following: + +- URL of your SAP S/4HANA account + +- Name of the communication \(technical\) user in the SAP S/4HANA tenant + +- Password for the communication user + + +**Procedure** + +Create a *BasicAuthentication* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit*Connectivity* \> *Destinations* and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter the destination name. + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + The service URL from the communication arrangement. + + > ### Note: + > Make sure you use the HTTPS protocol. + + + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + `BasicAuthentication` + +
+ + User + + + + The name of the communication user in the SAP S/4HANA tenant. + +
+ + Password + + + + The password for the communication user. + +
+ +2. Click *Save*. + + +**Related Information** + + +[Configure Systems in Cloud Connector](https://developers.sap.com/tutorials/btp-app-ext-service-cloud-connector.html) + diff --git a/docs/ISuite/50-Development/sap-sales-cloud-a22152f.md b/docs/ISuite/50-Development/sap-sales-cloud-a22152f.md new file mode 100644 index 00000000..61060273 --- /dev/null +++ b/docs/ISuite/50-Development/sap-sales-cloud-a22152f.md @@ -0,0 +1,489 @@ + + +# SAP Sales Cloud + +As an administrator for SAP Sales Cloud, you need to establish trust with the SAP BTP subaccount and create destinations.. + +You can use the SAML Bearer assertion flow for consuming OAuth-protected resources. Users are authenticated by using SAML against the configured trusted identity providers. The SAML assertion is then used to request an access token from an OAuth authorization server. + +This access token must be added as an Authorization header with the value `Bearer ` in all HTTP requests to the OAuth-protected resources. + + + + + +## Configure the OAuth Identity Provider in SAP Sales Cloud + +As the SAP Sales Cloud administrator, you must add the SAP BTP service provider as a trusted OAuth identity provider. + +For more information, see [Configure OAuth Identity Provider in SAP Sales Cloud](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/40d20a26f3dd445facff151b249fcf94.html). + + + +### Prerequisites from SAP BTP administrator + +- Trust certificate +- Region host +- Subaccount ID + + + +### Procedure + +Create an *OAuth2SAMLBearerAssertion* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit*Connectivity* \> *Destinations* and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter the destination name + +
+ + Type + + + + HTTP + +
+ + Description + + + + Optional + +
+ + URL + + + + The service URL from the communication arrangement. + + > ### Note: + > Make sure you use the HTTPS protocol. + + + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + OAuth2SAMLBearerAssertion + +
+ + Key Store Location + + + + In the dropdown list, select the key-pair keystore file you uploaded in [Upload Your Key-Pair Keystore in SAP BTP](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/f9d5adca9e414d9b8c42513a8890d782.html#loio1c58ebce86514260a3b5be9fb9587745). + +
+ + Key Store Password + + + + The password for the keystore. + + > ### Note: + > The password for the keystore must be the same as the one for the key pair entry in the keystore file. + + + +
+ + Audience + + + + The URL of your SAP Sales Cloud account. To get the URL, log on to your SAP Sales Cloud account. Select the profile picture and then choose *Settings* and copy the value from the *Server* field. Add `https://` to the beginning of the URL. + +
+ + Client Key + + + + The name of your communication user in the SAP Sales Cloud tenant. + +
+ + Token Service URL + + + + This is the Token service URL from the OAuth 2.0 Details in the communication arrangement. + +
+ + Token Service URL Type + + + + Dedicated + +
+ + Token Service User + + + + The name of the communication user in the SAP Sales Cloud tenant. + +
+ + Token Service Password + + + + The password for the communication user. + +
+ + System User + + + + This parameter is not used, leave the field empty. + +
+ +2. Configure the required additional properties. To do so, in the *Additional Properties* panel, choose *New Property*, and enter the following: + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + authnContextClassRef + + + + `urn:oasis:names:tc:SAML:2.0:ac:classes:X509` + +
+ + nameIdFormat + + + + `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` + +
+ + scope + + + + For example: `API_BUSINESS_PARTNER_0001` + +
+ + userIdSource + + + + `email` + +
+ +3. Select the *Use default JDK truststore* checkbox. + +4. Click *Save*. + + + + +## Configure the OAuth Client for OData Access + +As the SAP Sales Cloud administrator, you must configure the OAuth client for OData access to SAP Sales Cloud OData APIs. + +For more information, see [Configure the OAuth Client for OData Access](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/2c9c02d7d19748eea0d2482093f04278.html). + + + +### Prerequisites + +- You know the name of the identity provider created in [Configure OAuth Identity Provider in SAP Sales Cloud](sap-sales-cloud-a22152f.md#loioa22152f0f53a48bdbb4385cd438e0324__OAuth_SalesCloud). + + + +### Handover Information to the SAP BTP Administrator + +- Client ID +- Client secret +- Scope + + + + + +## Create Destinations + +As the SAP BTP administrator, you must create and configure an HTTP destination that either supports principal propagation or is based on a technical user. + + + +### Destination for Identity Propagation + +**Prerequisites** + +The SAP Sales Cloud administrator has configured the communication between Graph and SAP Sales Cloud. You know the following: + +- Client ID +- Client secret +- Scope + +**Procedure** + +As the SAP BTP administrator, you must create and configure an HTTP destination that supports principal propagation. For more information, see [Create and Configure the HTTP Destination](https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/21e50d89d0904038b98e604c8ed85de3.html?version=Cloud). + + + +### Destination with a Technical User + +**Procedure** + +Create a *BasicAuthentication* HTTP destination and configure its settings as follows: + +1. Go to SAP BTP cockpit*Connectivity* \> *Destinations* and choose *New Destination*. Enter the following: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter the destination name. + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + The service URL from the communication arrangement. + + > ### Note: + > Make sure you use the HTTPS protocol. + + + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + `BasicAuthentication` + +
+ + User + + + + The name of the communication user in the SAP Sales Cloud tenant. + +
+ + Password + + + + The password for the communication user. + +
+ +2. Click *Save*. + + diff --git a/docs/ISuite/50-Development/sap-successfactors-70962fb.md b/docs/ISuite/50-Development/sap-successfactors-70962fb.md new file mode 100644 index 00000000..42cc0aae --- /dev/null +++ b/docs/ISuite/50-Development/sap-successfactors-70962fb.md @@ -0,0 +1,297 @@ + + +# SAP SuccessFactors + +As an SAP SuccessFactors and SAP BTP administrator, you need to set up the connectivity to Graph and create destinations.: + +1. Download the certificate from the *Destination* service of your SAP BTP account. +2. Create an OAuth client in SAP SuccessFactors. +3. Create the *Destination* on your SAP BTP Destination service. + + + + + +## Download the Trust Certificate from the Destination Service + +As the SAP BTP subaccount administrator, download the trust certificate from your account’s destination service. + + + +### Procedure + +1. In the SAP BTP cockpit, go to your subaccount in the SAP BTP, Cloud Foundry environment. +2. Choose *Connectivity* \> *Destinations*. +3. Choose *Download Trust* to get the certificate for this subaccount and save it to your local file system. + + + + + +## Create an OAuth Client on SAP SuccessFactors + +As the SAP SuccessFactors administrator, you need to create an OAuth client that will be used to configure the trust between SAP SuccessFactors and Graph. + + + +### Procedure + +1. In the SAP SuccessFactors system, go to the *Admin Center* and search for *OAuth*. Choose *Manage OAuth2 Client Applications* from the search results. +2. Choose *Register Client Application*. +3. In the *Application Name*, choose a descriptive name for the client of your choice. +4. In the *Application URL* field, enter the URL of yourGraph tenant. +5. In the *X.509 Certificate* field, open the certificate you downloaded before from the Destination service using any text editor, then copy the content between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`, and paste it into the field. +6. Choose *Register* to save the OAuth client. + + + + + +## Create Destinations + +As the SAP BTP administrator, you need to create an HTTP destination to be able to make calls to the SAP SuccessFactors HCM Suite OData APIs using SAML 2.0 Bearer Assertion authentication. + + + +### Procedure + +1. In the SAP BTP cockpit, go to your subaccount in the SAP BTP, Cloud Foundry environment. +2. Choose *Connectivity* \> *Destinations*. +3. Choose *New Destination* and fill in the following parameters: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + Name + + + + Enter the destination name + +
+ + Type + + + + `HTTP` + +
+ + Description + + + + Optional + +
+ + URL + + + + Enter the URL of the SAP SuccessFactors OData API that you want to consume. For a list of the API Endpoint URLs for the SAP SuccessFactors environments, see [About HXM Suite OData APIs](https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/28bc3c8e3f214ab487ec51b1b8709adc/03e1fc3791684367a6a76a614a2916de.html) + +
+ + Proxy Type + + + + Internet + +
+ + Authentication + + + + `OAuth2SAMLBearerAssertion` + +
+ + Key Store Password + + + + The password for the keystore. + + > ### Note: + > The password for the keystore must be the same as the one for the key-pair entry in the keystore file. + + + +
+ + Audience + + + + `www.successfactors.com` + +
+ + AuthnContextClassRef + + + + `urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession` + +
+ + Client Key + + + + Enter the API Key of the OAuth client that you created in SAP SuccessFactors. + +
+ + Token Service URL + + + + Enter the API Endpoint URL for the SAP SuccessFactors instance followed by`/oauth/token`. For example,`https://apisalesdemo2.successfactors.eu/oauth/token`. For a list of the API Endpoint URLs for the SAP SuccessFactors environments, see [About HXM Suite OData APIs](https://help.sap.com/viewer/d599f15995d348a1b45ba5603e2aba9b/). + +
+ + Token Service URL Type + + + + Dedicated + +
+ +4. Configure the required additional properties. To do so, in the *Additional Properties* panel, choose *New Property*, and enter the following parameters: + + + + + + + + + + + + + + + + + + + + + + + +
+ + Parameter + + + + Value + +
+ + apiKey + + + + Enter the API Key of the OAuth client that you created in SAP SuccessFactors. + +
+ + companyId + + + + The ID of your SAP SuccessFactors company. + +
+ + nameIdFormat + + + + `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` + +
+ + userIdSource + + + + `email` + +
+ +5. Select the *Use default JDK truststore* checkbox. + +6. Click *Save*. + + diff --git a/docs/ISuite/50-Development/security-7a9198c.md b/docs/ISuite/50-Development/security-7a9198c.md new file mode 100644 index 00000000..5ad42161 --- /dev/null +++ b/docs/ISuite/50-Development/security-7a9198c.md @@ -0,0 +1,307 @@ + + +# Security + +This highlights the security aspects of using Graph. + +With the increasing use of distributed systems for managing business data, the demands on security are also on the rise. When using a new API, you need to be sure that it supports your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system shouldn’t result in loss of information or processing time. These demands on security apply likewise to Graph. + +Graph's security is ensured by the security model of SAP BTP. The following are governed by SAP BTP security principles and services: + +- Tenants separation + +- Users + +- Identification + +- Role assignment + +- Authorization + + +The following table summarizes the main security features of Graph: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Security Feature + + + +Benefit + + + +Graph Capability + +
+ +Choice of user or client authentication + + + +Support the prevention of unidentified or anonymous access by client applications to data exposed via Graph. + + + +Support for OAuth 2.0 + +
+ +Application registration + + + +No access by unregistered applications to data exposed via Graph. + +
+ +Application blocking + + + +Provide separate clients to different applications, which allows the revocation of access rights from rogue applications by invalidating the client ID or secrets, and without affecting others. + +
+ +Credentials rotation + + + +Limiting the lifespan of a client secret reduces the risk of secret-based attacks and exploits by limiting the period of time during which a compromised secret may be valid. + + + +Every service key of the Graph instance has a different client secret. + +
+ +Data privacy + + + +Graph is entirely stateless and doesn't store, cache, or otherwise keep copies of any business data. + + + +Stateless mediation + +
+ +Data exposure control + + + +Selective exposure of business data in a business data graph by configuring used destinations. + + + +[Data Locating Policy](data-locating-policy-28d2c2c.md) + +
+ +Creation of different business data graphs for different data sets. + + + +Dedicated business data graph per business scenario + +
+ +Data access control \(Authorization\) + + + +Authorization and read/write/delete access to critical business data is approved by the underlying business systems based on the client-user identity. + + + +Principal propagation \(also known as identity propagation\) + +
+ +Configuration data and the API are protected by the `Graph_Key_User` role. + + + +`Graph_Key_User` authorization + +
+ +Segregation of applications restricts access to personal and confidential data by the tenant \(SAP BTP subaccount\) + + + +SAP BTP tenant isolation + +
+ +Representation of a Graph user by a business system technical user. + + + +User impersonation in SAP BTP destinations + +
+ +Business data access through the Graph Navigator Application + + + +`Graph_Navigator_Viewer` authorization + +
+ +Data encryption + + + +The Graph API and the business system endpoints are encrypted by applying `TLS.At-rest` encryption isn't required because Graph doesn't persist or cache any sensitive business or personal data. + + + +Data encryption, use of TLS + +
+ +Endpoint attack and threat protection + + + +Graph API endpoints are protected from \(D\)DoS \(L3/L4/L7\) attacks. + +Graph API endpoints are protected from overload \(Spike arrest\). + + + +External gateway + +
+ +Security logging + + + +Security-relevant events are stored for further analysis. + + + +Graph logging + +
+ +Secure software development and deployment practices + + + +Software deployed to Graph infrastructure is continuously scanned for known vulnerabilities. Only software whose identity is confirmed is deployed. + + + +Graph CI/CD pipeline + +
+ +API Management + + + +Integration with API Management, allows the application of additional configurable traffic and security policies, such as IP-range controls, differential throttling, and more. + + + +Integration with API Management + +
+ +**Related Information** + + +[SAP Integration Suite Security](https://help.sap.com/docs/SAP_INTEGRATION_SUITE/51ab953548be4459bfe8539ecaeee98d/a58b2400b3094009988a53b0a63b455a.html?version=CLOUD) + +[SAP BTP Security](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/e129aa20c78c4a9fb379b9803b02e5f6.html) + diff --git a/docs/ISuite/50-Development/setting-up-data-sources-24df219.md b/docs/ISuite/50-Development/setting-up-data-sources-24df219.md new file mode 100644 index 00000000..858d6ca4 --- /dev/null +++ b/docs/ISuite/50-Development/setting-up-data-sources-24df219.md @@ -0,0 +1,31 @@ + + +# Setting Up Data Sources + +SAP business systems implement their own mechanisms to set up trust, manage users, and validate their identities. For Graph to communicate with these systems as data sources, two steps are required: + +1. The data sources in the landscape must trust Graph as a consumer. Graph relies on SAP BTP; the SAP BTP subaccount, with its SAP XSUAA instance, is a central point of trust for the data sources. + + Each data source has a different way of establishing this trust. For example, SAP S/4HANA Cloud, extended edition requires setting up corresponding communication systems by the administrator of the system where theSAP BTP subaccount certificate is uploaded. For more information, see [Connect to Your Business Systems](connect-to-your-business-systems-1a0dd22.md). + +2. An SAP BTP administrator sets up connectivity with each data source in the landscape and configures the security method to be used by Graph \(B\). + + ![](images/Token-Based_Authentication_6207efc.png) + + Here, Graph leverages SAP BTP's destination service. Business systems trust this service to implement a SAML bearer token flow and Graph uses the destinations to get the system locations and access credentials. Different data sources have different assumptions about the granularity of destinations. For example, SAP S/4HANA Cloud, extended edition requires a destination for each OData service \(API\) using a communication scenario, while only a single destination is needed for an SAP Sales Cloud or SAP SuccessFactors data source. For more information, see [Connect to Your Business Systems](connect-to-your-business-systems-1a0dd22.md). + + +Destinations can be configured via identity propagation or via a technical user. + +When a data source is configured for identity propagation \(also known as principal propagation\) by the administrator, Graph communicates with it using the identity of the human user, which it extracts from the access token received in the request \(A\) from the client application. On the other hand, when configured with a technical user method, Graph will only validate the received access token, and then uses the authentication details specified in the destination record to communicate with the data source \(B\). + +For identity propagation, Graph uses a SAML bearer token grant \(option `OAuthSAMLBearer Assertion` for authentication in the destination configuration\). The SAML bearer token is a token exchange method, where the token identifying an already authenticated user in one system \(SAP BTP subaccount\) is exchanged for a token identifying the user in another system \(data source\). + +The choice of authentication method using a technical user is determined by the data source and can be as simple as basic user and password authentication. + +Overall, identity propagation is a preferred authentication option. In either case, the specific authorizations of the business user or technical user are delegated to the business system, where proper permission assignments \(such as business roles\) are assumed to be in place. + +Using a technical user identity to proceed with actions in a business system obscures the real user, making user actions difficult to audit. Also, technical users tend to collect authorizations over time, which may lead to unintended risk. The advantage of identity propagation is that authorization is more fine-grained, matching the roles of the business user. We recommend restricting the use of technical users to the cases where identity propagation is not possible, such as B2C use cases. + +Also note that the use of technical users may have an impact on your compliance with the licensing terms and conditions of your SAP software usage. + diff --git a/docs/ISuite/50-Development/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md b/docs/ISuite/50-Development/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md index 427a57ee..8d8d63eb 100644 --- a/docs/ISuite/50-Development/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md +++ b/docs/ISuite/50-Development/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md @@ -15,13 +15,13 @@ Use OAuth2ClientCredentials for connecting requests to the server. This OAuth2Cl > ### Note: > The values you provide for the above, are the ones associated with your Cloud Integration tenant. > -> **Generate *clientId*, *clientSecret*, and *tokenUrl* Associated with Your Cloud Integration Tenant** +> **Generate *clientId*, *clientSecret*, and *tokenUrl* Associated with Your Cloud Integration Tenant.** ## Procedure -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* @@ -38,7 +38,7 @@ Use OAuth2ClientCredentials for connecting requests to the server. This OAuth2Cl ``` -6. Choose *Next* until you reach the *Confirm* section +6. Choose *Next* until you reach the *Confirm* section. 7. In the *Confirm* section, enter a unique *Instance Name* and choose *Finish*. @@ -57,7 +57,7 @@ The creation of service instance is successful. ## Next Steps -Now, for the created service instance, generate a service key from the steps given below: +Now, for the created service instance, generate a service key from the steps given next: @@ -108,5 +108,5 @@ Now, for the created service instance, generate a service key from the steps giv ## Context -The service keys provide you with *clientId* and *clientSecret*. The *clientId* can be used as username and secret can be used as password if you would like to connect to your integration flows of Cloud Integration via Basic Authentication. Alternatively, you can leverage the*clientId*, *clientSecret*, and *tokenUrl* from the service keys file to get the OAuth access token and then connect to your integration flow of Cloud Integration via OAuth access token approach. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). +The service keys provide you with *clientId* and *clientSecret*. The *clientId* can be used as username and secret can be used as password if you would like to connect to your integration flows of Cloud Integration via Basic Authentication. Alternatively, you can leverage the *clientId*, *clientSecret*, and *tokenUrl* from the service keys file to get the OAuth access token and then connect to your integration flow of Cloud Integration via OAuth access token approach. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). diff --git a/docs/ISuite/50-Development/settings-for-migs-and-mags-4c442af.md b/docs/ISuite/50-Development/settings-for-migs-and-mags-4c442af.md index 101ed530..af343803 100644 --- a/docs/ISuite/50-Development/settings-for-migs-and-mags-4c442af.md +++ b/docs/ISuite/50-Development/settings-for-migs-and-mags-4c442af.md @@ -208,14 +208,14 @@ The admnistrative settings allows you to opt-in/opt out of the Proposal service. This option is provided for users who no longer wish to enable their data to be collected for the proposal service. - > ### Caution: - > Disabling the proposal service cannot be reversed, and it will lead to the following consequences: + > ### Remember: + > Disabling the proposal service will lead to the following consequences: > - > - The proposal service will cease collecting MIG/MAG data. + > - The proposal service will cease collecting Integration Advisor data, such as MIG and MAG data. > > - MIG and MAG proposals will no longer be accessible to this tenant. > - > The change of this setting will not impact the previously collected data. + > The change to this setting will take effect in the future, but it won't have any impact on previously collected data. 3. Choose *Save*. diff --git a/docs/ISuite/50-Development/sign-the-message-content-with-xml-digital-signature-9a013db.md b/docs/ISuite/50-Development/sign-the-message-content-with-xml-digital-signature-9a013db.md index 7cc3315c..f07e2702 100644 --- a/docs/ISuite/50-Development/sign-the-message-content-with-xml-digital-signature-9a013db.md +++ b/docs/ISuite/50-Development/sign-the-message-content-with-xml-digital-signature-9a013db.md @@ -111,6 +111,10 @@ You sign a message with an XML digital signature to ensure authenticity and data Digest algorithm that is used to calculate a digest from the canonicalized XML document + Supported digest algorithms: + + From Signature Algorithm \(uses digest algorithm from signature algorithm\), SHA1, SHA256, SHA384, SHA512. + Note that if the digest algorithm is not specified, the digest algorithm of the signature algorithm is used by default. diff --git a/docs/ISuite/50-Development/simulation-of-an-integration-flow-2e2210b.md b/docs/ISuite/50-Development/simulation-of-an-integration-flow-2e2210b.md index 62b71c1e..4decc24f 100644 --- a/docs/ISuite/50-Development/simulation-of-an-integration-flow-2e2210b.md +++ b/docs/ISuite/50-Development/simulation-of-an-integration-flow-2e2210b.md @@ -4,7 +4,7 @@ # Simulation of an Integration Flow -The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide whether to continue and deploy the integration flow or changes the same. You can also resolve if there are any errors. +The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide to deploy the integration flow or resolve any errors. diff --git a/docs/ISuite/50-Development/subscribing-to-email-notification-alerts-88e96f4.md b/docs/ISuite/50-Development/subscribing-to-notification-alerts-88e96f4.md similarity index 56% rename from docs/ISuite/50-Development/subscribing-to-email-notification-alerts-88e96f4.md rename to docs/ISuite/50-Development/subscribing-to-notification-alerts-88e96f4.md index 5a60f490..d95dc966 100644 --- a/docs/ISuite/50-Development/subscribing-to-email-notification-alerts-88e96f4.md +++ b/docs/ISuite/50-Development/subscribing-to-notification-alerts-88e96f4.md @@ -1,21 +1,21 @@ -# Subscribing to Email Notification Alerts +# Subscribing to Notification Alerts -Receive real-time email alerts for anomaly detection services. +Receive real-time alerts for anomaly detection services, delivered to your preferred communication channel. > ### Note: > The availability of the anomaly detection feature is dependent on your SAP Integration Suite service plan. For more information about different service plans and their supported feature set, see SAP Notes [2903776](https://me.sap.com/notes/2903776) and [3463620](https://me.sap.com/notes/3463620). -Subscribe to the **SAP Alert Notification Service** and start receiving automated email alerts for anomaly detection. +Subscribe to the **SAP Alert Notification Service** and start receiving automated alerts for anomaly detection. -For the initial setup and detailed instructions on configuring and subscribing to email alerts, see [SAP Alert Notification Service for SAP BTP](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/what-is-sap-alert-notification-service-for-sap-btp?version=Cloud). +For the initial setup and detailed instructions on configuring and subscribing to alerts, see [SAP Alert Notification Service for SAP BTP](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/what-is-sap-alert-notification-service-for-sap-btp?version=Cloud). Once the **SAP Alert Notification Service** is setup or configured successfully, you can activate the following events for anomaly detection: -- **API Management Alert Anomaly Detected**: When enabled, you will receive an email notification whenever an anomaly is detected. To learn more about this event, see [API Management Alert Anomaly Detected](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/sap-api-management-alert-anomaly-detected?version=Cloud). +- **API Management Alert Anomaly Detected**: When enabled, you will receive a notification alert whenever an anomaly is detected. To learn more about this event, see [API Management Alert Anomaly Detected](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/sap-api-management-alert-anomaly-detected?version=Cloud). -- **API Management Alert Training Completed**: When enabled, you will receive an email notification when the training for anomaly detection is completed. To learn more about this event, see [API Management Alert Training Completed](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/sap-api-management-alert-training-completed?version=Cloud). +- **API Management Alert Training Completed**: When enabled, you will receive a notification alert when the training for anomaly detection is completed. To learn more about this event, see [API Management Alert Training Completed](https://help.sap.com/docs/alert-notification/sap-alert-notification-for-sap-btp/sap-api-management-alert-training-completed?version=Cloud). **Related Information** diff --git a/docs/ISuite/50-Development/the-graph-odata-v4-api-79162b2.md b/docs/ISuite/50-Development/the-graph-odata-v4-api-79162b2.md new file mode 100644 index 00000000..ba537895 --- /dev/null +++ b/docs/ISuite/50-Development/the-graph-odata-v4-api-79162b2.md @@ -0,0 +1,106 @@ + + +# The Graph OData V4 API + +Graph supports the OData v4 protocol to access business data graphs. + +> ### Note: +> Graph converts the OData v2 protocol to OData v4. + +OData \(Open Data Protocol\) is a widely used OASIS standard that defines a set of best practices for using RESTful data APIs. For more information, see [OData](odata-37e592e.md). + +The complete OData v4 syntax supported by Graph is available in the form of syntax diagrams. For more information, see [Graph Syntax](https://navigator.graph.sap/syntax). + +To access a business data graph, you use the following Graph URL: + +![](images/Graph_URL_Syntax_55a4f49.png) + +Where the subdomain represents the subdomain that is assigned to the tenant, the *BDG-identifier* is a customer-specific identifier of a business data graph for a specific landscape, as provisioned by the enterprise key user. This is often a version number \(for example, v1, v2\), or it indicates a type of landscape \(for example, dev and stage\), but it can be an arbitrary string. + +The full OData data URL is as follows: + +![](images/OData_URL_Syntax_3fb43c5.png) + +A common example may be: `https:// is-demo-kjsbzgso-57c46d694dff43deabe46431e745b4ef.a.integration.cloud.sap/graph/api/staging/sap.graph/Product?$top=3`. + +The Graph API uses the standard HTTP verbs to interact with endpoints. + + + + + + + + + + + + + + + + + + + + + + + +
+ +Method + + + +Description + +
+ +`GET` + + + +Read data from a resource. It can be either a whole list, or a specific resource. + +
+ +`POST` + + + +Create a new resource. + +
+ +`PATCH` + + + +Update a resource with new values. + +
+ +`DELETE` + + + +Delete a resource. + +
+ +You should provide the following HTTP headers in all communications to Graph: + +```json +headers: { + "Authorization": "Bearer … ", + "Accept": "application/json", + "Accept-Encoding": "gzip", + "Accept-Language": "…" + } +``` + +The most important of these is the *Authorization* header, through which an access token is provided to Graph. See [Authentication](authentication-79aabda.md) for more details. + +*Accept-Encoding* is important to ensure that traffic from Graph to your app is compressed, and the *Accept-Language* header is used by Graph to automatically return the matching language strings of localized attributes. + diff --git a/docs/ISuite/50-Development/transform-functions-cec1e73.md b/docs/ISuite/50-Development/transform-functions-cec1e73.md new file mode 100644 index 00000000..d803ca1d --- /dev/null +++ b/docs/ISuite/50-Development/transform-functions-cec1e73.md @@ -0,0 +1,494 @@ + + +# Transform Functions + +Transform functions are used to define custom projection attributes. + +The following transforms are supported. The descriptions below start from the primary direction, `GET` \(read\) data. Changing data is in the other direction, from the custom-entity to the data source. + +> ### Note: +> All transforms are bidirectional. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +transform + + + +Parameters \(source property\) + + + +Description + + + +Resulting Default Type + +
+ +`rename` + + + +Value is adjusted and renamed + + + +Renames and translates the value according to the type specifications in the corresponding models. Applies type conversions as required. + + + +Same as source, or as indicated by type + +
+ +`arrayFill` + + + +Two or more attributes + + + +Creates an array of primitive types + + + +array + +
+ +`bool` + + + +An attribute name, true and false values + + + +Converts a pair of values into a boolean + + + +Boolean + +
+ +`toDateTime` + + + +Date and time values + + + +Combine date and time attributes into one attribute of type `DateTime` + + + +DateTime + +
+ +`constant` + + + +Constant value to be assigned + + + +Produces a constant value + + + +Same as source, or as indicated by type + +
+ +`join` + + + +None + + + +Specify a composition without an underlying foreign key + + + +Composition to-many + +
+ +`dict` + + + +Dictionary and value + + + +Uses a dictionary to map source values to or from custom values + + + +String + +
+ +`keyConcat` + + + +Two or more source attributes + + + +Concatenates a key-value into a single key-value in a reversible way + + + +String or overrule by type + +
+ +`localized` + + + +Association, language-selector, and text field + + + +Produces a localized string, when the string is from a language-indexed string table + + + +String + +
+ +`negation` + + + +Attribute value to be negated + + + +Negation of boolean value + + + +Boolean + +
+ +`stringConcat` + + + +Two or more attributes + + + +Concatenates multiple source attributes into a single string + + + +String with length, sum of source string lengths + +
+ + + + + +## Default Property + +When the transform property isn't specified, `rename` is assumed. If no source is specified, the attribute is a type conversion of the attribute of the same name in the \(main\) source entity. + +``` +{ "name": "firstName", "source": "FirstName" } // rename "FirstName" to "firstName", inferred type. is from source +{ "name": "FirstName" } // implied source is also called "FirstName" + +``` + + + + + +## `rename` + +The `rename` transform is the simplest and most common. As its name implies, the `rename` transform only provides an attribute renaming and a type conversion to SAP [Core Data Services \(CDS\) primitive types](https://cap.cloud.sap/docs/cds/types). An optional type property overrides the default type conversion. + + + + + +## `bool` + +Returns the result of comparing the source attribute value to the provided values. If the value matches the true value \(`YES` in the following example\), the transform returns true, if the value is null, the transform returns null, else false. + +When changing data, the boolean values true and false are converted to the values specified as source parameters in the attribute-mapping object. + +``` +{ "name": "isOrderBlocked", "transform": "bool", "source": ["OrderIsBlocked", "YES", "NO"] }, +``` + + + + + +## `negation` + +The translated value is the logical NOT of the source boolean attribute value \(true<=\>false, "null" <=\> "null"\). Negating a source attribute of nonboolean type results in an error. + + + + + +## `constant` + +The transform returns a constant value, for example, an empty string. + +``` +{ "name": "theAnswer", "transform": "constant", "source": [42] +``` + + + + + +## `dict` + +The transform uses a dictionary to translate source values, often values in a number range, to a string. In the following example, an SAP S/4HANA numeric category is translated to a list of meaningful string values, found in the `BPCategories` object of the dicts header object. + +``` + +"dicts": { + BPCatDict: { "person": "1", "organization": "2", "group": 3, "other": "3" } +}, + +"attributes": [ + { "name": "Relation", "source": ["BPCatDict", "BusinessPartnerCategory"] } + + +``` + +The first source is a reference to an entry in the `dicts` structure found in the same translation file. The second source is the actual SAP S/4HANA source attribute. In this example, reading a source value of `2` results in the `organization` value. Writing the `person` value actually writes `1`. + +The last element of a dictionary is always the default value, if the `a to b` transformed value doesn't match other entries in the dictionary. For example, if the value of `BusinessPartnerCategory` is `7`, the value returned by the transform is `other`. If the value to be transformed is null, the returned value is also null. + + + + + +## `join` + +The join transform is used to specify a composition of-many attribute, referencing another source entity, without the use of an underlying foreign key \(or association attribute\) in the data source. Instead, the composed sub-entity is expected to have keys that match those of the custom entity where the composition is defined. + +This is useful if the subentity originates from a different API, possibly even a different system. Most commonly, when an extension application is created side by side with the main application, on the basis of common keys. + +Use the join transform for the composition attribute, with an explicit `sourceEntity` and without a source. Subsequent composition substructure attributes are specified as before, but since their source is in a different `sourceEntity`, it must be explicitly specified. Here's an example: + +``` +{ + "entity": "bestrun.Customer", + "sourceEntities": [ + { "name": "sap.s4.A_Customer" }, + { "name": "sap.s4.A_BusinessPartnerAddress", "join": [["Customer", "BusinessPartner"]] } + ], + + "attributes": [ + { "name": "addresses[]", "transform": "join", "sourceEntity": "A_BusinessPartnerAddress" }, + { "name": "addresses[].id", "source": ["AddressID"], "sourceEntity": "A_BusinessPartnerAddress", "key": true }, + { "name": "addresses[].street", "source": ["Street"], "sourceEntity": "A_BusinessPartnerAddress" }, + { "name": "addresses[].city", "source": ["City"], "sourceEntity": "A_BusinessPartnerAddress" } + ] +} + +``` + + + + + +## `arrayFill` + +The arrayFill transform creates a simple array of a primitive type, from individual source attributes. + +``` +{ "name": "phones[]", "transform": "arrayFill", "source": ["mobile1", "mobile2", "homePhone"], "type": "String(10)" } +``` + + + + + +## `stringConcat` + +This transform has two or more parameters. The transform provides a simple concatenation of source values, without any \(space\) fillers. + +In the other direction, the transform breaks the string up according to the precise sizes of the corresponding source-attributes. + +A real-world example is a 13-digit `GLN`\(Global Location Number\), split back into 7+5+1 digits. Another real-world example is a `source` field with a limited string length and an `overflow` field. + +``` +{ "name": "myGLN", "transform": "stringConcat", "source": ["prefix", "locationRef", "checkDigit"], "type": "String(13)" } +``` + + + + + +## `keyConcat` + +This transform concatenates multiple source attributes into a single string, using the following algorithm: + +1. All source strings are scanned to find a character that isn't used in any value. + +2. This becomes the first char of the concatenated string and also the separation character. + + +To write such a string back, reverse decoding is followed. If str1=abc;d and str2 is f-12, then a concatenated string might be: Aabc;dAf-12. + +A common use is to translate a multi-attribute \(composite\) primary key to a single-attribute primary key, which is why this transform is called a keyConcat. + +``` +"name": "id", "transform": "keyConcat", "source": ["EntityId", "SystemId"], "key": true}, +``` + + + + + +## `localized` + +This transform has three parameters: + +1. Name of the reference attribute \(the association to the string table\). + +2. Name of the field in the string table used to encode the required language \(usually a two or three character field\). + +3. Name of the field with the desired local string value + + +The transform returns a localized string. A typical use is when the source API provides texts in all available languages, and the Graph API only provides a single text in the `HTTP Content-Language` of the response. Implementation-wise, Graph knows the preferred language of the client application user via the `HTTP Accept-Language` header in the query. This hides the complexity of language-specific string handling from the developer. When the `HTTP Accept-Language` header isn't in the request, `en` \(English\) is the assumed default. + +An example of reading a data source, expressed using CDS is as follows: + +``` +entity A_Product { + key Product: String(40); + to_Description: Association(*) to A_ProductDescription { Product, Language }; +} + +entity A_ProductDescription { + key Product: String(40); + key Language: String(2); + ProductDescription: String(40); +}; + +``` + +The translation has the following parameters: + +``` +name: "displayId", source: ["to_Description[]", "Language", "ProductDescription"] +``` + +> ### Note: +> The other direction \(such as an update\) of such attributes is supported. + + + + + +## `toDateTime` + +This transform has two parameters: the source time and date attributes. + +The provided value is the date and time source attributes combined into an attribute of type `dateTime`. + +``` +{ "name": "dateTime", "transform": "toDateTime", "source": ["DateProp", "TimeProp"] }, +``` + diff --git a/docs/ISuite/50-Development/unified-entities-1cded7b.md b/docs/ISuite/50-Development/unified-entities-1cded7b.md new file mode 100644 index 00000000..6fc4568f --- /dev/null +++ b/docs/ISuite/50-Development/unified-entities-1cded7b.md @@ -0,0 +1,29 @@ + + +# Unified Entities + +Certain business objects \(primarily master data, such as customer or product descriptions\) are commonly replicated in multiple SAP systems, sometimes under different names. What one system calls `Product`, another may refer to as `ProductCollection`, `Material`, or even `supplierPart`. They all represent the same product object instance, with common attributes like its name and description, but then each SAP system manages additional, system-specific aspects: SAP S/4HANA maintains details of the manufacture and inventory of products, SAP Sales Cloud is concerned with the conditions of selling or using the product \(for example, the skills required by a sales team\), and SAP Ariba manages elaborate buyer-supplier pricing. Enterprises must synchronize the different representations of the same object, which often have different keys in the different systems, leading to high complexity for application developers as well. + +Developers often only need the common attributes of such business objects and are mystified by the different system representations and key sequences of the same data. To address this, Graph introduces unified entities. Unified entities define the common and most widely used attributes of a business object, using a consistent and easier to understand structure and naming convention. Unified attributes are accessed under the `sap.graph` namespace. + +Developers of extension apps use these common attributes, regardless of where this data resides. Under the hood, Graph maps these attributes to one of the data sources in the landscape, but this doesn't concern the developer. Consequently, the use of unified entities results in SAP-extending apps that are portable and reusable across a wide range of customer landscapes. + +![](../images/Unified_Entities_be6c8d3.png) + +Unified entities have association attributes that connect them to the system-specific representations of the same object \(`_s4` and `_c4c`\). These associations effectively provide developers with a consolidated and navigable 360° view of all the attributes of these objects in SAP. To access an attribute such as `Brand`, the app simply issues a `sap.graph/Product(123)/_s4/Brand` request. Of course, SAP S/4HANA system-specific attributes are only available if such a system is part of the underlying enterprise landscape. Graph handles key mapping complexities under the hood. For more information, see [Data Locating Policy](data-locating-policy-28d2c2c.md). + +Whether or not an entity is read-only depends on various parameters of your landscape. The metadata of your business data graph tells you which entities are writable. + +Citizen developers use low-code tools to access the unified entities. Advanced developers with more complex requirements can follow the edges of the graph to use detailed system-specific attributes. + +In summary, unified entities play two roles: + +1. They provide consistent and simplified access to the *common* attributes of a multi-sourced business object. This simplified and common information provides sufficient detail for many extension applications. It is written without worrying about the differences and more complex variations of the system-specific models, making these applications portable over a broad range of landscape configurations. + +2. They "connect" the system-specific entities via explicit associations. This provides developers of extension applications a comprehensive 360° perspective of how objects are managed in their enterprise and supports powerful cross-system queries of system-specific attributes. + + +SAP is gradually introducing new unified entities, along with the extended support of Graph for more SAP systems. The initial release of Graph supportsSAP S/4HANA, SAP Sales Cloud, and SAP SuccessFactors. + +To all Graph developers, the business data graph looks and behaves like a single, giant, consistent, navigable SAP system, accessible via a single API and access protocol, ignoring the physical landscape of data source system instances. + diff --git a/docs/ISuite/50-Development/use-a-message-mapping-to-map-xml-to-json-fb7c1df.md b/docs/ISuite/50-Development/use-a-message-mapping-to-map-xml-to-json-fb7c1df.md index 212948ef..6e977498 100644 --- a/docs/ISuite/50-Development/use-a-message-mapping-to-map-xml-to-json-fb7c1df.md +++ b/docs/ISuite/50-Development/use-a-message-mapping-to-map-xml-to-json-fb7c1df.md @@ -82,5 +82,5 @@ Optionally, you can simulate the message mapping via the integration flow simula [Creating Message Mapping as a Flow Step](creating-message-mapping-as-a-flow-step-3d5cb7f.md "") -[Simulation of an Integration Flow](simulation-of-an-integration-flow-2e2210b.md "The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide whether to continue and deploy the integration flow or changes the same. You can also resolve if there are any errors.") +[Simulation of an Integration Flow](simulation-of-an-integration-flow-2e2210b.md "The simulation feature allows you to test an integration flow or its subset and see if you can get the desired outcome even before you deploy the integration flow. Based on the simulation result, you can decide to deploy the integration flow or resolve any errors.") diff --git a/docs/ISuite/50-Development/use-secure-authentication-methods-3d46d45.md b/docs/ISuite/50-Development/use-secure-authentication-methods-3d46d45.md index 8f978c4a..123ac5b7 100644 --- a/docs/ISuite/50-Development/use-secure-authentication-methods-3d46d45.md +++ b/docs/ISuite/50-Development/use-secure-authentication-methods-3d46d45.md @@ -21,9 +21,24 @@ SAP Integration Suite offers a range of authentication methods when accessing in Just as it’s recommended to always prefer secure transport protocols, this guideline suggests preferring the more secure authentication methods wherever possible. Be aware of the pros and cons of each authentication method. -**No authentication** is the most insecure method and is to be avoided. Anybody can send messages to the endpoint, e.g. faking messages or overloading the endpoint processing for denial of service. If authentication isn't possible, consider other means for securing your communication – e.g. via signatures and encryption on message level \(see guide for Message Level Security\). +> ### Note: +> SAP Integration Suite recommends to avoid using generic user roles for sender-side authorization of an integration flow execution. You must create a custom role for inbound communication. For more information, see [Managing User Roles](managing-user-roles-4e86f0d.md). + + + + + +## No Authentication + +No authentication is the most insecure method and is to be avoided. Anybody can send messages to the endpoint, e.g. faking messages or overloading the endpoint processing for denial of service. If authentication isn't possible, consider other means for securing your communication – e.g. via signatures and encryption on message level \(see guide for Message Level Security\). + +Note that inbound communication to CPI must always be authenticated, so this option is currently only available for outbound receiver adapters. + -Note that *inbound* communication to CPI must always be authenticated, so this option is currently only available for *outbound* receiver adapters. + + + +## Basic Authentication The standard **Basic Authentication** is supported by all sender and receiver channels, whenever it’s appropriate for the chosen transport protocol. Basic authentication has several drawbacks: @@ -36,10 +51,28 @@ The standard **Basic Authentication** is supported by all sender and receiver ch For these reasons, always consider using more secure authentication methods, if available. -**Principal Propagation** uses SAML assertions to forward existing login information from another Identity Provider to CPI \(or from CPI to another receiver\). The authentication depends on a trust relation to the issuing Identity Provider. + + + + +## Principal Propagation + +Principal Propagation uses SAML assertions to forward existing login information from another Identity Provider to CPI \(or from CPI to another receiver\). The authentication depends on a trust relation to the issuing Identity Provider. + + + + + +## SASL **SASL** \(Simple Authentication and Security Layer\) is a framework that includes multiple authentication mechanisms and also allows for data encryption and integrity-checking. + + + + +## OAuth + **OAuth Authentication** flows are based on tokens, which allow a resource owner to grant restricted access to clients. These flows are designed to support technical communications. Some benefits of OAuth compared to basic authentication: - Secret credentials are only exchanged with a trusted authorization server and not with every endpoint. @@ -54,6 +87,12 @@ OAuth authentication is supported for the following adapters: - Receiver channel: OData, AMQP, HTTP, SuccessFactors, Twitter, and Facebook adapters + + + + +## Client Certificate + **Client Certificate Authentication** is based on a public/private key cryptography. It therefore does not require a shared secret, which could be guessed or unveiled by brute-force attacks. Client Certificate Authentication is supported by the following HTTP transport protocol-based adapters: - SOAP, IDoc, HTTP, SuccessFactors, SAP XI, AS2, OData @@ -61,11 +100,17 @@ OAuth authentication is supported for the following adapters: How to setup client certificate authentication is described in more detail in this guideline and illustrated by an example integration flow. + + + + +## Public Key + **Public Key Authentication** is currently supported exclusively by the SFTP adapter \(sender and receiver channel\). The security of Public Key Authentication is comparable to client certificate authentication. - + ## Implementation Example with Client Certificate Authentication @@ -114,7 +159,7 @@ The example integration flow can be used without further effort because a certif - + ## More Information diff --git a/docs/ISuite/50-Development/view-applications-feac368.md b/docs/ISuite/50-Development/view-applications-feac368.md index b422af48..43155da0 100644 --- a/docs/ISuite/50-Development/view-applications-feac368.md +++ b/docs/ISuite/50-Development/view-applications-feac368.md @@ -10,7 +10,7 @@ In the context of API Management, an application is the unit of API consumption. API Management enables the creation of secure API proxies for your APIs. These proxies are protected using "Appkey" and "Secret". Application developers are required to acquire these credentials in order to utilize the API proxies exposed through the various products. They need to declare the usage of these products by creating an application from API business hub enterprise. -As an admin, you can view the list of applications that the developers have created in the API business hub enterprise, along with the developer details, associated products and AppKey and secret. +As an admin, you can view the list of applications that the application developers have created in the API business hub enterprise, along with the developer details, associated products and AppKey and secret. @@ -41,5 +41,5 @@ As an admin, you can view the list of applications that the developers have crea **Related Information** -[Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right: +[Create an Application](../create-an-application-a501a6d.md "Create an Application to consume the required APIs.") diff --git a/docs/ISuite/50-Development/what-is-graph-456fc54.md b/docs/ISuite/50-Development/what-is-graph-456fc54.md new file mode 100644 index 00000000..9e55c59f --- /dev/null +++ b/docs/ISuite/50-Development/what-is-graph-456fc54.md @@ -0,0 +1,33 @@ + + +# What Is Graph? + +Graph is a capability of API Management within SAP Integration Suite. With Graph, developers access your business data as a single semantically connected data graph, spanning the suite of SAP products and beyond. Targeting SAP's ecosystem of partner and customer developers, Graph's powerful API reduces the cost and complexity of creating and deploying reusable extensions and other client applications. + +Enterprise landscapes continue to expand in scale and complexity. Each additional system, SaaS, or microservice introduces new protocols, data models, connectivity, and security conventions. Real-world problems often span multiple lines of business, services, and APIs. Consequently, even the most experienced developers struggle to understand all of the technologies and interfaces involved. Developing new business-extending client applications requires an ever-growing range of expertise and skills. The phenomenal adoption of low-code tools by nonprofessional developers further increases the gap. + +Enterprises use API Management to partially address this gap: APIs can be renamed, authentication can be streamlined, APIs can be protected against unauthorized access or threats. But this doesn't address the deeper problem: separate, disconnected APIs from different data sources and systems. + +Graph is a solution to unify your business APIs in the form of a semantically connected data graph, accessed via a single powerful API. Out of the box, it provides developers a single connected and unified view of your SAP-managed business data. Graph consolidates thousands of data entities from SAP systems likeSAP S/4HANA, SAP Sales Cloud, and SAP SuccessFactors, into one curated, semantically connected, data model. We call this connected graph a *Business Data Graph*. + +The out-of-the-box data graph of SAP-managed data is the baseline, the starting point to your own data graph. You can expand it by adding your own data sources and your own data models, projections, and compositions, creating a unique data model of your business. + +The business data graph is ultimately an abstraction of the data in your landscape, for developers. It establishes a separation of concerns, by exposing the data graph through a single unified API, entirely hiding the complexities of the landscape itself. + +Developers use standard and powerful data graph query languages \(OData V4 or GraphQL\) to efficiently navigate the data, without being exposed to the complexity of data sources, URLs, connections, replications, VPNs, or underlying security concerns. All the data, through one API. Often a single powerful graph-navigating query replaces the complex programming logic that would have been required to issue repeated queries to separate systems or APIs. + +Graph technically acts as a scalable and stateless multitenant service, accepting navigation queries from applications, breaking up those queries, and accessing the APIs of the actual data sources on their behalf. Graph doesn’t maintain or cache data; all data requests are semantically routed to the data source systems. + +Because of the decoupling of the system landscape from applications, enterprises can deploy Graph-based applications more easily, across more landscapes, and at a lower cost. + +As part of SAP Integration Suite, Graph is compatible with SAP's Cloud Application Programming model \(CAP\) and with the range of SAP Build development solutions. + +**Related Information** + + +[Configure](configure-1b52dd1.md "Before Graph can be used, the Tenant administrator, needs to configure Graph as a capability of API Management within SAP Integration Suite.") + +[Model](model-31f8c54.md "It is common knowledge that data-driven software should be modeled on its underlying business processes.") + +[Develop](develop-68ce43a.md "As a developer you want to build applications that consume data from business data graphs. This section provides all the information you need to start developing.") + diff --git a/docs/ISuite/50-Development/working-with-data-types-message-types-cf1d397.md b/docs/ISuite/50-Development/working-with-data-types-message-types-cf1d397.md index b250e41c..2226891a 100644 --- a/docs/ISuite/50-Development/working-with-data-types-message-types-cf1d397.md +++ b/docs/ISuite/50-Development/working-with-data-types-message-types-cf1d397.md @@ -2,7 +2,7 @@ # Working with Data Types & Message Types -[Data Type](data-types-97ad101.md) is an object, containing the structure of data that defines the message. A [Message Type](message-types-2eb71b8.md) comprises a data type that describes the structure of a message. +[Data Type](configuring-data-types-97ad101.md) is an object, containing the structure of data that defines the message. A [Message Type](configuring-message-types-2eb71b8.md) comprises a data type that describes the structure of a message. > ### Note: > This information is relevant only when you use the Cloud Integration capability as a part of SAP Integration Suite. Availability of this feature depends upon the SAP Integration Suite service plan that you use. For more information about different service plans and their supported feature set, see SAP Note [2903776](https://launchpad.support.sap.com/#/notes/2903776). diff --git a/docs/ISuite/50-Development/working-with-detected-anomalies-1c677b2.md b/docs/ISuite/50-Development/working-with-detected-anomalies-1c677b2.md index e667827b..6abd6e4d 100644 --- a/docs/ISuite/50-Development/working-with-detected-anomalies-1c677b2.md +++ b/docs/ISuite/50-Development/working-with-detected-anomalies-1c677b2.md @@ -15,13 +15,13 @@ Access and analyze anomalies in the analytics dashboard. Discover details about ## Viewing Anomalies -After enabling the anomaly detection setting and configuring the API selection, the system will display the details of any detected anomalies in the Analytics dashboard. Additionally, if you have subscribed to the **SAP Alert Notification Service**, you will receive an automated email alert notifying you of the detected anomaly. +After enabling the anomaly detection setting and configuring the API selection, the system will display the details of any detected anomalies in the Analytics dashboard. Additionally, if you have subscribed to the **SAP Alert Notification Service**, you will receive an automated alert notifying you of the detected anomaly. To view the detected anomalies from the Analytics dashboard, you can use the following methods: -- In the analytics dashboard, you can find the anomaly notification bar located at the top of the **Overview** page. Click *View* to quickly navigate to the **API Anomaly** page. +- In the analytics dashboard, you can find the anomaly notification bar located at the top of the **Overview** page. Choose *View Anomaly* to quickly navigate to the **API Anomaly** page. -- In the analytics dashboard, click the *API Anomaly* tab to view the detected anomalies. +- In the analytics dashboard, go to the *API Anomaly* tab to view the detected anomalies. @@ -76,7 +76,7 @@ Each anomaly is accompanied by the following details: - + API Response Time @@ -85,13 +85,6 @@ Each anomaly is accompanied by the following details: **API Response Time Increase:** This value is displayed when there is an increase in the total response time for a specific API. - - - - - - **API Response Time Decrease:** This value is displayed when there is a decrease in the total response time for a specific API. - @@ -119,7 +112,7 @@ Each anomaly is accompanied by the following details: - Affected Entity: Displays the name of the affected API. If there are multiple affected APIs, it will be shown as **Multiple APIs**. - Details: This field describes the issue detected by the system. -Click on an anomaly to view more in-depth information on the next screen. +Choose an anomaly to view more in-depth information on the next screen. @@ -144,7 +137,7 @@ In this screen, you can view the anomaly type that describes the issue, along wi - Select *Yes* if the detected anomaly appears to be abnormal and to confirm it as a true anomaly. - Select *No* if the detected anomaly seems to be normal and to confirm it as not an anomaly. - - Click on *Save* to confirm your changes. + - Choose *Save* to confirm your changes. You can also evaluate an anomaly on the next screen by clicking on the *Evaluate* button. Once evaluated, the status will be displayed right below the **Evaluation** field. @@ -160,7 +153,7 @@ In this screen, you can access the following information: - Evaluation: Displays the status of an anomaly whether it has been evaluated or not. To evaluate, click on the *Evaluate* button. -- API Anomaly Type: A red arrow is displayed to indicate a surge or drop, depending on the anomaly type. The possible anomaly types include API Traffic \(Increase or Decrease\), API Response Time \(Increase or Decrease\), or API Error Count Increase \(client or server errors\). +- API Anomaly Type: A red arrow is displayed to indicate a surge or drop, depending on the anomaly type. The possible anomaly types include API Traffic \(Increase or Decrease\), API Response Time \(Increase\), or API Error Count Increase \(client or server errors\). - Description: Displays the observed percentage variation. - Time Stamp: Displays the date and time of issue detection. - Details: @@ -169,10 +162,10 @@ In this screen, you can access the following information: - Affected Target Hosts: Displays the name of the affected API provider. - Developer Details: Displays the name of the developer. -- Suggestions: In this tab, you can view suggestions to help resolve the anomaly. Click *View APIs* to be redirected to the *Configure* \> *APIs* page, where you can review the API that is causing the anomaly and conduct further investigation to resolve it. +- Suggestions: In this tab, you can view suggestions to help resolve the anomaly. Choose *View APIs* to be redirected to the *Configure* \> *APIs* page, where you can review the API that is causing the anomaly and conduct further investigation to resolve it. > ### Note: -> Anomaly Detection is an AI-based feature, and there is a possibility of receiving inaccurate responses. If you encounter any discrepancies, please share your valuable feedback by clicking on \(**Give feedback**\) icon. +> Anomaly Detection is an AI-based feature, and there is a possibility of receiving inaccurate responses. If you encounter any discrepancies, please share your valuable feedback by clicking on the \(**Give feedback**\) icon. @@ -180,7 +173,7 @@ In this screen, you can access the following information: ## Graph: Actual vs. Expected Patterns for API Calls -The graph provides a visualization of actual and expected patterns for different types of API calls over a specified timeframe, focusing on key metrics such as **API Traffic** \(Increase or Decrease\), **API Response Time** \(Increase or Decrease\), and **API Error Count Increase** \(Client or Server errors\). The x-axis represents time intervals, while the y-axis reflects the respective metrics' values. +The graph provides a visualization of actual and expected patterns for different types of API calls over a specified timeframe, focusing on key metrics such as **API Traffic** \(Increase or Decrease\), **API Response Time** \(Increase\), and **API Error Count Increase** \(Client or Server errors\). The x-axis represents time intervals, while the y-axis reflects the respective metrics' values. **API Traffic** @@ -188,7 +181,7 @@ The graph provides a visualization of actual and expected patterns for different **Expected**: The expected pattern is represented by a dotted line on the graph. Deviations from this line may signify anomalies in the API call behavior. -**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API behavior, while variation, especially sudden spikes or drops, may indicate anomalies that require further investigation. +**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API behavior, while variation, especially sudden increase or decrease, may indicate anomalies that require further investigation. **API Response Time** @@ -196,7 +189,7 @@ The graph provides a visualization of actual and expected patterns for different **Expected**: The expected pattern is represented by a dotted line on the graph. Deviations from this line may signify anomalies in the API call behavior. -**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API behavior, while variation, especially sudden increase or decrease, may indicate anomalies that require further investigation. +**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API behavior, while variation, especially a sudden increase, may indicate anomalies that require further investigation. **API Errors \(Client or Server Errors\)** @@ -204,7 +197,7 @@ The graph provides a visualization of actual and expected patterns for different **Expected**: The expected pattern is represented by a dotted line on the graph. Deviations from this line may signify anomalies in the API call behavior. -**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API errors, while variation, especially sudden increase or decrease, may indicate anomalies that require further investigation. +**Action**: A consistent alignment between the actual and expected patterns suggests normal and expected API errors, while variation, especially a sudden increase, may indicate anomalies that require further investigation. @@ -216,15 +209,15 @@ The graph provides a visualization of actual and expected patterns for different The Action Bar is located in the top right corner of **Anomalies** window. It provides controls that allow you to interact with the displayed data. These controls enable you to switch between graphical and tabular views, select the time period you wish to analyze for anomalies, and perform other actions as described below: -Click to switch between full screen view and default screen view. +Choose to switch between full screen view and default screen view. Click the drop-down to select the time period. The data can be viewed for a maximum of 6 months. -Click for graphical view. +Choose for graphical view. -Click for tabular view. +Choose for tabular view. -Click or to zoom in or out the graph. This option is helpful for accessing the red dot, which indicates an anomaly on the graph. +Choose or to zoom in or out the graph. This option is helpful for accessing the red dot, which indicates an anomaly on the graph. **Related Information** @@ -233,5 +226,5 @@ Click or  + +# Working with Imported Archives + +Imported Archives is a collection of multiple imported archive objects from ESR. + +> ### Note: +> This information is relevant only when you use the Cloud Integration capability as a part of SAP Integration Suite. Availability of this feature depends upon the SAP Integration Suite service plan that you use. For more information about different service plans and their supported feature set, see SAP Note [2903776](https://launchpad.support.sap.com/#/notes/2903776). + +Imported Archives are custom-implemented user-defined functions \(UDFs\) and saved as archives in the Enterprise Services Repository \(ESR\). For more information about what is an imported archive object and how it's created in an ESR, see [Imported Archives](https://help.sap.com/docs/SAP_NETWEAVER_750/0b9668e854374d8fa3fc8ec327ff3693/4bf40f29c0c33de4e10000000a42189e.html?version=latest). + +To achieve reusability across message mappings, SAP Integration Suite supports import of archives from ESR. In SAP Integration Suite, you create an *Imported Archives* artifact and import multiple imported archive objects from ES Repository to the Imported Archives artifact. Later, you reuse the imported archive objects across multiple Function Libraries artifacts, which in turn are reused across multiple message mappings. + + + + + +### Workflow + +A typical workflow to rightly use Imported Archives is as follows: + +1. [Creating an Imported Archives Artifact](creating-an-imported-archives-artifact-e555caf.md) in an integration package. + +2. [Reuse Imported Archives Objects from ES Repository](reuse-imported-archives-objects-from-es-repository-4196091.md) + +3. [Consuming Imported Archives](consuming-imported-archives-e7562a7.md) + + diff --git a/docs/ISuite/50-Development/working-with-the-analytics-dashboard-e07e815.md b/docs/ISuite/50-Development/working-with-the-analytics-dashboard-e07e815.md index b6038870..250f150b 100644 --- a/docs/ISuite/50-Development/working-with-the-analytics-dashboard-e07e815.md +++ b/docs/ISuite/50-Development/working-with-the-analytics-dashboard-e07e815.md @@ -22,9 +22,9 @@ You can use the analytics dashboard to: ## Procedure -1. Log on to the SAP Integration Suite. +1. Log on to the ******SAP Integration Suite**. -2. Choose the navigation icon on the left and choose *Analyze* \> *APIs*. +2. From the left navigation pane, choose *Analyze*. The *Analytics* dashboard appears. diff --git a/docs/ISuite/60-Security/auditing-and-logging-information-for-api-management-77024b3.md b/docs/ISuite/60-Security/auditing-and-logging-information-for-api-management-77024b3.md index cd46c224..b8250be2 100644 --- a/docs/ISuite/60-Security/auditing-and-logging-information-for-api-management-77024b3.md +++ b/docs/ISuite/60-Security/auditing-and-logging-information-for-api-management-77024b3.md @@ -320,7 +320,7 @@ Example: -[Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right: +[Create an Application](../create-an-application-a501a6d.md) diff --git a/docs/ISuite/60-Security/data-protection-and-privacy-for-api-management-d50613e.md b/docs/ISuite/60-Security/data-protection-and-privacy-for-api-management-d50613e.md index 5dddd158..f2016f97 100644 --- a/docs/ISuite/60-Security/data-protection-and-privacy-for-api-management-d50613e.md +++ b/docs/ISuite/60-Security/data-protection-and-privacy-for-api-management-d50613e.md @@ -204,7 +204,7 @@ API Management stores the API portal administrator’s user ID. Storing the user API Management stores personal information such as first name, last name, user ID, and e-mail ID of users who have logged on to the Developer Portal. All the personal information stored in the application is deleted when the access for the corresponding user is revoked. -In API Management, application developers can contact their developer portal administrators to have their personal data erased and access revoked. For more information, see [Revoke Access \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/147fb9dca1414f6a956dd05b4c86d74d.html "Revoke the access of an application developer.") :arrow_upper_right: and [Delete Data of Unregistered Users](../delete-data-of-unregistered-users-d548233.md). +In API Management, application developers can contact their developer portal administrators to have their personal data erased and access revoked. For more information, see [Revoke Access \[New Design\]](../revoke-access-new-design-ce609bb.md) and [Delete Data of Unregistered Users](../delete-data-of-unregistered-users-d548233.md). diff --git a/docs/ISuite/60-Security/data-storage-security-6a89d6d.md b/docs/ISuite/60-Security/data-storage-security-6a89d6d.md index 8feb1f71..5af4866a 100644 --- a/docs/ISuite/60-Security/data-storage-security-6a89d6d.md +++ b/docs/ISuite/60-Security/data-storage-security-6a89d6d.md @@ -2,7 +2,7 @@ # Data Storage Security -Customer data can be stored by dedicated steps during message processing. Edge Integration Cell stores data in the edge environment using persistent volumes. Amazon Web Services \(AWS\) and Microsoft Azure support data encryption at rest. The storage provider used for SUSE Rancher, needs to support encryption at rest. For more information, check the documentation of the related platform. +Customer data can be stored by dedicated steps during message processing. Edge Integration Cell stores data in the edge environment using persistent volumes. Amazon Web Services \(AWS\) and Microsoft Azure support data encryption at rest Storage providers used for SUSE Rancher or Red Hat OpenShift need to support encryption at rest. For more information, check the documentation of the related platform. For certain use cases, you can configure that data at rest is encrypted. diff --git a/docs/ISuite/60-Security/identity-and-access-management-for-api-management-016556f.md b/docs/ISuite/60-Security/identity-and-access-management-for-api-management-016556f.md index 49daaf31..7566a07f 100644 --- a/docs/ISuite/60-Security/identity-and-access-management-for-api-management-016556f.md +++ b/docs/ISuite/60-Security/identity-and-access-management-for-api-management-016556f.md @@ -38,7 +38,7 @@ Authorization -In API Management, you provide authorization to users by assigning relevant roles. For more information on how to provide authorizations, see [User Roles in API Management \(New\)](../user-roles-in-api-management-new-911ca5a.md). +In API Management, you provide authorization to users by assigning relevant roles. For more information on how to provide authorizations, see [Assigning Role Collections to Users](../assigning-role-collections-to-users-80bb02e.md). diff --git a/docs/ISuite/60-Security/kubernetes-f06bfa1.md b/docs/ISuite/60-Security/kubernetes-f06bfa1.md index 904c6793..deb1550d 100644 --- a/docs/ISuite/60-Security/kubernetes-f06bfa1.md +++ b/docs/ISuite/60-Security/kubernetes-f06bfa1.md @@ -8,5 +8,7 @@ Refer to the following security best practices from your Kubernetes provider and - [Azure security baseline for Azure Kubernetes Service](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aks-security-baseline?context=%2Fazure%2Faks%2Fcontext%2Faks-context) -- [https://ranchermanager.docs.rancher.com/pages-for-subheaders/rancher-hardening-guides](https://ranchermanager.docs.rancher.com/pages-for-subheaders/rancher-hardening-guides) +- [OpenShift Container Platform security and compliance](https://docs.openshift.com/container-platform/4.14/security/index.html) + +- [Self-Assessment and Hardening Guides for Rancher](https://ranchermanager.docs.rancher.com/pages-for-subheaders/rancher-hardening-guides) diff --git a/docs/ISuite/60-Security/tasks-and-permissions-for-cloud-integration-556d557.md b/docs/ISuite/60-Security/tasks-and-permissions-for-cloud-integration-556d557.md index 0993531d..d41889b7 100644 --- a/docs/ISuite/60-Security/tasks-and-permissions-for-cloud-integration-556d557.md +++ b/docs/ISuite/60-Security/tasks-and-permissions-for-cloud-integration-556d557.md @@ -780,7 +780,40 @@ Monitor -Create, edit, delete user roles. +View user roles + + + + +Roles.Read + + + + +MonitoringDataRead + + + + +Integration Developer + +Business Expert + +Read-Only Persona/System Developer + +Tenant Administrator + + + + + + +Monitor + + + + +Create, edit, delete user roles @@ -1544,6 +1577,70 @@ Monitor +Add, edit, or undeploy number ranges, and undeploy integration flows + + + + +IntegrationOperationServer.read + +NodeManager.deploycontent + + + + +MonitoringArtifactsDeploy + + + + +Integration Developer + +Tenant Administrator + + + + + + +Monitor + + + + +View number ranges + + + + +IntegrationOperationServer.read + + + + +MonitoringDataRead + + + + +Integration Developer + +Business Expert + +Read-Only Persona/System Developer + +Tenant Administrator + + + + + + +Monitor + + + + Activate or deactivate queues @@ -1573,6 +1670,105 @@ Monitor +Retry queues + + + + +IntegrationOperationServer.read + +ESBDataStore.read + +ESBDataStore.retry + + + + +QueuesRetry + + + + +Integration Developer + +Tenant Administrator + + + + + + +Monitor + + + + +Delete queues + + + + +IntegrationOperationServer.read + +ESBDataStore.read + +ESBDataStore.delete + + + + +DataStoresAndQueuesDelete + + + + +Tenant Administrator + + + + + + +Monitor + + + + +View queues + + + + +IntegrationOperationServer.read + +ESBDataStore.read + + + + +DataStoresAndQueuesRead + + + + +Integration Developer + +Business Expert + +Read-Only Persona/System Developer + +Tenant Administrator + + + + + + +Monitor + + + + View runtime processing locks @@ -2177,6 +2373,141 @@ WorkspaceDesignGuidelinesConfigure Tenant Administrator + + + + + +General + + + + +Provides permission for the read-only persona \(see [Personas for Cloud Integration](personas-for-cloud-integration-2937e5c.md)\) + + + + +AuthGroup.ReadOnly + + + + +AuthGroup\_ReadOnly + + + + +Read-Only Persona + + + + + + +General + + + + +Provides permission for the tenant administrator persona \(see [Personas for Cloud Integration](personas-for-cloud-integration-2937e5c.md)\) + + + + +AuthGroup.Administrator + + + + +AuthGroup\_Administrator + + + + +Tenant Administrator + + + + + + +General + + + + +Provides permission for the business expert persona \(see [Personas for Cloud Integration](personas-for-cloud-integration-2937e5c.md)\) + + + + +AuthGroup.BusinessExpert + + + + +AuthGroup\_BusinessExpert + + + + +Business Expert + + + + + + +General + + + + +Provides permission for the integration developer persona \(see [Personas for Cloud Integration](personas-for-cloud-integration-2937e5c.md)\) + + + + +AuthGroup.IntegrationDeveloper + + + + +AuthGroup\_IntegrationDeveloper + + + + +Integration Developer + + + + + + +General + + + + +This role/role template is only relevant for partners and internal SAP developers developing and publishing content to SAP Business Accelerator Hub. Further details can be found in the partner documentation. + + + + +AuthGroup.ContentPublisher + + + + +AuthGroup\_ContentPublisher + + + + +n.a. + diff --git a/docs/ISuite/APIM-Migration/clone-api-management-content-7abd887.md b/docs/ISuite/APIM-Migration/clone-api-management-content-7abd887.md index 4f6e8923..499a98d9 100644 --- a/docs/ISuite/APIM-Migration/clone-api-management-content-7abd887.md +++ b/docs/ISuite/APIM-Migration/clone-api-management-content-7abd887.md @@ -94,6 +94,11 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in > > The `selectiveEntityMigration` parameter is optional. +> ### Note: +> We recommend migrating all API artifacts during the migration activity. While it is possible to selectively migrate API proxies, this should not be the preferred method for migrating API artifacts. It should only be used with careful consideration of dependencies. +> +> If you need to regularly move or migrate API Management artifacts between Integration Suite tenants, it is recommended to use the transport capability instead. For more information, see [Transport APIs and Its Related Artifacts](../50-Development/transport-apis-and-its-related-artifacts-eb83118.md). + ## Procedure @@ -382,15 +387,15 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - This is the Tenant ID for your Cloud Foundry sub account where starter plan serivce instance is enabled. + This is the Tenant ID for your multi-cloud foundation sub account where starter plan serivce instance is enabled. > ### Note: > If you are migrating within the same subaccount, you are not required to add this parameter. > - > This parameter is mandatory if you are migrating to a Cloud Foundry subaccount, which is different from your existing starter plan subaccount. + > This parameter is mandatory if you are migrating to a multi-cloud foundation subaccount, which is different from your existing starter plan subaccount. > ### Note: - > Navigate to the cockpit to fetch the Cloud Foundry Tenant ID for the subaccount where the starter plan service instance exists.![](images/Tenant_ID_293b582.png) + > Navigate to the cockpit to fetch the multi-cloud foundation Tenant ID for the subaccount where the starter plan service instance exists.![](images/Tenant_ID_293b582.png) @@ -924,7 +929,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - URL received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + URL received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. @@ -978,7 +983,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client ID received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + The client ID received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -1007,7 +1012,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client secret received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + The client secret received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -1477,8 +1482,8 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in "url": "", "username": "", "password": "" - }, - "cfSubaccountTenantID": "1d1b3316-cf22-44b5-973f-d2d8a132444a" + } + }, "target": { @@ -1503,13 +1508,17 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in } }, - “skipApplicationKeySecretCloning” : , + "skipApplicationKeySecretCloning" : , "clone": { "skip-apiportal": , "skip-devportal": }, "stage": <"DEFAULT" | "SWITCHOVER"> + "selectiveEntityMigration": , //If you are setting the 'selectiveEntityMigration' parameter to true, please make sure to enter the names of the API proxies in the 'selectiveEntities' field using a comma-separated format. + "selectiveEntities": { + "APIProxies": ["Proxy1", "Proxy2", "Proxy3"] + } } ``` diff --git a/docs/ISuite/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md b/docs/ISuite/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md index 91419f89..918a8916 100644 --- a/docs/ISuite/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md +++ b/docs/ISuite/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md @@ -67,7 +67,7 @@ Once you have your source and target system ready, you can clone your API Manage ## Context -To migrate all API Management entities, you need to complete the apim-tct-input.json file in the tenant cloning tool by providing all the necessary details. command to make the file executable. +To migrate all API Management entities, you need to complete the apim-tct-input.json file in the tenant cloning tool by providing all the necessary details. In case you want to migrate selected API proxies from the source API Management tenant to the target API Management tenant, make the following configurations in the `apim-tct-input.json` file: @@ -94,6 +94,11 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in > > The `selectiveEntityMigration` parameter is optional. +> ### Note: +> We recommend migrating all API artifacts during the migration activity. While it is possible to selectively migrate API proxies, this should not be the preferred method for migrating API artifacts. It should only be used with careful consideration of dependencies. +> +> If you need to regularly move or migrate API Management artifacts between Integration Suite tenants, it is recommended to use the transport capability instead. For more information, see [Transport APIs and Its Related Artifacts](../50-Development/transport-apis-and-its-related-artifacts-eb83118.md). + ## Procedure @@ -778,7 +783,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in The client ID received during creation of the service key for API portal API access for the `APIPortal.Administrator` role - You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. + You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the The client secret received during creation of the service key for `apim-tct-input.json` file. @@ -805,7 +810,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client secret received during creation of the service key for API portal API access for the `APIPortal.Administrator` role + API portal API access for the `APIPortal.Administrator` role You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -866,7 +871,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The contents of the certificate received during creation of the service key for API portal API access for the APIPortal.Administrator role. + The client secret received during creation of the service The contents of the certificate received during creation of the service key for API portal API access for the APIPortal.Administrator role. @@ -1475,7 +1480,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in "tokenUrl": ".authentication.sap.hana.ondemand.com/oauth/token>", "clientId": "", "clientSecret": "" - }, + } }, @@ -1495,13 +1500,17 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in } }, - “skipApplicationKeySecretCloning” : , + "skipApplicationKeySecretCloning" : , "clone": { "skip-apiportal": , "skip-devportal": }, - "stage": <"DEFAULT"> + "stage": <"DEFAULT">, + "selectiveEntityMigration": , //If you are setting the 'selectiveEntityMigration' parameter to true, please make sure to enter the names of the API proxies in the 'selectiveEntities' field using a comma-separated format. + "selectiveEntities": { + "APIProxies": ["Proxy1", "Proxy2", "Proxy3"] + } } ``` diff --git a/docs/ISuite/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md b/docs/ISuite/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md index 9418b1da..b5017f97 100644 --- a/docs/ISuite/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md +++ b/docs/ISuite/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md @@ -11,13 +11,13 @@ Refer this section for the entities that are cloned and entities that aren’t c ## Entities That Are Cloned > ### Note: -> Currently, when a custom role is assigned to a Product, the Application creation using the tenant cloning tool is not supported. +> Currently, when a custom role is assigned to a product, the application creation using the tenant cloning tool is not supported. > -> As a work-around, before initiating the cloning process, remove the custom role assigned to the Product in the Source system and proceed with the cloning process. +> As a work-around, before initiating the cloning process, remove the custom role assigned to the product in the source system and proceed with the cloning process. > -> After the cloning process is completed, reassign the custom roles to the Product in the Source system. Also, ensure that the custom roles are assigned to the Product in the Target system. +> After the cloning process is completed, reassign the custom roles to the product in the source system. Also, ensure that the custom roles are assigned to the product in the target system. > -> In case the custom roles aren’t appearing in the *Permission* tab, as mentioned in the Prerequisite section, ensure that the custom roles are created and assigned to the developers in the target Cloud Foundry environment. +> In case the custom roles aren’t appearing in the *Permission* tab, as mentioned in the **Prerequisite** section, ensure that the custom roles are created and assigned to the developers in the target multi-cloud foundation. > ### Note: > If you have made any customizations to the `HelloWorld` sample proxy, and you want to migrate this proxy to the target, while cloning you might get the following error: `"Unable to import API Proxy from zip file; xml content invalid"`To address this, execute the following steps: @@ -36,7 +36,7 @@ Refer this section for the entities that are cloned and entities that aren’t c > > > > ``` > -> Please note that your userId is as per your Identity Service configuration. You can find your userId when you open any proxies in the API portal. +> Please note that your userId is as per your **Identity Service** configuration. You can find your userId when you open any proxies in the API portal. > > 3. Save the zip file. > @@ -47,7 +47,7 @@ Refer this section for the entities that are cloned and entities that aren’t c > > With this the `created_by` will reflect in the API proxy. -The following list displays the API Management entities that are cloned: +The following list displays the API Management entities that can be cloned: - Certificates and Certificate Store - Rate Plans @@ -62,6 +62,8 @@ The following list displays the API Management entities that are cloned: - Application Developer - Access Control Permissions for API Product - Custom Metrics and Charts +- Cache Resources + diff --git a/docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md b/docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md similarity index 58% rename from docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md rename to docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md index b3ae7e48..ffc717b9 100644 --- a/docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md +++ b/docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md @@ -1,23 +1,23 @@ -# Migrating API Management from Neo to Cloud Foundry Environment +# Migrating API Management from Neo to Multi-Cloud Foundation -You can migrate the API Management content in Neo environment to a public cloud infrastructure \(hyperscalers\) within the Cloud Foundry environment. +You can migrate the API Management content in Neo environment to a public cloud infrastructure \(hyperscalers\) within a multi-cloud foundation. -Migration Assistant for asset migration includes the tools and utilities that enable migration of design time assets nondisruptively from the Neo to the Cloud Foundry environment. +Migration Assistant for asset migration includes the tools and utilities that enable migration of design time assets nondisruptively from the Neo to multi-cloud foundation. Your source system is the system that contains your API Management content in the Neo environment. -Your target system is the system that hosts your API Management content on the hyperscalers-managed infrastructure within the Cloud Foundry environment. Here Cloud Foundry environment can be your native standalone API Management subscription or API Management capability within the Integration Suite. +Your target system refers to the infrastructure that hosts your API Management content on a hyperscaler-managed infrastructure within a multi-cloud foundation. This multi-cloud foundation can either be your native standalone API Management subscription or the API Management capability within the Integration Suite. For the migration assistance, you must have an Integration Suite subscription with API Management capability enabled within Integration Suite. After completing the prerequisites mentioned in the steps below, you can clone your API Management artifacts nondisruptively from the source to the target system. Post cloning, you must complete some user actions and validate your target system. > ### Note: -> The Developer portal is renamed to API business hub enterprise in Cloud Foundry environment. In this document API business hub enterprise is referred to as Developer portal even in Cloud Foundry environment. +> The developer portal is renamed to API business hub enterprise within the multi-cloud foundation. In this document API business hub enterprise is referred to as developer portal even within the multi-cloud foundation. The steps assisting the migration of your API Management from your source system to a target system are: diff --git a/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-9778a36.md b/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-9778a36.md index 57132ae7..a6129b85 100644 --- a/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-9778a36.md +++ b/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-9778a36.md @@ -2,7 +2,7 @@ # Migrating API Management Subscription Created Using the Starter Plan Service Instance -You can choose to migrate the design-time components that you have in the Neo environment, which was previously set up using Starter Plan instance, to the Cloud Foundry environment, keeping the runtime components as is. +You can choose to migrate the design-time components that you have in the Neo environment, which was previously set up using Starter Plan instance, to the multi-cloud foundation, keeping the runtime components as is. @@ -10,12 +10,12 @@ You can choose to migrate the design-time components that you have in the Neo en ## Context -You can also enable the new API Management design time subscription on the same Cloud Foundry subaccount, where you have created the starter plan service instance. +You can also enable the new API Management design time subscription on the same multi-cloud foundation subaccount, where you have created the starter plan service instance. > ### Note: -> You must subscribe to the API portal and the Developer Portal in the same Cloud Foundry subaccount where the starter plan instance is created. +> You must subscribe to the API portal and the developer portal in the same multi-cloud foundation subaccount where the starter plan instance is created. > -> Tenant type \(for example, production and test\) of the newly onboarded API Management on the Cloud Foundry environment must be same as that of the source API Management on the Neo environment. +> Tenant type \(for example, production and test\) of the newly onboarded API Management on the multi-cloud foundation must be same as that of the source API Management on the Neo environment. > ### Caution: > The migration of the Starter Plan Service Instance might involve downtime of the API runtime calls. @@ -66,13 +66,13 @@ You can also enable the new API Management design time subscription on the same - Provide the Neo account details where API Management is enabled. - - Provide the Cloud Foundry account details where starter plan service instance is created. + - Provide the multi-cloud foundation account details where starter plan service instance is created. > ### Note: > Once you receive a confirmation from SAP on the ticket, you can resume the migration process from step 2. -2. Prepare the target system by enabling the API Management subscription on the Cloud Foundry subaccount where your starter plan instance was created. +2. Prepare the target system by enabling the API Management subscription on the multi-cloud foundation subaccount where your starter plan instance was created. To complete the checks, before you start migrating your API Management artifacts nondisruptively from your source system to a target system, see [Prerequisites](prerequisites-c1904bc.md). @@ -111,5 +111,5 @@ You can also enable the new API Management design time subscription on the same ## Results -Migration of API Management subscription created using the Starter Plan service instance is complete.There can be downtime for certain API proxies \(having policies that are specific to Neo/ Cloud Foundry environment\) created out of on-premise providers. +Migration of API Management subscription created using the Starter Plan service instance is complete.There can be downtime for certain API proxies \(having policies that are specific to Neo/ multi-cloud foundation\) created out of on-premise providers. diff --git a/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-to-1f4ed86.md b/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-to-1f4ed86.md index 7cbe908b..e8763fb9 100644 --- a/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-to-1f4ed86.md +++ b/docs/ISuite/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instance-to-1f4ed86.md @@ -2,7 +2,7 @@ # Migrating API Management Subscription Created Using the Starter Plan Service Instance to Different Subaccounts -Migrate the design-time components from the Neo environment, which was previously set up using Starter Plan instance, to the Cloud Foundry environment, keeping the runtime components as is. +Migrate the design-time components from the Neo environment, which was previously set up using Starter Plan instance, to the multi-cloud foundation, keeping the runtime components as is. @@ -17,9 +17,9 @@ With the Integration Suite premium edition license available in a different suba > > - Analytics data can't be retained, as Advanced Analytics gets newly configured in the different subaccount. However, if you come across any analytics data from the previous subaccount, you must ignore the data and consider the analytics data after the migration task is completed. > -> - Subscribe to the API portal and the API business hub enterprise in the other Cloud Foundry subaccount. This is the subaccount with the Integration Suite premium edition license. +> - Subscribe to the API portal and the API business hub enterprise in the other multi-cloud foundation subaccount. This is the subaccount with the Integration Suite premium edition license. > -> - Tenant type \(for example, production and test\) of the newly onboarded API Management on the Cloud Foundry environment must be same as that of the source API Management on the Neo environment. +> - Tenant type \(for example, production and test\) of the newly onboarded API Management on the multi-cloud foundation must be same as that of the source API Management on the Neo environment. > > - Ensure that both the source and the target subaccounts are in the same data center for migrating the API Management subscription to a different subaccount. > @@ -74,7 +74,7 @@ With the Integration Suite premium edition license available in a different suba - Provide the Neo account details where API Management is enabled. - - Provide the Cloud Foundry account details where starter plan service instance is created. + - Provide the multi-cloud foundation account details where starter plan service instance is created. - Provide the details of the target Integration Suite subscription account for migrating the starter plan subscription to a different subaccount. Since you already have the Integration Suite premium license available, you can create the API Management subscription before creating the ticket. @@ -119,5 +119,5 @@ With the Integration Suite premium edition license available in a different suba ## Results -Migration of API Management subscription \(created using the Starter Plan service instance\) to a different subaccount is complete. There can be downtime for certain API proxies \(having policies that are specific to Neo/ Cloud Foundry environment\) created out of on-premise providers. +Migration of API Management subscription \(created using the Starter Plan service instance\) to a different subaccount is complete. There can be downtime for certain API proxies \(having policies that are specific to Neo/ multi-cloud foundation\) created out of on-premise providers. diff --git a/docs/ISuite/APIM-Migration/migration-of-api-management-content-d66b3e5.md b/docs/ISuite/APIM-Migration/migration-of-api-management-content-d66b3e5.md index 14b78481..6adbc009 100644 --- a/docs/ISuite/APIM-Migration/migration-of-api-management-content-d66b3e5.md +++ b/docs/ISuite/APIM-Migration/migration-of-api-management-content-d66b3e5.md @@ -48,7 +48,7 @@ Standard Migration -[Migrating API Management from Neo to Cloud Foundry Environment](migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md) +[Migrating API Management from Neo to Multi-Cloud Foundation](migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md) diff --git a/docs/ISuite/APIM-Migration/post-cloning-tasks-116d82c.md b/docs/ISuite/APIM-Migration/post-cloning-tasks-116d82c.md index c59eb654..69621d89 100644 --- a/docs/ISuite/APIM-Migration/post-cloning-tasks-116d82c.md +++ b/docs/ISuite/APIM-Migration/post-cloning-tasks-116d82c.md @@ -6,7 +6,7 @@ Post the completion of the cloning process, you must perform some actions, check -The following sections outline the tasks that need to be completed after the cloning of your API Management content from Neo to the Cloud Foundry environment. +The following sections outline the tasks that need to be completed after the cloning of your API Management content from Neo to the multi-cloud foundation. @@ -185,7 +185,7 @@ Depending on the configurations you have on your source system, you must configu To know more about the entities that are cloned and the entities that aren’t cloned, see [Cloned and Uncloned Entities](cloned-and-uncloned-entities-8973ca0.md). > ### Note: -> For the on-premise APIs, the URL of the target.basepath changes while migrating from Neo to Cloud Foundry. If you’ve customized any of the policies, where the target.basepath is being used, then make sure that you update the content of the policy accordingly in the target Cloud Foundry system. For example, after migration the target.basepath URL in Cloud Foundry might have an additional segment. You need to verify if this additional segment adversely affects the policy execution in target Cloud Foundry system. +> For the on-premise APIs, the URL of the target.basepath changes while migrating from Neo to multi-cloud foundation. If you’ve customized any of the policies, where the target.basepath is being used, then make sure that you update the content of the policy accordingly in the target multi-cloud foundation system. For example, after migration the target basepath URL in multi-cloud foundation might have an additional segment. You need to verify if this additional segment adversely affects the policy execution in targetmulti-cloud foundation system. @@ -193,35 +193,35 @@ To know more about the entities that are cloned and the entities that aren’t c ## Migrating Route Service Binding -If you've used the [Managing Cloud Foundry Microservices through API Management](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md) to manage your Cloud Foundry applications, you can now migrate the existing route service binding, from the API Management instance on Neo to the new API Management instance on Cloud Foundry. +If you've used the [Managing Cloud Foundry Microservices through API Management](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md) to manage your multi-cloud foundation applications, you can now migrate the existing route service binding, from the API Management instance on Neo to the new API Management instance on multi-cloud foundation. ### Prerequisites -- A route service binding exists between your application on Cloud Foundry and the API Management service instance in the Neo environment. -- You have enabled API Management on your Cloud Foundry sub account +- A route service binding exists between your application on multi-cloud foundation and the API Management service instance in the Neo environment. +- You have enabled API Management on your multi-cloud foundation subaccount. - You have the space developer role assigned to you. Depending upon the location of your application, and your API Management service instance, the steps to migrate the route service binding vary. -### Cloud Foundry Application and API Management capability on the same subaccount +### Multi-Cloud Foundation Application and API Management capability on the same subaccount If your cloud foundry application and the API Management capability are on the same sub account, then use the following steps to migrate the route service binding: 1. Create an API Management, API portal service instance using the service plan, apim-as-route-service. For more information, see [Creating an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__CreatingAPIMInstance) -2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__unbinding) -3. Bind your application to the API Management service instance on Cloud Foundry. For more information, see [Binding a Cloud Foundry Application to an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) +2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md) +3. Bind your application to the API Management service instance on multi-cloud foundation. For more information, see [Binding a Muti-Cloud Foundation Application to an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) -### Cloud Foundry Application and API Management capability on different sub accounts +### Multi-Cloud Foundation Application and API Management capability on different sub accounts -If your Cloud Foundry application and the API Management capability are on different sub accounts, then use the following steps to migrate the route service binding: +If your multi-cloud foundation application and the API Management capability are on different sub accounts, then use the following steps to migrate the route service binding: -1. Create a User Provided Service in the sub account where your Cloud Foundry application is present, using the proxy URL from the sub account in which your API Management instance is present. In order to create this User Provided Service, open the command prompt and use the following command +1. Create a **User Provided Service** in the subaccount where your multi-cloud foundation application is present, using the proxy URL from the sub account in which your API Management instance is present. In order to create this **User Provided Service**, open the command prompt and use the following command > ### Sample Code: > ``` @@ -231,8 +231,8 @@ If your Cloud Foundry application and the API Management capability are on diffe For more information, see [User Provided Service](https://docs.cloudfoundry.org/services/route-services.html#user-provided) -2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__unbinding) -3. Bind the User Provided Service created in the first step to the Cloud Foundry Application. For this binding, use the following command: +2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md) +3. Bind the User Provided Service created in the first step to the multi-cloud foundation application. For this binding, use the following command: > ### Sample Code: > ``` diff --git a/docs/ISuite/APIM-Migration/post-cloning-tasks-49e9716.md b/docs/ISuite/APIM-Migration/post-cloning-tasks-49e9716.md index e0de83c5..311f8ab9 100644 --- a/docs/ISuite/APIM-Migration/post-cloning-tasks-49e9716.md +++ b/docs/ISuite/APIM-Migration/post-cloning-tasks-49e9716.md @@ -174,7 +174,7 @@ Depending upon the location of your application, and your API Management service If your cloud foundry application and the API Management capability are on the same sub account, then use the following steps to migrate the route service binding: 1. Create an API Management, API portal service instance using the service plan, apim-as-route-service. For more information, see [Creating an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__CreatingAPIMInstance) -2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md) +2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md) 3. Bind your application to the API Management service instance on Cloud Foundry. For more information, see [Binding a Cloud Foundry Application to an API Management, API portal Service Instance](../managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) @@ -193,7 +193,7 @@ If your Cloud Foundry application and the API Management capability are on diffe For more information, see [User Provided Service](https://docs.cloudfoundry.org/services/route-services.html#user-provided) -2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md) +2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md) 3. Bind the User Provided Service created in the first step to the Cloud Foundry Application. For this binding, use the following command: > ### Sample Code: diff --git a/docs/ISuite/APIM-Migration/prerequisites-c1904bc.md b/docs/ISuite/APIM-Migration/prerequisites-c1904bc.md index c3567152..c14ed99d 100644 --- a/docs/ISuite/APIM-Migration/prerequisites-c1904bc.md +++ b/docs/ISuite/APIM-Migration/prerequisites-c1904bc.md @@ -8,7 +8,7 @@ Checks to be completed before you start migrating your API Management content no - Your source system is the system that has your API Management subscription in the Neo environment. -- Your target system is the system that has your API Management content on the hyperscalers-managed infrastructure within the Cloud Foundry environment. +- Your target system is the system that has your API Management content on the hyperscalers-managed infrastructure within the multi-cloud foundation. @@ -78,13 +78,10 @@ Checks to be completed before you start migrating your API Management content no - If you have already enabled API Management on your target system, and want to reuse the same for migration: - - - It's recommended that you do not have any pre-existing entities such as API proxies or products on this system. - - > ### Note: - > Any entity, if pre-existing in your target API Management capability, can be over-written during the cloning process. +- If you have already enabled API Management on your target system, and want to reuse the same for migration, it's recommended that you do not have any pre-existing entities such as API proxies or products on this system. + > ### Note: + > Any entity, if pre-existing in your target API Management capability, can be over-written during the cloning process. - If your target system is connected to a custom IDP, ensure that your IDP is configured correctly, and mapping for the details like your first name, last name, email ID, and user ID is done. @@ -98,9 +95,22 @@ Checks to be completed before you start migrating your API Management content no - APIPortal.Administrator - AuthGroup.API.Admin - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. To know more about API access plans for API portal, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD). To know more about API access plan for API business hub enterprise, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD), without which the cloning of the API business hub enterprise entities might fail. + For Integration Suite, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD) + + For API business hub enterprise, execute the following mandatory steps: + + - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. + + - Create a service instance under the *Authorization and Trust Management* tile. + + - Create a destination of type *OAuth2Credentials* to the XSUAA APIs by using the credentials you derived from creating the service key. + + - Create a service instance with the *AuthGroup.API.Admin* role to access theAPI business hub enterprise APIs. + + To perform the above steps, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD) + -- When you have API products protected by the custom roles permission in the source Neo system, ensure that custom roles creation and assignments are done in the target Cloud Foundry environment before starting the migration. +- When you have API products protected by the custom roles permission in the source Neo system, ensure that custom roles creation and assignments are done in the target system within the multi-cloud foundation before starting the migration. Once you complete these checks, you can start cloning your API Management content from the source to the target system. See [Clone API Management Content](clone-api-management-content-7abd887.md). diff --git a/docs/ISuite/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md b/docs/ISuite/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md index c60003bd..3583a815 100644 --- a/docs/ISuite/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md +++ b/docs/ISuite/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md @@ -100,7 +100,20 @@ Both the source and the target system are the system that has your API Managemen - APIPortal.Administrator - AuthGroup.API.Admin - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. To know more about API access plans for API portal, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD). To know more about API access plan for API business hub enterprise, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD), without which the cloning of the API business hub enterprise entities might fail. + For Integration Suite, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD) + + For API business hub enterprise, execute the following mandatory steps: + + - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. + + - Create a service instance under the *Authorization and Trust Management* tile. + + - Create a destination of type *OAuth2Credentials* to the XSUAA APIs by using the credentials you derived from creating the service key. + + - Create a service instance with the *AuthGroup.API.Admin* role to access theAPI business hub enterprise APIs. + + To perform the above steps, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD) + - When you have API products protected by the custom roles permission in the source Cloud Foundry system, ensure that custom roles creation and assignments are done in the target Cloud Foundry environment before starting the migration. diff --git a/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md b/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md index 8f9e33be..64348c0f 100644 --- a/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md +++ b/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md @@ -44,6 +44,3 @@ This topic describes the behavior of the Tenant Cloning Tool with respect to clo > > **Reason for the error**: During migration, the product gets cloned along with the newly revised rate plan in the target tenant. However, while creating the application in the target tenant, the system couldn't locate the revised rate plan ID. The revised rate plan ID was not present in the payload as it belonged to an older subscription, resulting in application creation failure. -> ### Note: -> CacheResources cloning is currently not supported via the Tenant Cloning Tool. You must create it manually on the target Integration Suite using the following service: `/apiportal/api/1.0/Management.svc/CacheResources`. - diff --git a/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md b/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md index 74dcb361..bc652118 100644 --- a/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md +++ b/docs/ISuite/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md @@ -44,6 +44,3 @@ This topic describes the behavior of the Tenant Cloning Tool with respect to clo > > **Reason for the error**: During migration, the product gets cloned along with the newly revised rate plan in the target tenant. However, while creating the application in the target tenant, the system couldn't locate the revised rate plan ID. The revised rate plan ID was not present in the payload as it belonged to an older subscription, resulting in application creation failure. -> ### Note: -> CacheResources cloning is currently not supported via the Tenant Cloning Tool. You must create it manually on the target Integration Suite using the following service: `/apiportal/api/1.0/Management.svc/CacheResources`. - diff --git a/docs/ISuite/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md b/docs/ISuite/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md index 632c1c1c..9db53c0f 100644 --- a/docs/ISuite/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md +++ b/docs/ISuite/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md @@ -10,7 +10,7 @@ The *devportal-apiaccess* plan allows you to access the API business hub enterpr ## About the Plan -The service key, consisting of url \(application url\), clientId, clientSecret, and tokenUrl is used to generate a Bearer Token with the help of a REST client. This Bearer Token, along with the application url and API endpoint, is used to trigger the APIs. +The service key, consisting of url \(application url\), clientId, clientSecret, and tokenUrl is used to generate a bearer token with the help of a REST client. This bearer token, along with the application url and API endpoint, is used to trigger the APIs. This topic explains how to enable API access for API business hub enterprise. @@ -27,7 +27,7 @@ This topic explains how to enable API access for API business hub enterprise. - You have the `space developer` role assigned to you. - You have created a service instance under the *Authorization and Trust Management* tile. - 1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). + 1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace*. 3. Choose *Authorization and Trust Management* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog that opens, choose the *apiaccess* plan. @@ -43,7 +43,7 @@ This topic explains how to enable API access for API business hub enterprise. The client credentials like url, clientId, and clientSecret details appear for the given service key. -- You have created a destination of type `OAuth2Credentials` to the XSUAA APIs by using the credentials you derived from creating the service key. +- You have created a destination of type `OAuth2Credentials` to the XSUAA APIs by using the credentials you derived from creating the service key. This is required to access the XSUAA APIs for authorization and trust mangement services. 1. From your *Subaccount*, navigate to *Connectivity* \> *Destinations* \> *New Destination*. 2. Choose the service instance that you created above. 3. In the *Destination Configuration* window, provide the details. @@ -80,12 +80,12 @@ This topic explains how to enable API access for API business hub enterprise. ## Creating a Service Instance in the API Management, API business hub enterprise -Create a service instance using API Access plan. +Create a service instance using *devportal-apiaccess* plan. 1. In your web browser, open the *SAP BTP Cockpit* - [https://account.hana.ondemand.com/cockpit](https://account.hana.ondemand.com/cockpit). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API Business Hub Enterprise* \> *Instances* \> *New Instance*. -4. In the *Create Instance* dialog that opens, choose the plan as *devportal-apiaccess*. +4. In the *Create Instance* dialog that opens, choose *devportal-apiaccess*. 5. Click *Next*. 6. In the section *Specify parameters*, provide the details as mentioned below, based on the role you require. diff --git a/docs/ISuite/accessing-api-management-apis-programmatically-24a2c37.md b/docs/ISuite/accessing-api-management-apis-programmatically-24a2c37.md index e4e725a4..ef045fa3 100644 --- a/docs/ISuite/accessing-api-management-apis-programmatically-24a2c37.md +++ b/docs/ISuite/accessing-api-management-apis-programmatically-24a2c37.md @@ -2,7 +2,7 @@ # Accessing API Management APIs Programmatically -The *apiportal-apiaccess* plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the [Business Accelerator Hub](https://api.sap.com/package/APIMgmt/odata). +The *apiportal-apiaccess* plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the SAP Business Accelerator Hub. @@ -22,7 +22,7 @@ The API Access plan allows you to generate a service key by creating a service i - You've enabled API Management capability using Integration suite. For more information, refer [Subscribing to Integration Suite](https://help.sap.com/docs/SAP_INTEGRATION_SUITE/51ab953548be4459bfe8539ecaeee98d/8a3c8b7a6b1c4f249bb81d11644ef806.html?version=CLOUD) and [Activating Capabilities](https://help.sap.com/docs/SAP_INTEGRATION_SUITE/51ab953548be4459bfe8539ecaeee98d/2ffb343c163c48a4b3a90f9f3c487328.html?version=CLOUD). - OR + **OR** You have subscribed to the standalone *API Management, API portal* tile in the Cloud Foundry environment. For more information, see [Set Up API Portal Application](https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/29c281b4a002404eba44e91c6fad0d34.html "To create APIs, products, import policy templates, and view applications, set up the API portal application.") :arrow_upper_right:. @@ -39,19 +39,20 @@ To enable API access for API Management, API portal execute the steps in the sec Create a service instance using API Access plan to generate a service key. -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). -2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* -3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. +1. In your web browser, open the *SAP BTP Cockpit* - . +2. [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap) +3. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* +4. Choose *API Management, API portal* \> *Instances* \> *New Instance*. > ### Note: > If you are unable to view the *API Management, API Portal* tile, please check your entitlements. For more information, see [Managing Entitlements and Quotas Using the Cockpit](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/c8248745dde24afb91479361de336111.html). -4. In the *Create Instance* dialog that opens, choose the *apiportal-apiaccess* plan. -5. In the section *Specify parameters*, paste one of the following JSON codes, to assign a specific role. +5. In the *Create Instance* dialog that opens, choose the *apiportal-apiaccess* plan. +6. In the section *Specify parameters*, paste one of the following JSON codes, to assign a specific role. The following roles are supported for the current scenario: - Assign `APIPortal.Administrator` role to access the API portal APIs and perform operations like create, update, delete on various API portal entities as specified in the [SAP Business Accelerator Hub](https://api.sap.com/package/APIMgmt?section=Artifacts) + Assign `APIPortal.Administrator` role to access the API portal APIs and perform operations like create, update, delete on various API portal entities as specified in the SAP Business Accelerator Hub. ``` @@ -79,8 +80,8 @@ Create a service instance using API Access plan to generate a service key. } ``` -6. Click *Next* until you reach the *Confirm* section -7. In the section *Confirm*, enter a unique *Instance Name* and choose *Finish*. +7. Click *Next* until you reach the *Confirm* section +8. In the section *Confirm*, enter a unique *Instance Name* and choose *Finish*. The creation of service instance is successful. @@ -401,10 +402,10 @@ In the REST Console: 3. Similarly, paste the *clientId* and *clientSecret* in the place of `Username` and `Password`. 4. Make a POST Call. 5. Obtain the Bearer Token from the output and copy it in a notepad. - - Now, to trigger an API, in the same REST Console, append the API endpoint \(obtained from the API portal APIs that are located in the SAP API Management package of API Business Hub\) to the *url*. + - Now, to trigger an API, in the same REST Console, append the API endpoint \(obtained from the API portal APIs that are located in the SAP API Management package in SAP Business Accelerator Hub\) to the *url*. > ### Note: - > Currently, the *apiportal-apiaccess* plan allows you to access only the API Management APIs from the [SAP API Management package](https://api.sap.com/package/APIMgmt?section=Artifacts). + > Currently, the *apiportal-apiaccess* plan allows you to access only the API Management APIs from the SAP API Management package in SAP Business Accelerator Hub. - Choose `Bearer Token` as the `Authorization` type and paste the copied Bearer Token in the specified space. - Include payloads, if needed. diff --git a/docs/ISuite/accessing-on-premise-systems-through-api-management-2fc7a5b.md b/docs/ISuite/accessing-on-premise-systems-through-api-management-2fc7a5b.md index 6925a330..8f226ba0 100644 --- a/docs/ISuite/accessing-on-premise-systems-through-api-management-2fc7a5b.md +++ b/docs/ISuite/accessing-on-premise-systems-through-api-management-2fc7a5b.md @@ -44,7 +44,7 @@ This topic explains how to obtain a service key in order to enable principal pro Create a service instance to generate a service key that is used to enable the principal propagation. -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog, choose *on-premise-connectivity* plan. diff --git a/docs/ISuite/activate-and-configure-api-management-capability-f6eb433.md b/docs/ISuite/activate-and-configure-api-management-capability-f6eb433.md index 24f7a6ec..04c56edd 100644 --- a/docs/ISuite/activate-and-configure-api-management-capability-f6eb433.md +++ b/docs/ISuite/activate-and-configure-api-management-capability-f6eb433.md @@ -76,7 +76,7 @@ To access the *API Settings*, the *APIManagement.Selfservice.Administrator* role **Related Information** -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") +[Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right: [Create an API Provider](50-Development/create-an-api-provider-6b263e2.md "Define the details of the host you want an application to reach by creating an API provider.") diff --git a/docs/ISuite/activate-edge-integration-cell-a8e497f.md b/docs/ISuite/activate-edge-integration-cell-a8e497f.md index b66ace48..49887bf9 100644 --- a/docs/ISuite/activate-edge-integration-cell-a8e497f.md +++ b/docs/ISuite/activate-edge-integration-cell-a8e497f.md @@ -14,6 +14,8 @@ Activate Edge Integration Cell in SAP Integration Suite. - You've activated the *Cloud Integration* capability. For more information, see [Activating and Managing Capabilities](activating-and-managing-capabilities-2ffb343.md). +- You've assigned the *edge\_integration\_cell* service plan to the corresponding subaccount. For more information, see [2903776](https://me.sap.com/notes/2903776). + @@ -21,6 +23,11 @@ Activate Edge Integration Cell in SAP Integration Suite. Edge Integration Cell is an optional hybrid runtime offered as part of SAP Integration Suite. Before starting the actual deployment, you need to activate the Edge Integration Cell option in SAP Integration Suite. +> ### Note: +> The Edge Integration Cell runtime can be activated within designated SAP BTP regions and Cloud Service Providers. +> +> For more information, including the full list of supported regions and the future availability schedule, see [3379690](https://me.sap.com/notes/3379690). + ## Procedure @@ -30,6 +37,6 @@ Edge Integration Cell is an optional hybrid runtime offered as part of SAP Integ 2. Choose *Activate*. Once the Edge Integration Cell is activated, the URL for accessing Edge Lifecycle Management user interface is displayed. You use this user interface to perform all lifecycle management operations. > ### Note: - > Edge Integration Cell URL is enabled as soon as the *Integration Suite* tenant has been successfully created. + > Edge Integration Cell URL is enabled as soon as the *Integration Suite* tenant has been successfully created diff --git a/docs/ISuite/activating-and-managing-capabilities-2ffb343.md b/docs/ISuite/activating-and-managing-capabilities-2ffb343.md index 984cf793..feb1cb56 100644 --- a/docs/ISuite/activating-and-managing-capabilities-2ffb343.md +++ b/docs/ISuite/activating-and-managing-capabilities-2ffb343.md @@ -46,9 +46,9 @@ This topic describes how to add and activate relevant capabilities in Integratio ## Procedure -1. On the Integration Suite home page, under the *Capabilities* section, choose either *Add Capabilities* \(if it's your first time accessing the Integration Suite home page\) or *Manage Capabilities*. +1. On the Integration Suite home page, under the *Capabilities* section, choose either *Add Capabilities* \(if it's your first time accessing the Integration Suite home page\) or *Manage Capabilities* ![](images/AddingCapabilities_SUI_16a5ec1.png). -2. On the *Activate Capabilities* screen, under *Select Capabilities*, select the relevant capabilities as shown in the following table and choose *Next* to configure additional functionality for individual capabilities. +2. On the *Activate Capabilities* screen, under *Select Capabilities*, select the relevant capabilities as shown in the following table and choose *Next* to configure additional functionality for individual capabilities. ![](images/SelectCapabilitySUI_43d96ed.png) @@ -68,6 +68,8 @@ This topic describes how to add and activate relevant capabilities in Integratio @@ -196,7 +203,7 @@ This topic describes how to add and activate relevant capabilities in Integratio
Cloud Integration + + ![](images/CI_SUI_f5734a7.png) @@ -106,7 +108,7 @@ This topic describes how to add and activate relevant capabilities in Integratio - + ![](images/SUI_API_e159e2f.png) @@ -125,7 +127,12 @@ This topic describes how to add and activate relevant capabilities in Integratio - *Manage Business Events* + *Manage Business Events* + + > ### Remember: + > If you're an exisitng customer of the standalone SAP Event Mesh service \(default plan\), you can't subscribe to the Event Mesh capability in the same subaccount. In such cases, you must subscribe to SAP Integration Suite in a different subaccount. + +
-3. Choose *Activate*. +3. Choose *Activate*. ![](images/sui_summary_327220b.png) > ### Note: > - If you face any issues during activation or the activation fails, then refer SAP Note [2904202](https://me.sap.com/notes/2904202) and proceed accordingly. diff --git a/docs/ISuite/activating-api-business-hub-enterprise-a0fb69b.md b/docs/ISuite/activating-api-business-hub-enterprise-a0fb69b.md index 0b9ab790..b1f47a47 100644 --- a/docs/ISuite/activating-api-business-hub-enterprise-a0fb69b.md +++ b/docs/ISuite/activating-api-business-hub-enterprise-a0fb69b.md @@ -1,5 +1,7 @@ + + # Activating API Business Hub Enterprise Steps to activate API business hub enterprise in SAP Integration Suite. API business hub enterprise is one of the the sub-capabilities of API Management with SAP Integration Suite @@ -62,7 +64,17 @@ Access API business hub enterprise -To access the *API Settings*, the *APIManagement.Selfservice.Administrator* role must me assigned to you. +Click on the product switcher icon and select API business hub enterprise. + +> ### Note: +> If you have an SAP Build subscription, the API business hub enterprise tile appears on the home page under*Quick Links* section. Select the tile to navigate to the API business hub enterprise web page. Alternatively, you can click on the product switcher icon on the page header and select API business hub enterprise. + +> ### Note: +> To onboard API business hub enterprise web page, the *AuthGroup.SelfService.Admin* role must me assigned to you. This is an one time activity. +> +> Please be aware that the *Authgroup.API.Admin* role is required for onboarding into the API business hub enterprise. This role will be automatically assigned to your scope once you have been assigned the *AuthGroup.SelfService.Admin* role. After the onboarding process is completed, it is necessary for an admin to assign the *Content Administrator* role to a user in order to access and discover the APIs from different business systems in theAPI business hub enterprise. + + diff --git a/docs/ISuite/add-an-edge-node-d96772f.md b/docs/ISuite/add-an-edge-node-d96772f.md index 0f913380..d3922f7e 100644 --- a/docs/ISuite/add-an-edge-node-d96772f.md +++ b/docs/ISuite/add-an-edge-node-d96772f.md @@ -31,9 +31,6 @@ Add an Edge Node that contains a Kubernetes cluster. 3. Follow the Edge Lifecycle Management procedure [Adding an Edge Node](https://help.sap.com/docs/EDGE_LIFECYCLE_MANAGEMENT/9d5719aae5aa4d479083253ba79c23f9/0a222b9c99d94f56abdcfe27f5be0afa.html?q=get%20the%20kubeconfig%20file%20of%20a%20cluster%20via%20command%20line%20interfaces). Enable High Availability Mode if you want to use the Edge Integration Cell with an HA configuration. - > ### Restriction: - > HTTPS proxy usage for connectivity to SAP Integration Suite Cloud is currently not supported. - diff --git a/docs/ISuite/add-an-sap-process-orchestration-system-5f76723.md b/docs/ISuite/add-an-sap-process-orchestration-system-5f76723.md index ae53b1da..df87571f 100644 --- a/docs/ISuite/add-an-sap-process-orchestration-system-5f76723.md +++ b/docs/ISuite/add-an-sap-process-orchestration-system-5f76723.md @@ -35,23 +35,27 @@ Establish a connection between your SAP Process Orchestration system and Migrati - ESR Content - - `/rep/read/ext` - `/dir/read/ext` + - `/dir/query/ext` - `/rep/support/SimpleQuery` + - `/rep/read/ext` - `/rep/query/ext` + - `/rep/query/int` - Message Monitoring - - `/mdt` - - The endpoints are constructed according to the pattern `://:`, for example, `https://po75-systema.sap:443/AlertRuleInService`. + The endpoints are constructed according to the pattern `://:`, for example, `https://po75-systema.sap:443/CommunicationChannelInService`. You can use Cloud Connector to securely expose these endpoints: - Ensure that your Cloud Connector is connected to your subaccount. See [Establish Connections to SAP BTP](https://help.sap.com/docs/CP_CONNECTIVITY/cca91383641e40ffbe03bdc78f00f681/db9170a7d97610148537d5a84bf79ba2.html?locale=en-US&version=Cloud#establish-connections-to-sap-btp). - Create a new HTTP destination \(cloud to on-premise\) with back-end type *SAP Process Integration*. See [Configure Access Control \(HTTP\)](https://help.sap.com/docs/CP_CONNECTIVITY/cca91383641e40ffbe03bdc78f00f681/e7d4927dbb571014af7ef6ebd6cc3511.html?locale=en-US&version=Cloud). + + > ### Note: + > To avoid potential issues during the connection process, don't use the character `_` \(underscore\) in the address name. + - Limit access to the previously mentioned endpoints and subpaths by changing *Access Policy* to *Path And All Sub-Paths*. @@ -69,7 +73,7 @@ To connect your SAP Process Orchestration system with the Migration Assessment a 2. In the table labeled *SAP Process Orchestration Systems*, choose *Add*. - ![](images/IntegrationSuite_PIMAS_AddPOSystem_4420a65.png) + ![](images/IntegrationSuite_PIMAS_AddPOSystem_ac47311.png) 3. Enter a *System Name*. diff --git a/docs/ISuite/alerting-fe8c67d.md b/docs/ISuite/alerting-fe8c67d.md new file mode 100644 index 00000000..f4ea3d0d --- /dev/null +++ b/docs/ISuite/alerting-fe8c67d.md @@ -0,0 +1,363 @@ + + +# Alerting + +Edge Integration Cell includes alert rules for selected components. You can use these in addition to default alert rules provided by Edge Lifecycle Management. For more information, see [Alerting with SAP Alert Notification Service for SAP BTP](https://help.sap.com/docs/EDGE_LIFECYCLE_MANAGEMENT/9d5719aae5aa4d479083253ba79c23f9/48c168304ed84622ba90d9a88d3698d4.html). + +**Message Service \(Solace Broker\) Alerts** + +These alert rules are related to the most important events that affect the Solace Broker. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Alert Subject + + + +Description + +
+ +Solace StatefulSet not ready + + + +Solace StatefulSet is not ready + +Primary Broker might not be able to startup or Backup Broker is down \(in HA setup\) + +
+ +Solace not available + + + +Solace is not available + +There is no Active Broker pod available, messaging clients will not be able to connect + +
+ +Solace not operational + + + +Operational status is not Active + +The Broker is started but is not operational, messaging clients will not be able to connect + +
+ +Solace Config-Sync not operational + + + +Config-Sync status is not operational + +Broker is started but [Config-Sync](https://docs.solace.com/Features/Config-Sync/Config-Sync-Overview.htm) is not operational, messaging clients will not be able to connect + +
+ +Solace Connections usage is above 80% + + + +Connections usage is quite high + +Connection limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Connections usage is above 95% + + + +Connections usage is very high + +Connection limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Queues and Topic Endpoints usage is above 80% + + + +Queues and Topic Endpoints usage is quite high + +Endpoints limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Queues and Topic Endpoints usage is above 95% + + + +Queues and Topic Endpoints usage is very high + +Endpoints limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Message Storage usage is above 80% + + + +Message Storage usage is quite high + +Message Storage \(Message Spool\) limit is defined by Solace Tier + +
+ +Solace Message Storage usage is above 95% + + + +Message Storage usage is very high + +Message Storage \(Message Spool\) limit is defined by Solace Tier + +
+ +Solace Producers usage is above 80% + + + +Producers \(Ingress Flows\) usage is quite high + +Producers limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Producers usage is above 95% + + + +Producers \(Ingress Flows\) usage is very high + +Producers limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Consumers usage is above 80% + + + +Consumers \(Egress Flows\) usage is quite high + +Consumers limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Consumers usage is above 95% + + + +Consumers \(Egress Flows\) usage is very high + +Consumers limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Transacted Sessions usage is above 80% + + + +Transacted Sessions usage is quite high + +Transacted Sessions limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Transacted Sessions usage is above 95% + + + +Transacted Sessions usage is very high + +Transacted Sessions limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Transactions usage is above 80% + + + +Transactions usage is quite high + +Transactions limit is defined by Solace Tier or Solops Runtime Parameter + +
+ +Solace Transactions usage is above 95% + + + +Transactions usage is very high + +Transactions limit is defined by Solace Tier or Solops Runtime Parameter + +
+ + + + + +## Worker Alerts + +These alert rules are related to important events that affect the Worker. + + + + + + + + + + + + + + + + + + + + + + + +
+ +Alert Subject + + + +Description + +
+ +CPU usage of the Worker Pod exceeds 95% + + + +The CPU usage of the Worker Pod is significantly high. + +The CPU limit is determined by the Worker's Runtime Parameter. + +
+ +Busy thread count of the Worker Pod exceeds 80% + + + +Busy thread count of the Worker Pod is significantly high. + +A high number of HTTP threads are currently processing requests. + +
+ +Busy thread count of the Worker Pod exceeds 95% + + + +Busy thread count of the Worker Pod is extremely high. + +A very high number of HTTP threads are currently processing requests. + +
+ +Worker has stuck artifacts + + + +An artifact is considered stuck if it stays in a transition state for more than 60 minutes. + +Integration Flow\(s\) cannot be started. + +
+ +**Related Information** + + +[Solace Monitor](solace-monitor-26a7894.md "Monitor Solace Broker metrics, keep track of resource utilization, and access information about message VPNs, queues, and clients.") + diff --git a/docs/ISuite/api-lifecycle-5e8ea7d.md b/docs/ISuite/api-lifecycle-5e8ea7d.md index 6a8690f2..0ec901ed 100644 --- a/docs/ISuite/api-lifecycle-5e8ea7d.md +++ b/docs/ISuite/api-lifecycle-5e8ea7d.md @@ -21,5 +21,5 @@ API Management in SAP Integration Suite is used to discover, shape, compose, int [Consume API Proxies](consume-api-proxies-ea561e4.md "Consume API proxies via the API business hub enterprise. In the API business hub enterprise, an application developer registers, explores the API exposed by customers, creates applications, and tests API proxies.") -[Analyze APIs](50-Development/analyze-apis-7712c61.md "Use the capabilities of API Analytics to analyze API usage and performance.") +[Analyze API Proxies](50-Development/analyze-api-proxies-7712c61.md "Use the capabilities of API Analytics to analyze API proxy usage and performance.") diff --git a/docs/ISuite/before-you-start-1d116bd.md b/docs/ISuite/before-you-start-1d116bd.md index 92469294..332b2ac2 100644 --- a/docs/ISuite/before-you-start-1d116bd.md +++ b/docs/ISuite/before-you-start-1d116bd.md @@ -11,6 +11,8 @@ To ensure that your system landscape meets the requirements, complete the follow [Prepare Your Kubernetes Cluster](prepare-your-kubernetes-cluster-46720c5.md "Get to know the requirements for installing Edge Integration Cell on a Kubernetes cluster.") +[Prepare for Deployment on SUSE Rancher Kubernetes Engine \(RKE or RKE2\)](prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md "Before deploying your cluster on SUSE Rancher Kubernetes Engine (RKE or RKE2), perform the following tasks.") + [Prepare for Deployment on Amazon Elastic Kubernetes Service \(EKS\)](prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md "Before deploying your cluster on Amazon Elastic Kubernetes Service (EKS), perform the following tasks.") [Prepare for Deployment on Azure Kubernetes Service \(AKS\)](prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md "Before deploying your cluster on Azure Kubernetes Service (AKS), perform the following tasks.") diff --git a/docs/ISuite/business-data-graph-894e28c.md b/docs/ISuite/business-data-graph-894e28c.md index fcfab4a0..d242afaa 100644 --- a/docs/ISuite/business-data-graph-894e28c.md +++ b/docs/ISuite/business-data-graph-894e28c.md @@ -12,7 +12,7 @@ With Graph, developers use a single API, and the most up-to-date OData V4 and Gr Graph's data graph is constructed as a projection on these data sources. The nodes of the graph represent entities. Entities are composed of attributes – the data fields. Entity-connecting attributes, the edges of the graph, are referred to as associations. This graph is effectively an abstract data model, whose entities are defined as projections on entities from actual data sources \(back-end applications, systems, and microservices\) with one or more APIs. The data graph is constructed at design time in three steps: -1. [Mirrored Entities](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/720a1d89c0294786b8bef822a4201f5e.html "") :arrow_upper_right: +1. [Mirrored Entities](50-Development/mirrored-entities-720a1d8.md) ![](images/bdg_mirrored_enitites_38ef78c.png) @@ -20,13 +20,13 @@ Graph's data graph is constructed as a projection on these data sources. The nod Graph distinguishes known data source types \(for example, SAP S/4HANA, SAP SuccessFactors, and SAP C4C\) and unknown data sources. The mirrored entities of supported SAP data sources are added to the data graph under a reserved SAP namespace \(`sap.s4`, `sap.c4c`, and `sap.hcm`\) and then connected to each other by potentially hundreds of additional semantic associations. Entities from unsupported data sources are mirrored under custom namespaces. -2. [Unified Entities](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/1cded7b0394642a6b8c88b20a03f5f21.html "") :arrow_upper_right: +2. [Unified Entities](50-Development/unified-entities-1cded7b.md) ![](images/bdg_unified_entities_23be9b3.png) Graph then adds additional projections on top of the mirrored entities from supported SAP systems, which we call *unified entities*. Unlike the mirrored entities, these are thoughtfully designed and constructed projections, created by SAP experts under the reserved namespace `sap.graph`. Unified entities follow the SAP One Domain Model compatibility guidelines and are designed to bridge and connect semantically common business concepts from multiple data sources \(for example, `Business Partner`, and `Product`\). This allows client apps to get started with cross-system queries. -3. [Custom Entities](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/b6318bf4cb5f42149470361d70a63a48.html "") :arrow_upper_right: +3. [Custom Entities](50-Development/custom-entities-b6318bf.md) ![](images/bdg_custom_entities_e1829c4.png) @@ -42,7 +42,7 @@ Graph functions as a runtime mediation layer. From the perspective of the API co **Related Information** -[Data Locating Policy](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/28d2c2cd55454c968661b60c0a829abe.html "Data in the business data graph is connected via key-based references.") :arrow_upper_right: +[Data Locating Policy](50-Development/data-locating-policy-28d2c2c.md "Data in the business data graph is connected via key-based references.") -[Modeling Guide](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/5e0bb49f4d52434bb8377e06dda72c75.html#loio5e0bb49f4d52434bb8377e06dda72c75 "SAP employs a set of best-practice modeling guidelines, known as the SAP One Domain Model guidelines. These guidelines are for the data models of new SAP applications, and are used in this guide as recommendations for creating custom entities.") :arrow_upper_right: +[Modeling Guide](50-Development/modeling-guide-5e0bb49.md#loio5e0bb49f4d52434bb8377e06dda72c75 "SAP employs a set of best-practice modeling guidelines, known as the SAP One Domain Model guidelines. These guidelines are for the data models of new SAP applications, and are used in this guide as recommendations for creating custom entities.") diff --git a/docs/ISuite/cancel-api-management-service-subscription-df6df2b.md b/docs/ISuite/cancel-api-management-service-subscription-df6df2b.md index 26b88686..b67f333c 100644 --- a/docs/ISuite/cancel-api-management-service-subscription-df6df2b.md +++ b/docs/ISuite/cancel-api-management-service-subscription-df6df2b.md @@ -42,8 +42,6 @@ If you've enabled the API Management capability via Integration Suite, perform t [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md "API Management protects your backend services. However, API Management needs to establish connectivity to your backend services during an API call execution.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") - [User Roles in API Management](user-roles-in-api-management-7010b58.md "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") [Setting Up API Management with SAP Cloud Identity Services](setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md "SAP Cloud Platform allows customers to connect their SAP Cloud Identity Services with the BTP offerings.") diff --git a/docs/ISuite/components-of-api-management-e02ae53.md b/docs/ISuite/components-of-api-management-e02ae53.md index fa4396d7..64db3596 100644 --- a/docs/ISuite/components-of-api-management-e02ae53.md +++ b/docs/ISuite/components-of-api-management-e02ae53.md @@ -8,11 +8,11 @@ The API Management infrastructure comprises of five key components: - **API Management Runtime**: You can deploy and effectively utilize your APIs. Applications consume the API runtime, request API authentication, and gain access. -- **API Management Design Time**: Serves as a platform for easy API discovery, allowing API administrators to manage, meter, and secure their APIs. Additionally, it enables administrators to define and publish rate plans for their APIs. For more information, see[Build API Proxies](50-Development/build-api-proxies-74c042b.md), [Publish API Proxies](50-Development/publish-api-proxies-75a4a11.md) [Monetize APIs](https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/fcdc89b5c4884d5e8cfb32c5914943ab.html "API Management provides monetization feature to all API providers to generate revenue for using the APIs.") :arrow_upper_right: [Analyze APIs](50-Development/analyze-apis-7712c61.md). +- **API Management Design Time**: Serves as a platform for easy API discovery, allowing API administrators to manage, meter, and secure their APIs. Additionally, it enables administrators to define and publish rate plans for their APIs. For more information, see[Build API Proxies](50-Development/build-api-proxies-74c042b.md), [Publish API Proxies](50-Development/publish-api-proxies-75a4a11.md) [Monetize APIs](https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/fcdc89b5c4884d5e8cfb32c5914943ab.html "API Management provides monetization feature to all API providers to generate revenue for using the APIs.") :arrow_upper_right: [Analyze API Proxies](50-Development/analyze-api-proxies-7712c61.md). - **API business hub enterprise**: It is a self-service portal for application developers. You can discover, browse, and explore APIs. Subscribe to a rate plan and build application. For more information, see [Consume API Proxies](consume-api-proxies-ea561e4.md). -- **API Analytics**: Offers advanced analytical capabilities to track your API usage. Utilize API Analytics to gather data on URL usage, user IDs associated with API calls, latency information, and more. For more information, see [Analyze APIs](50-Development/analyze-apis-7712c61.md). +- **API Analytics**: Offers advanced analytical capabilities to track your API usage. Utilize API Analytics to gather data on URL usage, user IDs associated with API calls, latency information, and more. For more information, see [Analyze API Proxies](50-Development/analyze-api-proxies-7712c61.md). - **API Designer**: API developers have the ability to define, implement, and document APIs. The API Designer offers support for open APIs and allows for the generation of various outputs. For more information, see [Create an API Proxy Using the API Designer](50-Development/create-an-api-proxy-using-the-api-designer-26e1bbd.md). diff --git a/docs/ISuite/concepts-324507c.md b/docs/ISuite/concepts-324507c.md index b99ad7bf..2123fa25 100644 --- a/docs/ISuite/concepts-324507c.md +++ b/docs/ISuite/concepts-324507c.md @@ -113,7 +113,7 @@ Scenario evaluation -A process during which the application uses predefined rules to evaluate the data gathered in a previous data extraction regarding the following factors: if the extracted integration scenarios can be migrated, the expected effort of this migration, and what migration templates can be used. +A process during which the application uses predefined rules to evaluate the data gathered in a previous data extraction. It analyses whether the extracted integration scenarios can be migrated and the migration effort you can expect. diff --git a/docs/ISuite/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md b/docs/ISuite/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md index 3d9b4a59..1d92e94f 100644 --- a/docs/ISuite/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md +++ b/docs/ISuite/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md @@ -11,8 +11,6 @@ Create a new virtual host with default domain or custom domain and update alias, [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md "API Management protects your backend services. However, API Management needs to establish connectivity to your backend services during an API call execution.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") - [User Roles in API Management](user-roles-in-api-management-7010b58.md "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") [Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md "You can deactivate your API Management capability from Integration Suite to disable your account from the API Management service.") diff --git a/docs/ISuite/configuring-user-access-to-sap-integration-suite-2c6214a.md b/docs/ISuite/configuring-user-access-to-sap-integration-suite-2c6214a.md index d3e3158a..1d50cfe7 100644 --- a/docs/ISuite/configuring-user-access-to-sap-integration-suite-2c6214a.md +++ b/docs/ISuite/configuring-user-access-to-sap-integration-suite-2c6214a.md @@ -132,7 +132,7 @@ For more information on role collections, see [Roles and Role Collections](https - Complete the onboarding process - Access the *API Settings* page. See [Setting Up API Management Capability](50-Development/setting-up-api-management-capability-f34e86c.md) - For more information on relevant roles, see [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md). + For more information on relevant roles, see [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right:. For end-to end instructions on how to set up and configure API Management, refer the tutorial [Set Up API Management from Integration Suite | Tutorials for SAP Developers](https://developers.sap.com/tutorials/api-mgmt-isuite-initial-setup.html). @@ -221,7 +221,7 @@ For more information on role collections, see [Roles and Role Collections](https - *EvenMeshAdmin* + *EventMeshAdmin* @@ -239,8 +239,6 @@ For more information on role collections, see [Roles and Role Collections](https Integration Advisor - - For more information on assigning roles, see [Assigning Users](https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/b5226b95e11b42cd9e257ae6d2b0ee0a.html). diff --git a/docs/ISuite/connect-to-your-business-systems-ea9b75c.md b/docs/ISuite/connect-to-your-business-systems-ea9b75c.md index 5c62a637..139bcefe 100644 --- a/docs/ISuite/connect-to-your-business-systems-ea9b75c.md +++ b/docs/ISuite/connect-to-your-business-systems-ea9b75c.md @@ -76,7 +76,7 @@ A destination is ignored during Graph configuration, generation, and activation. **Related Information** -[Create a Business Data Graph in Integration Suite](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/42daf3bfd4f04e60b8967d730c502670.html "As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph.") :arrow_upper_right: +[Create a Business Data Graph in Integration Suite](50-Development/create-a-business-data-graph-in-integration-suite-42daf3b.md "As Tenant administrator in the SAP Integration Suite, you can create a new business data graph. You can also use an existing configuration file to create a business data graph.") -[Actions and Functions](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/3572dfb79f30498d8bd4e5d356efee8c.html "Actions and functions provide a way to introduce server-side behaviors into the otherwise data-centric model. Graph mirrors actions and functions as provided by connected business systems.") :arrow_upper_right: +[Actions and Functions](50-Development/actions-and-functions-3572dfb.md "Actions and functions provide a way to introduce server-side behaviors into the otherwise data-centric model. Graph mirrors actions and functions as provided by connected business systems.") diff --git a/docs/ISuite/connectivity-options-93d82e8.md b/docs/ISuite/connectivity-options-93d82e8.md index f4b35fff..e6f2569f 100644 --- a/docs/ISuite/connectivity-options-93d82e8.md +++ b/docs/ISuite/connectivity-options-93d82e8.md @@ -63,7 +63,7 @@ Sender adapter -Allows SAP Integration Suite to consume messages from queues or subscriptions in SAP Integration Suite, advanced event mesh. +Allows SAP Integration Suite See: [Configure the Advanced Event Mesh Sender Adapter](50-Development/configure-the-advanced-event-mesh-sender-adapter-abd2efc.md) @@ -610,6 +610,22 @@ See: [Configure the AzureStorage Receiver Adapter](50-Development/configure-the- +*Coupa* + +Receiver adapter + + + + +Enables SAP Integration Suite to exchange data with Coupa. Coupa is a business spending management software. + +See: [Coupa Receiver Adapter](50-Development/coupa-receiver-adapter-648ac01.md) + + + + + + *Data Store* Sender adapter @@ -1160,6 +1176,22 @@ See: [Configure the Microsoft SharePoint Receiver Adapter](50-Development/config +*NetSuite* + +Receiver adapter + + + + +Connects SAP Integration Suite to NetSuite. NetSuite is an integrated cloud business software suite, including business accounting, ERP, CRM, and e-commerce software. + +See: [NetSuite Receiver Adapter](50-Development/netsuite-receiver-adapter-618127a.md) + + + + + + *OData* Sender adapter diff --git a/docs/ISuite/consume-api-proxies-ea561e4.md b/docs/ISuite/consume-api-proxies-ea561e4.md index 21f93584..9919475d 100644 --- a/docs/ISuite/consume-api-proxies-ea561e4.md +++ b/docs/ISuite/consume-api-proxies-ea561e4.md @@ -9,15 +9,9 @@ Consume API proxies via the API business hub enterprise. In the API business hub If you've added API business hub enterprise as a capability with Integration suite, or if you’ve subscribed to the API business hub enterprise as part of the standalone API Management subscription, you have the option to experience the new design of the API business hub enterprise user interface along with the classic design. -When you login for the very first time, you’ll still see the classic design of the API business hub enterprise. However, you can use the toggle switch to view the new design. At this point of time, only the Site Administrator can use the toggle switch. - > ### Note: > By default, the Site Administrator has an option to switch from classic to new design and set the new design as the default UI using the **Site Editor.** The Site Administrator has the right to enable the configuration to let all the other users switch between the old and the new design. For more information, see [Customize the Visual Format of the API business hub enterprise](customize-the-visual-format-of-the-api-business-hub-enterprise-2eacd52.md). -Refer this video for a complete walk through of the new design of the API business hub enterprise: - - - ![](images/ABHE_Block_509b298.png) API business hub enterprise is an application that provides a common platform for Application developers to consume API proxies. Every API Management customer is provided with their own API business hub enterprise application on cloud. The API business hub enterprise offers capabilities to onboard application developers, explore and test API proxies, create and subscribe to Applications. @@ -26,6 +20,10 @@ The API business hub enterprise supports the following features: - **Onboard an Application developer**- To explore the API proxies and subscribe to an Application, an Application developer must be registered to the API business hub enterprise. On registering, the Application developer is provided access to the API business hub enterprise. - **Browse Catalog**- Explore the Products \(assembled APIs\) available in the Catalog store, navigate to individual API proxies, read the API Documentation, and view the resources attached to the API proxies. + + > ### Note: + > A limitation within the open-source Swagger library, on which the API business hub enterprise relies, causes slow, improper, or no rendering of API schemas that contain circular references on deeply nested models on the platform. + - **Create Applications** – An Application developer can create on or more applications to consume API proxies. To consume the API proxies, an Application developer must subscribe to an Application \(assembled Products\). It is by subscribing to an Application that you return to the developer the key required to access the API proxies. - **Download JSON**- You can download the open API specification for the APIs that are part of the API business hub enterprise in JSON format. This enables the developer to use the metadata of the APIs for various aspects such as code/SDK generation for developing applications. @@ -36,7 +34,5 @@ The API business hub enterprise supports the following features: **Related Information** -[Configure the API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b71b166d6984e8f81a212568af5ce94.html "You can configure the API business hub enterprise to personalize it for your organization.") :arrow_upper_right: - [Configure API business hub enterprise](configure-api-business-hub-enterprise-54b4607.md "You can configure and customize the API business hub enterprise to suit your organization's needs.") diff --git a/docs/ISuite/creating-a-custom-role-9d827cd.md b/docs/ISuite/creating-a-custom-role-9d827cd.md index d29b1459..556c1aad 100644 --- a/docs/ISuite/creating-a-custom-role-9d827cd.md +++ b/docs/ISuite/creating-a-custom-role-9d827cd.md @@ -91,5 +91,5 @@ You can restrict access to an API product in API Management using a custom role. [Create a Product](50-Development/create-a-product-d769622.md "Explains how to create products to publish a bundle of API proxies together.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") +[Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right: diff --git a/docs/ISuite/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md b/docs/ISuite/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md index 2c3ac0e8..54ca5856 100644 --- a/docs/ISuite/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md +++ b/docs/ISuite/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md @@ -10,7 +10,7 @@ With the API business hub enterprise administrator role you can create an applic ## Prerequisites -You shoul have the *AuthGroup.API.Admin* role assigned to you. For more information on roles, see [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md). +You shoul have the *AuthGroup.API.Admin* role assigned to you. For more information on roles, see [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right:. @@ -65,6 +65,6 @@ An API business hub enterprise administrator can perform the following tasks: > ### Note: > You can create a maximum of 18 custom attributes per application. You cannot modify the name of a created custom attribute. However, you can modify its value whenever required. You can delete a custom attribute if it is no longer needed. - For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/1cbd94c86c054d66b3826f6cd91e0df8.html "") :arrow_upper_right:. + For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](example-accessing-the-custom-attributes-of-an-application-1cbd94c.md). diff --git a/docs/ISuite/creating-an-application-with-application-developer-role-99515fc.md b/docs/ISuite/creating-an-application-with-application-developer-role-99515fc.md index f67f6e1f..41840b72 100644 --- a/docs/ISuite/creating-an-application-with-application-developer-role-99515fc.md +++ b/docs/ISuite/creating-an-application-with-application-developer-role-99515fc.md @@ -10,7 +10,7 @@ As an application developer you can create an application, and view the existing ## Prerequisites -- You have the *AuthGroup.API.ApplicationDeveloper* role assigned to you. For more information on roles, see [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md). +- You have the *AuthGroup.API.ApplicationDeveloper* role assigned to you. For more information on roles, see [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right:. > ### Note: > The *AuthGroup.API.ApplicationDeveloper* role must not be assigned manually to a user form the SAP BTP Cockpit. Also, this role must not be a part of any user group assignment. @@ -64,6 +64,6 @@ You are about to create an application and add products to your application. You > ### Note: > You can create a maximum of 18 custom attributes per application. You cannot modify the name of a created custom attribute. However, you can modify its value whenever required. You can delete a custom attribute if it is no longer needed. - For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/1cbd94c86c054d66b3826f6cd91e0df8.html "") :arrow_upper_right:. + For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](example-accessing-the-custom-attributes-of-an-application-1cbd94c.md). diff --git a/docs/ISuite/deploy-the-edge-integration-cell-solution-ab81b84.md b/docs/ISuite/deploy-the-edge-integration-cell-solution-ab81b84.md index 718e1b25..70a830d0 100644 --- a/docs/ISuite/deploy-the-edge-integration-cell-solution-ab81b84.md +++ b/docs/ISuite/deploy-the-edge-integration-cell-solution-ab81b84.md @@ -190,6 +190,11 @@ Get to know the steps needed to create the Edge Node as a *Runtime Location* in Select this option for production environments. + + > ### Note: + > You need to provide a new, empty database schema for each new deployment. + + @@ -277,7 +282,7 @@ Get to know the steps needed to create the Edge Node as a *Runtime Location* in - Upload Trust CA certificate to connect to PostgreSQL database using TLS. + Upload Trust CA certificate to connect to PostgreSQL database using TLS. CA certificate in PEM format \(Base64 ASCII\), should include only Root CAs required to connect \(size limit 5kB\). @@ -389,7 +394,7 @@ Get to know the steps needed to create the Edge Node as a *Runtime Location* in - Upload Trust CA certificate to connect to external Redis using TLS. + Upload Trust CA certificate to connect to external Redis using TLS.CA certificate in PEM format \(Base64 ASCII\), should include only Root CAs required to connect \(size limit 5kB\). diff --git a/docs/ISuite/edge-integration-cell-runtime-scope-144c64a.md b/docs/ISuite/edge-integration-cell-runtime-scope-144c64a.md index 08f13eac..f5257c59 100644 --- a/docs/ISuite/edge-integration-cell-runtime-scope-144c64a.md +++ b/docs/ISuite/edge-integration-cell-runtime-scope-144c64a.md @@ -233,7 +233,7 @@ Integration content 500 MB -Refer to the SAP Community blog: +Refer to the SAP Community blog: [Content Size Limits](https://blogs.sap.com/2020/08/02/cloud-integration-content-size-limits/) diff --git a/docs/ISuite/edge-local-authentication-and-authorization-510d447.md b/docs/ISuite/edge-local-authentication-and-authorization-510d447.md new file mode 100644 index 00000000..a00f71ba --- /dev/null +++ b/docs/ISuite/edge-local-authentication-and-authorization-510d447.md @@ -0,0 +1,30 @@ + + +# Edge Local Authentication and Authorization + +Edge Local Authentication and Authorization enables operations of integration flows and API proxies without relying on SAP Business Technology Platform \(SAP BTP\) for authentication and authorization in real time. + +Edge Local Authentication and Authorization provides inbound local authentication and authorization for integration flow scenarios and API proxies, removing the real-time dependency on SAP Business Technology Platform. It supports offline authentication and authorization without SAP BTP dependency for client certificate authentication during integration flow processing, and API artifacts invocations. + +> ### Note: +> Edge Local Authentication and Authorization treats all service keys of type *External Certificate* as pinned, regardless of the value of the *Pin Certificate* option. In this case, renewal of client certificates requires re-generating the associated service key. For more information on *Pin Certificates*, see [Creating Service Instance and Service Key for Inbound Authentication](40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md). + + + + + +## Operations + +Edge Local Authentication and Authorization is designed to operate during periods of temporary connectivity loss to SAP BTP. It operates seamlessly by using real-time service instance and service key data from SAP BTP, and doesn't require additional configuration. + +> ### Note: +> Changes made to service instances and service keys in SAP BTP \(such as *Create*, *Modify*, or *Delete*\) are synchronized to the Edge Runtime Location. This process usually takes a few minutes, but in some cases, for example when there are connectivity issues, it can take up to 170 minutes. + +> ### Caution: +> During connectivity loss, changes made to service instances and service keys in SAP BTP can't be synchronized to the Edge Runtime Location. Therefore, if you delete a service key or modify/delete a service instance to offboard a partner, the partner can still operate integration flows and API proxies until the changes synchronize to the Edge Runtime Location. + +**Related Information** + + +[Fix Edge Local Authentication and Authorization Issues](fix-edge-local-authentication-and-authorization-issues-4cddfbe.md "Check and fix issues related to local authentication and authorization.") + diff --git a/docs/ISuite/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md b/docs/ISuite/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md new file mode 100644 index 00000000..e45aa164 --- /dev/null +++ b/docs/ISuite/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md @@ -0,0 +1,80 @@ + + +# Example: Accessing the Custom Attributes of an Application + +Let’s say as a Developer Portal Administrator, you would want to restrict the number of calls to an application based on Application Key. To achieve this result, you create two applications `Application_1` and `Application_2`. + +`Application_1` contains two products namely `Prod_1` and `Prod_2`. + +`Application_2` contains two products namely `Prod_3` and `Prod_4`. + +`Prod_1` and `Prod_2`contain two common APIs namely `API_1` and `API_2`. + +For `Application_1`, add the following custom attributes and its corresponding values: + +- app\_time\_unit = minute +- app\_quota\_interval = 1 +- app\_quota\_count = 9 + +For `Application_2`, add the following custom attributes and its corresponding values: + +- app\_time\_unit = minute +- app\_quota\_interval = 1 +- app\_quota\_count = 5 + +To leverage these custom attributes in your API proxy execution, you must: + +- add a verify API Key policy to the APIs that are part of your application. +- add a Quota policy to APIs that are part of your application. + +For `API_1` and `API_2`, add the following sample policy payloads: + +Sample payload for Verify API Key policy: + +> ### Sample Code: +> ``` +> +> xmlns='http://www.sap.com/apimgmt'> +> +> +> ``` + +Sample payload for Quota policy: + +> ### Sample Code: +> ``` +> +> +> +> +> +> +> +> +> +> true +> +> 2015-2-11 12:00:00 +> +> true +> +> +> +> +> +> ``` + +> ### Note: +> The attribute names `app_quota_interval`, `app_quota_count`, and `app_time_unit` must be the same attributes that you have added while creating the application. + +To verify if the custom attributes are used in runtime, make an API call with `` passed as a query parameter. For example, `https://?apikey=`. + +Call the same URL repeatedly and after 9 successive calls, your API proxy must return a Quota violation message. + +Similarly, make an API call with `` passed as a query parameter. For example,`https://?apikey=`. + +Call the same URL repeatedly and after 6 successive calls, your API proxy must return a Quota violation message. + diff --git a/docs/ISuite/fix-edge-local-authentication-and-authorization-issues-4cddfbe.md b/docs/ISuite/fix-edge-local-authentication-and-authorization-issues-4cddfbe.md new file mode 100644 index 00000000..b426014b --- /dev/null +++ b/docs/ISuite/fix-edge-local-authentication-and-authorization-issues-4cddfbe.md @@ -0,0 +1,136 @@ + + +# Fix Edge Local Authentication and Authorization Issues + +Check and fix issues related to local authentication and authorization. + + + +## Context + +In version 8.18.x of the Edge Integration Cell, a shift was made from the inbound certificate authentication to local authentication. This removes the real-time dependency on the SAP Business Technology Platform SAP BTP for inbound authentication and authorization. Currently, only certificate authentication is supported. Authentication and authorization errors may occur after the solution is upgraded, or after a new service instance of the Process Integration Runtime type is created/modified. Additionally, creating a service key for an existing Process Integration Runtime service instance may also lead to authentication and authorization errors. The following errors occur upon invocation of integration flow or API artefact. + +> ### Output Code: +> ``` +> { +> "error": { +> "code": "unauthorized", +> "message": "{\"result\":{\"access_token\":\"\",\"error\":\" Check SAP Edge Integration Cell authentication logs with ID: 337649\",\"globalSeverity\":1,\"logId\":337649,\"responseCode\":401}}\n" +> } +> } +> +> ``` + +> ### Note: +> Currently, with Edge Local Authentication and Authorization, all service keys of type External Certificate are treated as pinned, regardless of whether *Pin Certificate* is enabled or disabled. Therefore you won’t be able to use renewed client certificates for authentication without regenerating the service key. When encountering such a situation, an authentication error will occur. + +To resolve the authentication error, perform the following steps: + + + +## Procedure + +1. To fetch the Edge Local Authentication and Authorization pods, enter the following command in the kubectl tool: `kubectl get pods -n edge-icell-ela`. This will return a list of pods labeled as `ela-server-xxxxxxxxxx-yyyyy`. + +2. To access the Edge Local Authentication and Authorization logs and save them into a file in your current working directory, enter the following command: `kubectl logs ela-server-xxxxxxxxxx-yyyyy -n edge-icell-ela opa > ela-server-xxxxxxxxxx-yyyyy`. In this context, `ela-server-xxxxxxxxxx-yyyyy` represents the name of the pod from the list generated by the previous command. If multiple pods appear in the list, run the command specified above for every single pod. + +3. Open the files with a text editor and search for the log entries. In particular, look for entries containing the `logId/ID` detailed in the error message. + +4. To troubleshoot based on the error message, follow the subsequent steps. + + + + + + + + + + + + + + + + + + + +
+ + Error Message + + + + Action + +
+ + **\#Error: Unable to find credentials** + + + + First, confirm the creation time of the specific key, which could be of the *Certificate* or *External Certificate* type. The proper operation of the Edge Local Authorization feature depends on these keys being recreated after the implementation of release 2404. + + If you're unsure if a certain key has been recreated, create a new one. Once that's done, you'll need to use this new certificate/key to run the iFlow/API artefact function. + + > ### Note: + > If your service key is of the *External Certificate* type, you don't need to start from scratch - you can use your old certificate when making a new service key. + + Your newly created service key should synchronize with the Edge Local Authentication and Authorization component within a matter of minutes. However, in rarer instances, this synchronization process might extend up to about 170 minutes. Once synchronization is complete, attempt to run the integration flow/API artefact function again. Make sure to use the certificate and key from your new service key. + + If you still encounter the error, create a support ticket on the component *BC-CP-IS-EDG-ELA*. + +
+ + \#Error: Unable to find credentials + + \(for Service Keys of type External Certificate\) + + + + For service keys of type *External Certificate*, check if the client certificate has been renewed. If the client certificate has been renewed, you must recreate the service key of type *External Certificate*, using the newly renewed certificate. You need to do this even if the *Pin Certificate* for the old service key was disabled. + + Your newly created service key should synchronize with the Edge Local Authentication and Authorization component within a matter of minutes. However, in rarer instances, this synchronization process might extend up to about 170 minutes. Once synchronization is complete, attempt to run the integration integration flow/API artefact function again. This time, though, make sure to use the certificate and key from your new service key. + + If you still encounter the error, create a support ticket on the component *BC-CP-IS-EDG-ELA* + +
+ + \#Error: Unable to lookup Service Instance Metadata + + \#Error: Unable to build JWT Metadata + + + + Ensure that the service instance data has been synced to the Edge Local Authentication and Authorization component by following these steps: + + 1. Navigate to the SAP BTP Cockpit. Select the *Process Integration Runtime* service instance associated with the failed authentication. + + 2. Copy the Instance ID + 3. In a kubectl tool, run the following command: `kubectl get secret ci-k.x. -n edge-icell-ela`. . + + For example: `kubectl get secret ci-k.x.817215ee-e40f-476d-bb8d-cd64681493b8 -n edge-icell-ela` + + The output is a secret corresponding to the service instance. + + If the secret is not found, initiate a synchronization operation: + + 4. To start synchronizing the service instance data, perform an update operation on the specific service instance in the SAP BTP cockpit, You don't need to change any part of the service instance configuration for this. + + > ### Note: + > The synchronization of your service instance data with the Edge Local Authentication and Authorization component typically begins promptly, often within just a few minutes. However, please note that in certain cases, this process could take up to 170 minutes. + + 5. To check on the synchronization status of your service instance data, repeat step *c*. + + + + +
+ + +**Related Information** + + +[Creating Service Instance and Service Key for Inbound Authentication](40-RemoteSystems/creating-service-instance-and-service-key-for-inbound-authentication-19af5e2.md "With a service instance, you define how to access a certain SAP BTP service. In the context of SAP Integration Suite , a service instance is the definition of an OAuth client.") + diff --git a/docs/ISuite/fix-keystore-synchronization-issues-1e7489f.md b/docs/ISuite/fix-keystore-synchronization-issues-1e7489f.md new file mode 100644 index 00000000..5e7eba90 --- /dev/null +++ b/docs/ISuite/fix-keystore-synchronization-issues-1e7489f.md @@ -0,0 +1,44 @@ + + +# Fix Keystore Synchronization Issues + +Fix keystore issues by synchronizing the nodes of your Kubernetes cluster with Coordinated Universal Time \(UTC\). + + + + + +## Symptom/Issue + +- The status of the keystore associated with your Edge Integration Cell runtime is *Stored* instead of the expected status, *Deployed*. The status *Stored* means that the keystore of your Edge Integration Cell is deployed but not yet synchronized with the associated runtime. + + > ### Remember: + > You can manage your keystores in the *Monitor* section of the SAP Integration Suite. Search for the *Manage Keystore* tile under *Manage Security*. + +- You find the error “`JWT verification failed`” in the logs of the `esac` pod. The following snippet shows the stack trace of the error in the downloaded diagnostic data from the Edge Node: + + > ### Output Code: + > ``` + > com.sap.cp.security.credstore.client.CredentialStoreErrorResponseException: Unexpected status code 400 while retrieving access token: POST https://credstoreauth.cfapps.us10.hana.ondemand.com/api/v1/token HTTP/1.1 {"errorCode":"invalid_grant","errorDescription":"JWT verification failed","httpStatus":"BAD_REQUEST"} + > at com.sap.cp.security.credstore.client.OAuthTokenRetriever.retryTokenRequest(OAuthTokenRetriever.java:154) + > at com.sap.cp.security.credstore.client.OAuthTokenRetriever.parseToken(OAuthTokenRetriever.java:91) + > at com.sap.cp.security.credstore.client.OAuthTokenRetriever.retrieveNewOAuthToken(OAuthTokenRetriever.java:171) + > at com.sap.cp.security.credstore.client.OAuthTokenRetrieverNamespace.obtainNewToken(OAuthTokenRetrieverNamespace.java:145) + > at com.sap.cp.security.credstore.client.OAuthTokenRetrieverNamespace.computeCachedToken(OAuthTokenRetrieverNamespace.java:138) + > + > + > ``` + + You can access the stack trace by following this navigation path in the diagnostics zip file:`edge-icell/pod-logs/edge-icell/esac-/esac`. + + For more information, see [Downloading Diagnostic Data from an Edge Node](https://help.sap.com/docs/EDGE_LIFECYCLE_MANAGEMENT/9d5719aae5aa4d479083253ba79c23f9/3ac0188c92124823a2ce921f40e317af.html). + + + + + + +## Solution + +Contact the administrator of the Kubernetes cluster and ask them to synchronize the time of the nodes of the Kubernetes cluster with Coordinated Universal Time \(UTC\). For more information, see [Time synchronization in Kubernetes](https://kubeops.net/blog/time-synchronization-in-kubernetes). + diff --git a/docs/ISuite/images/AddingCapabilities_SUI_16a5ec1.png b/docs/ISuite/images/AddingCapabilities_SUI_16a5ec1.png new file mode 100644 index 00000000..78443e20 Binary files /dev/null and b/docs/ISuite/images/AddingCapabilities_SUI_16a5ec1.png differ diff --git a/docs/ISuite/images/CBR_ASYNC_0003_b742101.png b/docs/ISuite/images/CBR_ASYNC_0003_b742101.png new file mode 100644 index 00000000..2a2b0394 Binary files /dev/null and b/docs/ISuite/images/CBR_ASYNC_0003_b742101.png differ diff --git a/docs/ISuite/images/CI_SUI_f5734a7.png b/docs/ISuite/images/CI_SUI_f5734a7.png new file mode 100644 index 00000000..c70f2db2 Binary files /dev/null and b/docs/ISuite/images/CI_SUI_f5734a7.png differ diff --git a/docs/ISuite/images/EIC-Landscape1_bd52867.png b/docs/ISuite/images/EIC-Landscape1_bd52867.png index 833551be..847de2b4 100644 Binary files a/docs/ISuite/images/EIC-Landscape1_bd52867.png and b/docs/ISuite/images/EIC-Landscape1_bd52867.png differ diff --git a/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_4420a65.png b/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_4420a65.png deleted file mode 100644 index 735629d9..00000000 Binary files a/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_4420a65.png and /dev/null differ diff --git a/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_ac47311.png b/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_ac47311.png new file mode 100644 index 00000000..c426bbcd Binary files /dev/null and b/docs/ISuite/images/IntegrationSuite_PIMAS_AddPOSystem_ac47311.png differ diff --git a/docs/ISuite/images/RL_ASYNC_0003_5163d0f.png b/docs/ISuite/images/RL_ASYNC_0003_5163d0f.png new file mode 100644 index 00000000..8f52664b Binary files /dev/null and b/docs/ISuite/images/RL_ASYNC_0003_5163d0f.png differ diff --git a/docs/ISuite/images/SUI_API_e159e2f.png b/docs/ISuite/images/SUI_API_e159e2f.png new file mode 100644 index 00000000..8b13a259 Binary files /dev/null and b/docs/ISuite/images/SUI_API_e159e2f.png differ diff --git a/docs/ISuite/images/SelectCapabilitySUI_43d96ed.png b/docs/ISuite/images/SelectCapabilitySUI_43d96ed.png new file mode 100644 index 00000000..ecd56e8f Binary files /dev/null and b/docs/ISuite/images/SelectCapabilitySUI_43d96ed.png differ diff --git a/docs/ISuite/images/sui_summary_327220b.png b/docs/ISuite/images/sui_summary_327220b.png new file mode 100644 index 00000000..d7cf873f Binary files /dev/null and b/docs/ISuite/images/sui_summary_327220b.png differ diff --git a/docs/ISuite/index.md b/docs/ISuite/index.md index dc496daf..55df1bee 100644 --- a/docs/ISuite/index.md +++ b/docs/ISuite/index.md @@ -9,6 +9,7 @@ - [Edge Integration Cell Runtime Scope](edge-integration-cell-runtime-scope-144c64a.md) - [Patch Release Notes for SAP Integration Suite](patch-release-notes-for-sap-integration-suite-58595b5.md) - [Patch Releases for Cloud Integration and Related Components](patch-releases-for-cloud-integration-and-related-components-023a472.md) + - [Understanding Software Version Numbers](understanding-software-version-numbers-caad468.md) - [Initial Setup of SAP Integration Suite](10-InitialSetup/initial-setup-of-sap-integration-suite-3dcf507.md) - [Get an SAP Business Technology Platform Account](10-InitialSetup/get-an-sap-business-technology-platform-account-1eda403.md) - [Production Account](10-InitialSetup/production-account-24ef511.md) @@ -33,9 +34,8 @@ - [API Management Service Plans](api-management-service-plans-e064663.md) - [Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md) - [Deleting an API Management, API Portal Service Instance](deleting-an-api-management-api-portal-service-instance-59408e8.md) - - [Accessing API business hub enterprise APIs Programmatically](accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md) - [Managing Cloud Foundry Microservices through API Management](managing-cloud-foundry-microservices-through-api-management-e609a3e.md) - - [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md) + - [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md) - [Accessing On-Premise Systems through API Management](accessing-on-premise-systems-through-api-management-2fc7a5b.md) - [Additional Configurations for API Management](additional-configurations-for-api-management-5ac63ab.md) - [Configuring Additional Virtual Host in Cloud Foundry Environment](configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md) @@ -43,10 +43,9 @@ - [Configuring a Default Domain for a Virtual Host](configuring-a-default-domain-for-a-virtual-host-1085228.md) - [Configuring Mutual TLs for Virtual Host](configuring-mutual-tls-for-virtual-host-9faf7ce.md) - [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md) - - [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md) + - [User Roles in API Management](user-roles-in-api-management-7010b58.md) - [Assigning Role Collections to Users](assigning-role-collections-to-users-80bb02e.md) - [Creating a Custom Role](creating-a-custom-role-9d827cd.md) - - [User Roles in API Management](user-roles-in-api-management-7010b58.md) - [Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md) - [Setting Up API Management with SAP Cloud Identity Services](setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md) - [Establishing Trust between SAP Cloud Identity Account and BTP Offerings](establishing-trust-between-sap-cloud-identity-account-and-btp-offerings-7208200.md) @@ -54,7 +53,7 @@ - [API Documentation](api-documentation-e26b332.md) - [Limits in API Management](limits-in-api-management-f70f425.md) - [Migration of API Management Content](APIM-Migration/migration-of-api-management-content-d66b3e5.md) - - [Migrating API Management from Neo to Cloud Foundry Environment](APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md) + - [Migrating API Management from Neo to Multi-Cloud Foundation](APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md) - [Prerequisites](APIM-Migration/prerequisites-c1904bc.md) - [Clone API Management Content](APIM-Migration/clone-api-management-content-7abd887.md) - [Cloned and Uncloned Entities](APIM-Migration/cloned-and-uncloned-entities-8973ca0.md) @@ -87,6 +86,7 @@ - [Custom OData Services](custom-odata-services-1e0a6cb.md) - [API Business Hub Enterprise](api-business-hub-enterprise-41f7c45.md) - [Activating API Business Hub Enterprise](activating-api-business-hub-enterprise-a0fb69b.md) + - [Accessing API business hub enterprise APIs Programmatically](accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md) - [Centralized API business hub enterprise](centralized-api-business-hub-enterprise-38422de.md) - [Create a Connection Request for the Centralized API business hub enterprise](create-a-connection-request-for-the-centralized-api-business-hub-enterprise-c7bda8c.md) - [Updating the Connection Request Credentials for a Pending Request](updating-the-connection-request-credentials-for-a-pending-request-dd37a7b.md) @@ -109,6 +109,7 @@ - [Create an Application](create-an-application-a501a6d.md) - [Creating an Application with Application Developer Role](creating-an-application-with-application-developer-role-99515fc.md) - [Creating an Application with API business hub enterprise Administrator Role](creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md) + - [Example: Accessing the Custom Attributes of an Application](example-accessing-the-custom-attributes-of-an-application-1cbd94c.md) - [Consume Applications](consume-applications-d4f6fda.md) - [Analyze Applications](analyze-applications-deb57dd.md) - [Consume API Proxies Using SAP Business Application Studio](consume-api-proxies-using-sap-business-application-studio-15732eb.md) @@ -124,16 +125,19 @@ - [Event Mesh Scope](event-mesh-scope-4a89370.md) - [Glossary for Event Mesh](glossary-for-event-mesh-501ba2d.md) - [Initiating the Message Broker](initiating-the-message-broker-61eb5dd.md) + - [Trading Partner Management](trading-partner-management-28fe3dc.md) - [Setting Up and Managing Edge Integration Cell](setting-up-and-managing-edge-integration-cell-8f7abc2.md) - [Operating Model](operating-model-db1e7cc.md) - [Initial Setup](initial-setup-64ac761.md) - [Before You Start](before-you-start-1d116bd.md) - [High Availability](high-availability-bb56486.md) - [Plan Your Setup of Edge Integration Cell](plan-your-setup-of-edge-integration-cell-217fed1.md) + - [Edge Local Authentication and Authorization](edge-local-authentication-and-authorization-510d447.md) - [Sizing Guidelines](sizing-guidelines-bcc6f62.md) - [Prepare Your Kubernetes Cluster](prepare-your-kubernetes-cluster-46720c5.md) - [Prepare for Deployment on Amazon Elastic Kubernetes Service \(EKS\)](prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md) - [Prepare for Deployment on Azure Kubernetes Service \(AKS\)](prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md) + - [Prepare for Deployment on Red Hat OpenShift \(OCP\)](prepare-for-deployment-on-red-hat-openshift-ocp-21ae0fd.md) - [Prepare for Deployment on SUSE Rancher Kubernetes Engine \(RKE or RKE2\)](prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md) - [Deploy Edge Integration Cell on a Kubernetes Cluster](deploy-edge-integration-cell-on-a-kubernetes-cluster-e1d44b6.md) - [Activate Edge Integration Cell](activate-edge-integration-cell-a8e497f.md) @@ -159,6 +163,7 @@ - [Solace Monitor](solace-monitor-26a7894.md) - [Runtime Parameters](runtime-parameters-63c5276.md) - [System Monitoring](system-monitoring-689a9a1.md) + - [Alerting](alerting-fe8c67d.md) - [Application Monitoring](application-monitoring-c9863ba.md) - [Monitor Message Processing for Edge Integration Cell](monitor-message-processing-for-edge-integration-cell-5f81258.md) - [Manage Integration Content for Edge Integration Cell](manage-integration-content-for-edge-integration-cell-67f5489.md) @@ -458,6 +463,7 @@ - [AzureStorage Receiver Adapter for Fileshare Storage](50-Development/azurestorage-receiver-adapter-for-fileshare-storage-1ea5b2b.md) - [AzureStorage Receiver Adapter for Queue Storage](50-Development/azurestorage-receiver-adapter-for-queue-storage-e683a21.md) - [AzureStorage Receiver Adapter for Table Storage](50-Development/azurestorage-receiver-adapter-for-table-storage-ab7c20f.md) + - [Coupa Receiver Adapter](50-Development/coupa-receiver-adapter-648ac01.md) - [Data Store Sender Adapter](50-Development/data-store-sender-adapter-4f5ef3f.md) - [Dropbox Adapter](50-Development/dropbox-adapter-578148d.md) - [Configure the Dropbox Sender Adapter](50-Development/configure-the-dropbox-sender-adapter-de61991.md) @@ -505,6 +511,7 @@ - [Microsoft SharePoint Adapter](50-Development/microsoft-sharepoint-adapter-c943b90.md) - [Configure the Microsoft SharePoint Sender Adapter](50-Development/configure-the-microsoft-sharepoint-sender-adapter-ce41e85.md) - [Configure the Microsoft SharePoint Receiver Adapter](50-Development/configure-the-microsoft-sharepoint-receiver-adapter-b12b33a.md) + - [NetSuite Receiver Adapter](50-Development/netsuite-receiver-adapter-618127a.md) - [OData Adapter](50-Development/odata-adapter-2d82511.md) - [Configure the OData Sender Adapter](50-Development/configure-the-odata-sender-adapter-de7aee5.md) - [Configure the OData V2 Receiver Adapter](50-Development/configure-the-odata-v2-receiver-adapter-c5c2e38.md) @@ -585,13 +592,17 @@ - [ID Mapping Example](50-Development/id-mapping-example-581ecfc.md) - [Working with Data Types & Message Types](50-Development/working-with-data-types-message-types-cf1d397.md) - [Creating Data Types and Message Types](50-Development/creating-data-types-and-message-types-d5bbbee.md) - - [Data Types](50-Development/data-types-97ad101.md) - - [Message Types](50-Development/message-types-2eb71b8.md) + - [Configuring Data Types](50-Development/configuring-data-types-97ad101.md) + - [Configuring Message Types](50-Development/configuring-message-types-2eb71b8.md) - [Consuming Message Types in Message Mapping](50-Development/consuming-message-types-in-message-mapping-34f6345.md) - [Working with Function Libraries](50-Development/working-with-function-libraries-dd8c30d.md) - [Creating a Function Libraries Artifact](50-Development/creating-a-function-libraries-artifact-950b897.md) - [Import Function Library from ES Repository](50-Development/import-function-library-from-es-repository-d6e7585.md) - [Consuming Function Library in Message Mapping](50-Development/consuming-function-library-in-message-mapping-d4dcb4a.md) + - [Working with Imported Archives](50-Development/working-with-imported-archives-e00e81d.md) + - [Creating an Imported Archives Artifact](50-Development/creating-an-imported-archives-artifact-e555caf.md) + - [Reuse Imported Archives Objects from ES Repository](50-Development/reuse-imported-archives-objects-from-es-repository-4196091.md) + - [Consuming Imported Archives](50-Development/consuming-imported-archives-e7562a7.md) - [Developing Script and Script Collection](50-Development/developing-script-and-script-collection-e60f706.md) - [Creating a Script Collection](50-Development/creating-a-script-collection-824bff0.md) - [Creating Scripts in a Script Collection](50-Development/creating-scripts-in-a-script-collection-ed9b52c.md) @@ -1109,18 +1120,86 @@ - [Authentication](50-Development/authentication-fa6eec4.md) - [Authorization](50-Development/authorization-6658409.md) - [JSON Threat Protection](50-Development/json-threat-protection-c4991a6.md) + - [API Validation](50-Development/api-validation-02ff41b.md) - [Enabling CORS Support](50-Development/enabling-cors-support-03e1136.md) - [Deploying an API Artifact](50-Development/deploying-an-api-artifact-b70e7ec.md) + - [Graph](50-Development/graph-7d19a62.md) + - [What Is Graph?](50-Development/what-is-graph-456fc54.md) + - [Business Data Graph](50-Development/business-data-graph-e1a2171.md) + - [Mirrored Entities](50-Development/mirrored-entities-720a1d8.md) + - [Unified Entities](50-Development/unified-entities-1cded7b.md) + - [Custom Entities](50-Development/custom-entities-b6318bf.md) + - [Configure](50-Development/configure-1b52dd1.md) + - [Configuration Guide](50-Development/configuration-guide-cb0df0a.md) + - [Role of the Administrator](50-Development/role-of-the-administrator-7b44365.md) + - [Creating the Landscape](50-Development/creating-the-landscape-0f86e9a.md) + - [Setting Up Data Sources](50-Development/setting-up-data-sources-24df219.md) + - [Enabling Client Applications](50-Development/enabling-client-applications-e904119.md) + - [Enabling Users](50-Development/enabling-users-2d113a1.md) + - [Enabling Key Users](50-Development/enabling-key-users-de14c49.md) + - [Enterprise Landscapes](50-Development/enterprise-landscapes-9d7be62.md) + - [Data Locating Policy](50-Development/data-locating-policy-28d2c2c.md) + - [Configuration Strategies - Use Cases](50-Development/configuration-strategies-use-cases-3652dcb.md) + - [Configuration Reference](50-Development/configuration-reference-187ac43.md) + - [Initial Setup](50-Development/initial-setup-12ad448.md) + - [Connect to Your Business Systems](50-Development/connect-to-your-business-systems-1a0dd22.md) + - [SAP S/4HANA Cloud](50-Development/sap-s-4hana-cloud-a7eca35.md) + - [SAP S/4HANA](50-Development/sap-s-4hana-e1af62b.md) + - [SAP Sales Cloud](50-Development/sap-sales-cloud-a22152f.md) + - [SAP SuccessFactors](50-Development/sap-successfactors-70962fb.md) + - [Custom OData Services](custom-odata-services-1e0a6cb.md) + - [Create a Business Data Graph in Integration Suite](50-Development/create-a-business-data-graph-in-integration-suite-42daf3b.md) + - [Business Data Graph Configuration File](50-Development/business-data-graph-configuration-file-e93d38c.md) + - [Manage Business Data Graphs using Graph Configuration API](50-Development/manage-business-data-graphs-using-graph-configuration-api-655bf12.md) + - [Getting Started](50-Development/getting-started-7bb3603.md) + - [Configuration API Specification and Usage](50-Development/configuration-api-specification-and-usage-b5b27c9.md) + - [Modify Your Business Data Graph](50-Development/modify-your-business-data-graph-0084c4d.md) + - [Extend Your Business Data Graph](50-Development/extend-your-business-data-graph-bb4f072.md) + - [Enable Client Applications](50-Development/enable-client-applications-09d7783.md) + - [Model](50-Development/model-31f8c54.md) + - [Modeling Guide](50-Development/modeling-guide-5e0bb49.md#loio5e0bb49f4d52434bb8377e06dda72c75) + - [Modeling Principles and Design Guidelines](50-Development/modeling-guide-5e0bb49.md#loioc354e55333e8433ab67ea6a02010f396) + - [Modeling Reference](50-Development/modeling-reference-8790d64.md) + - [Projection Definition File Format](50-Development/projection-definition-file-format-fab3489.md) + - [Entities](50-Development/entities-6426313.md) + - [Header Properties](50-Development/header-properties-8951a9f.md) + - [Attributes](50-Development/attributes-3eb6109.md#loio3eb61094d6674178beb9726e3a8e0990) + - [Attribute Names](50-Development/attributes-3eb6109.md#loio68627239a5be455d93c5d6173e2b202d) + - [Attribute Types](50-Development/attributes-3eb6109.md#loio38ca8c48464048efb22635f8b07fc78f) + - [Attribute Properties](50-Development/attribute-properties-28c634a.md) + - [Transform Functions](50-Development/transform-functions-cec1e73.md) + - [Modeling Example](50-Development/modeling-example-b8ab0c4.md) + - [Develop](50-Development/develop-68ce43a.md) + - [Developer Guide](50-Development/developer-guide-93b23df.md) + - [Getting Started](50-Development/getting-started-8fb14e0.md) + - [Application Archetypes](50-Development/application-archetypes-4db0c0b.md) + - [Authentication](50-Development/authentication-79aabda.md) + - [The Graph OData V4 API](50-Development/the-graph-odata-v4-api-79162b2.md) + - [Metadata](50-Development/metadata-c90a80c.md) + - [OData](50-Development/odata-37e592e.md) + - [Actions and Functions](50-Development/actions-and-functions-3572dfb.md) + - [Navigation](50-Development/navigation-b4378a0.md) + - [GraphQL](50-Development/graphql-de72309.md) + - [Queries](50-Development/queries-2205ef9.md) + - [Mutations](50-Development/mutations-499950b.md) + - [Developer Reference](50-Development/developer-reference-74668b7.md) + - [Graph Syntax Diagrams](50-Development/graph-syntax-diagrams-86101be.md) + - [Graph Navigator in SAP API Business Hub Enterprise](50-Development/graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md) + - [Security](50-Development/security-7a9198c.md) + - [Data Protection and Privacy for Graph](50-Development/data-protection-and-privacy-for-graph-9b09c0e.md) - [B2B Scenarios](50-Development/b2b-scenarios-c55eb4d.md) - [Understanding the Basic Concepts](50-Development/understanding-the-basic-concepts-74c068d.md) - [Getting Started with B2B Scenarios in SAP Integration Suite](50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md) - [Creating a Company Profile](50-Development/creating-a-company-profile-909d928.md) - [AS2 Security Configuration](50-Development/as2-security-configuration-dd0cf80.md) - [Creating a Trading Partner Profile](50-Development/creating-a-trading-partner-profile-542fb11.md) + - [Creating a Communication Partner Profile](50-Development/creating-a-communication-partner-profile-49a6b02.md) - [Creating an Agreement Template](50-Development/creating-an-agreement-template-9692cb1.md) + - [Archiving Payload Data](50-Development/archiving-payload-data-b927e01.md) - [Migrating an Agreement Template](50-Development/migrating-an-agreement-template-70c469b.md) - [Creating a Trading Partner Agreement](50-Development/creating-a-trading-partner-agreement-9bd43c9.md) - [Understanding Identifiers in Agreement](50-Development/understanding-identifiers-in-agreement-783e935.md) + - [Define Mapping between Group Identifiers](50-Development/define-mapping-between-group-identifiers-047f4eb.md) - [Migrating an Agreement](50-Development/migrating-an-agreement-bdcf534.md) - [Activating a Trading Partner Agreement](50-Development/activating-a-trading-partner-agreement-baed0e3.md) - [Copying a Trading Partner Agreement](50-Development/copying-a-trading-partner-agreement-02600be.md) @@ -1128,6 +1207,7 @@ - [Import and Export Agreements](50-Development/import-and-export-agreements-09400a2.md) - [Update MIGs/MAGs](50-Development/update-migs-mags-c47533b.md) - [Activate/Deactivate Agreements](50-Development/activate-deactivate-agreements-e068e37.md) + - [Migrate Templates/Agreements](50-Development/migrate-templates-agreements-ad58414.md) - [Export Data](50-Development/export-data-c387134.md) - [Configuration Manager](50-Development/configuration-manager-7daf06c.md) - [Partner Directory Data](50-Development/partner-directory-data-1d92d5c.md) @@ -1146,7 +1226,9 @@ - [Integration Content Development](50-Development/integration-content-development-4524e53.md) - [Custom Type Systems](50-Development/custom-type-systems-884bb25.md) - [Adding a Custom Message](50-Development/adding-a-custom-message-8b7eb45.md) + - [Adding a Custom Codelist](50-Development/adding-a-custom-codelist-fa0c76f.md) - [Deleting a Custom Message](50-Development/deleting-a-custom-message-e6abb6e.md) + - [Deleting a Custom Codelist](50-Development/deleting-a-custom-codelist-01ad9ee.md) - [Limitations](50-Development/limitations-496a7d9.md) - [Message Implementation Guidelines \(MIGs\)](50-Development/message-implementation-guidelines-migs-f9f2bab.md) - [Creating a New Message Implementation Guideline](50-Development/creating-a-new-message-implementation-guideline-b894de0.md) @@ -1188,12 +1270,13 @@ - [Exporting MIG/MAG](50-Development/exporting-mig-mag-c8bba26.md) - [Exporting Documentation](50-Development/exporting-documentation-f7dbd2d.md) - [Exporting Runtime Artifacts](50-Development/exporting-runtime-artifacts-5ab4cfe.md) + - [Creating OAuth Client Credentials for Cloud Foundry Environment](50-Development/creating-oauth-client-credentials-for-cloud-foundry-environment-50b63c6.md) - [Inject Mapping Artifacts to SAP Cloud Integration](50-Development/inject-mapping-artifacts-to-sap-cloud-integration-47ad97e.md) - [Consuming Artifacts in Integration Flows](50-Development/consuming-artifacts-in-integration-flows-a33a6c6.md) - [Test](50-Development/test-69499e8.md) - [Test API Proxies](50-Development/test-api-proxies-75cccc3.md) - [Configure](50-Development/configure-1c90aea.md) - - [Configure](50-Development/configure-0bb111e.md) + - [Configure APIs](50-Development/configure-apis-0bb111e.md) - [Build API Proxies](50-Development/build-api-proxies-74c042b.md) - [Key Components of an API](50-Development/key-components-of-an-api-19c0654.md) - [API Proxy](50-Development/api-proxy-8962643.md) @@ -1268,6 +1351,7 @@ - [Endpoint Property Reference](50-Development/endpoint-property-reference-c196cf0.md) - [Proxy Endpoint Properties](50-Development/proxy-endpoint-properties-1705a92.md) - [Target Endpoint Properties](50-Development/target-endpoint-properties-edeed6a.md) + - [Handling Faults using FaultRules and DefaultFaultRule](50-Development/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md) - [Different Methods of Creating an API Proxy](50-Development/different-methods-of-creating-an-api-proxy-4ac0431.md) - [Create an API Proxy](50-Development/create-an-api-proxy-c0842d5.md) - [Create an API Proxy by Referring to an API Provider System](50-Development/create-an-api-proxy-by-referring-to-an-api-provider-system-84628b9.md) @@ -1289,6 +1373,7 @@ - [Export and Import of API Definition](50-Development/export-and-import-of-api-definition-901fbde.md) - [Export an API Definition](50-Development/export-an-api-definition-420abb6.md) - [Import an API Definition](50-Development/import-an-api-definition-9342a93.md) + - [Edit an API Proxy](50-Development/edit-an-api-proxy-a64b952.md) - [Additional Configurations](50-Development/additional-configurations-de7285c.md) - [API Providers](50-Development/api-providers-42e13b2.md) - [Create an API Provider](50-Development/create-an-api-provider-6b263e2.md) @@ -1323,7 +1408,6 @@ - [Copy an API Proxy](50-Development/copy-an-api-proxy-23974d6.md) - [Create a Policy](50-Development/create-a-policy-c90b895.md) - [Create a Script](50-Development/create-a-script-8938a24.md) - - [Edit an API Proxy](50-Development/edit-an-api-proxy-a64b952.md) - [Delete an API Proxy](50-Development/delete-an-api-proxy-5cd89a3.md) - [Externally Managed APIs](50-Development/externally-managed-apis-848015d.md) - [Adding Externally Managed APIs](50-Development/adding-externally-managed-apis-523ff94.md) @@ -1468,7 +1552,12 @@ - [Key Performance Indicators for Archiving Runs](50-Development/key-performance-indicators-for-archiving-runs-7279d38.md) - [Central Monitoring and Alerting Solutions](50-Development/central-monitoring-and-alerting-solutions-605fc6e.md) - [Monitor APIs](50-Development/monitor-apis-399b6c6.md) - - [Analyze APIs](50-Development/analyze-apis-7712c61.md) + - [Monitor Event Mesh](50-Development/monitor-event-mesh-d975934.md) + - [B2B Monitoring](50-Development/b2b-monitoring-9dc75c8.md) + - [Monitoring B2B Messages](50-Development/monitoring-b2b-messages-b5e1fc9.md) + - [Payload Indicator in Integration Flow Message Processing](50-Development/payload-indicator-in-integration-flow-message-processing-7f322c0.md) + - [Analyze](50-Development/analyze-c234558.md) + - [Analyze API Proxies](50-Development/analyze-api-proxies-7712c61.md) - [API Analytics](50-Development/api-analytics-6766dc3.md) - [Analytics Dashboard](50-Development/analytics-dashboard-ee416ac.md) - [Working with the Analytics Dashboard](50-Development/working-with-the-analytics-dashboard-e07e815.md) @@ -1482,12 +1571,8 @@ - [Enabling Anomaly Detection](50-Development/enabling-anomaly-detection-98534a0.md) - [Configuring APIs for Anomaly Detection](50-Development/configuring-apis-for-anomaly-detection-9e7e5d1.md) - [Working with Detected Anomalies](50-Development/working-with-detected-anomalies-1c677b2.md) - - [Subscribing to Email Notification Alerts](50-Development/subscribing-to-email-notification-alerts-88e96f4.md) + - [Subscribing to Notification Alerts](50-Development/subscribing-to-notification-alerts-88e96f4.md) - [SAP Analytics Cloud for SAP Integration Suite](50-Development/sap-analytics-cloud-for-sap-integration-suite-fb3648a.md) - - [B2B Monitoring](50-Development/b2b-monitoring-9dc75c8.md) - - [Monitoring B2B Messages](50-Development/monitoring-b2b-messages-b5e1fc9.md) - - [Payload Indicator in Integration Flow Message Processing](50-Development/payload-indicator-in-integration-flow-message-processing-7f322c0.md) - - [Monitor Event Mesh](50-Development/monitor-event-mesh-d975934.md) - [Inspect](50-Development/inspect-a4d5e49.md) - [Inspect Data Store Usage](50-Development/inspect-data-store-usage-fcc08f6.md) - [Inspect Top Local Data Stores by Usage](50-Development/inspect-top-local-data-stores-by-usage-55670e6.md) @@ -1596,6 +1681,10 @@ - [Fix Connectivity Issues](fix-connectivity-issues-59e80e4.md) - [Fix Edge Integration Cell Upgrade Issues](fix-edge-integration-cell-upgrade-issues-9176ad7.md) - [Fix Integration Flow Deployment Issues](fix-integration-flow-deployment-issues-d2d5586.md) + - [Fix Edge Local Authentication and Authorization Issues](fix-edge-local-authentication-and-authorization-issues-4cddfbe.md) + - [Fix Keystore Synchronization Issues](fix-keystore-synchronization-issues-1e7489f.md) +- [Monitoring and Troubleshooting for Graph](monitoring-and-troubleshooting-for-graph-2cfb06c.md) + - [Limits](limits-a61f1ce.md) - [Support](70-Support/support-6abc874.md) - [Accessibility Features in SAP Integration Suite](accessibility-features-in-sap-integration-suite-e3e04a8.md) - [Accessibility Features in SAP Trading Partner Management](accessibility-features-in-sap-trading-partner-management-c17213a.md) diff --git a/docs/ISuite/initial-setup-17ab4a2.md b/docs/ISuite/initial-setup-17ab4a2.md index 928e81ca..cc096b76 100644 --- a/docs/ISuite/initial-setup-17ab4a2.md +++ b/docs/ISuite/initial-setup-17ab4a2.md @@ -117,7 +117,7 @@ Once you enable Graph, you see both Graph role collections in your list. - Graph Navigator Viewer - Graph Navigator is a tool in SAP API business hub enterprise that developers use to inspect business data graphs. For more information, see [Graph Navigator in SAP API Business Hub Enterprise](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/8e75d3178a684912a4b28d3b9593539c.html "The Graph Navigator is a tool that you use to inspect business data graphs.") :arrow_upper_right:. + Graph Navigator is a tool in SAP API business hub enterprise that developers use to inspect business data graphs. For more information, see [Graph Navigator in SAP API Business Hub Enterprise](50-Development/graph-navigator-in-sap-api-business-hub-enterprise-8e75d31.md). To assign the *GraphNavigator.Viewer* role collection to a user with the *Graph\_Navigator\_Viewer* role, do the following: diff --git a/docs/ISuite/initial-setup-64ac761.md b/docs/ISuite/initial-setup-64ac761.md index bd3bb300..5aab52a6 100644 --- a/docs/ISuite/initial-setup-64ac761.md +++ b/docs/ISuite/initial-setup-64ac761.md @@ -69,7 +69,7 @@ Integration Developer -- +- [Creating an Integration Flow](50-Development/creating-an-integration-flow-da53d93.md) - [Troubleshooting for Edge Integration Cell](troubleshooting-for-edge-integration-cell-816d9e4.md) diff --git a/docs/ISuite/limits-a61f1ce.md b/docs/ISuite/limits-a61f1ce.md new file mode 100644 index 00000000..aa086a5a --- /dev/null +++ b/docs/ISuite/limits-a61f1ce.md @@ -0,0 +1,150 @@ + + +# Limits + +This topic describes the capability configurations for Graph. + +Consider the boundary conditions described in the following table when building and consuming business data graphs. Exceeding limits that are automatically enforced will result in errors. + +**Capability Configurations** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Feature + + + +Configuration Values + + + +Automatically Enforced + +
+ +Maximum number of business data graphs per global account + + + +500 + + + +Yes + +
+ +Maximum number of business data graphs per subaccount + + + +50 + + + +Yes + +
+ +Maximum number of services per business data graph + + + +5000 + + + +Yes + +
+ +Maximum metadata size per service + + + +50 MB + + + +Yes + +
+ +Maximum number of extensions per subaccount + + + +100 + + + +Yes + +
+ +Maximum number of projection definitions per extension + + + +100 + + + +Yes + +
+ +Maximum size of a projection definition \(JSON\) file + + + +1 MB + + + +Yes + +
+ diff --git a/docs/ISuite/limits-in-api-management-f70f425.md b/docs/ISuite/limits-in-api-management-f70f425.md index 36bfa20b..3a1475c1 100644 --- a/docs/ISuite/limits-in-api-management-f70f425.md +++ b/docs/ISuite/limits-in-api-management-f70f425.md @@ -84,7 +84,7 @@ Maximum number of resources that can be attached to an API proxy You can attached up to 100 resources to an API proxy. However, it is recommended that you do not add more than 100 resources to an API proxy as it might lead to a timeout while updating or deploying an API proxy. -In case you have a business requirement to attach more than 100 resources to an API proxy, please contact the SAP API Management support team by creating a ticket with component OPU-API-OD-DT. However, the team can support your request up to a maximum of 200 resources per API proxy. +In case you have a business requirement to attach more than 100 resources to an API proxy, please contact the SAP API Management support team by creating a ticket with component OPU-API-OD-DT. diff --git a/docs/ISuite/manage-domain-categories-bd9691d.md b/docs/ISuite/manage-domain-categories-bd9691d.md index 5ff68d53..24c4452a 100644 --- a/docs/ISuite/manage-domain-categories-bd9691d.md +++ b/docs/ISuite/manage-domain-categories-bd9691d.md @@ -20,7 +20,7 @@ You need the following roles to create and update categories: - *AuthGroup.API.Admin* - To assign the role, see [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md) . + To assign the role, see [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right: . diff --git a/docs/ISuite/manage-external-content-f5bd17d.md b/docs/ISuite/manage-external-content-f5bd17d.md index 0b4092c0..100b5d28 100644 --- a/docs/ISuite/manage-external-content-f5bd17d.md +++ b/docs/ISuite/manage-external-content-f5bd17d.md @@ -12,7 +12,7 @@ On this page, you have the option to adjust the visibility of the Graph navigato - Assign the *AuthGroup.API.Admin* role. - To assign the role, see [User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md) . + To assign the role, see [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right: . - Enable *Graph* in Integration Suite. For more information, see [Activating and Managing Capabilities](https://help.sap.com/docs/integration-suite/sap-integration-suite/activating-and-managing-capabilities?version=CLOUD) and [Configuring User Access](https://help.sap.com/docs/integration-suite/sap-integration-suite/configuring-user-access?version=CLOUD). diff --git a/docs/ISuite/managing-cloud-foundry-microservices-through-api-management-e609a3e.md b/docs/ISuite/managing-cloud-foundry-microservices-through-api-management-e609a3e.md index 58c2e4f2..ec0097b0 100644 --- a/docs/ISuite/managing-cloud-foundry-microservices-through-api-management-e609a3e.md +++ b/docs/ISuite/managing-cloud-foundry-microservices-through-api-management-e609a3e.md @@ -37,7 +37,7 @@ Create a service instance in *API Management, API portal* to start managing your Follow the below procedure to create a service instance on Cloud Foundry: -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog, choose *apim-as-route-service* plan. @@ -51,7 +51,7 @@ Follow the below procedure to create a service instance on Cloud Foundry: -## Binding a Cloud Foundry Application to an API Management, API portal Service Instance +## Binding a Multi-Cloud Foundation Application to an API Management, API Portal Service Instance Create a service instance and bind the Cloud Foundry application to *API management, API portal* service. When you bind an application, an API proxy is created and a new route is added to the application. The route initially redirects all calls to the proxy URL and then to the application. diff --git a/docs/ISuite/monitoring-and-troubleshooting-for-graph-2cfb06c.md b/docs/ISuite/monitoring-and-troubleshooting-for-graph-2cfb06c.md new file mode 100644 index 00000000..3047e9af --- /dev/null +++ b/docs/ISuite/monitoring-and-troubleshooting-for-graph-2cfb06c.md @@ -0,0 +1,75 @@ + + +# Monitoring and Troubleshooting for Graph + +Check out our 24/7 active support resources for tips, troubleshooting, and assistance. + + + + + +## Reporting an Incident + +You can report an incident or error through the [SAP Support Portal](https://support.sap.com/en/index.html). For more information, see [Product Support](https://support.sap.com/en/my-support/product-support.html). + +Please use the following component for your incident: + + + + + + + + + + + +
+ +Component Name + + + +Component Description + +
+ +BC-CP-IS-GRAPH + + + +Graph, a capability of SAP Integration Suite + +
+ +When submitting the incident we recommend including the following information: + +- Landscape information \(Canary, EU10, US10\) + +- The URL of the page where the incident or error occurs + +- The steps or clicks used to replicate the error + +- Screen grabs, videos, or the code being inputted + + + + + + +## Support + +Depending on your global account, you can use the following support media: + +- [Graph Community](https://community.sap.com/topics/graph) + +- [SAP Integration Suite Community](https://community.sap.com/topics/cloud-platform-integration-suite). + +- [SAP Integration Suite Guided Answers](https://gad5158842f.us2.hana.ondemand.com/dtp/viewer/#/tree/3154/actions/48501/?version=current). + +- [Guided Answers for SAP Business Technology Platform](https://ga.support.sap.com/dtp/viewer/#/tree/2065/actions/26547). + + +> ### Note: +> Planned downtimes and outage communication are sent through e-mail to the initial administrator of your global account. + diff --git a/docs/ISuite/onboard-an-application-developer-786d107.md b/docs/ISuite/onboard-an-application-developer-786d107.md index cdce142a..356dbd67 100644 --- a/docs/ISuite/onboard-an-application-developer-786d107.md +++ b/docs/ISuite/onboard-an-application-developer-786d107.md @@ -18,7 +18,7 @@ To provide application developers with access to the API business hub enterprise 1. The application developers log on to the API business hub enterprise application with their IDP user credentials, and register to the API business hub enterprise. For more information, see [Register on API business hub enterprise](register-on-api-business-hub-enterprise-c85fafe.md). -2. The API administrator approves or rejects the request to access the API business hub enterprise. For more information, see [Managing the Access Request of the Users \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/5b3e2f607046447c867db43e9b7859c7.html "Procedure to provide or reject access to an Application developer for using the API business hub enterprise.") :arrow_upper_right:. +2. The API administrator approves or rejects the request to access the API business hub enterprise. For more information, see [Managing the Access Request of the Users \[New Design\]](managing-the-access-request-of-the-users-new-design-8b79ee8.md). If you haven’t enabled the automatic creation of shadow users, and you've not explicitly created shadow users for your developers, then they’re unable to log on to the application, and they’re asked to contact the administrator. For more information, see [Shadow Users](https://help.sap.com/viewer/38c3df3f8da44a809f937220b3579607/Cloud/en-US/a0f5fe580ed846ca95f8601678509add.html "Whenever a user authenticates at an application in your subaccount using any identity provider, it’s essential that user-related data provided by the identity provider is stored in the form of shadow users.") :arrow_upper_right: diff --git a/docs/ISuite/patch-releases-for-cloud-integration-and-related-components-023a472.md b/docs/ISuite/patch-releases-for-cloud-integration-and-related-components-023a472.md index e3bde9ce..f91f5590 100644 --- a/docs/ISuite/patch-releases-for-cloud-integration-and-related-components-023a472.md +++ b/docs/ISuite/patch-releases-for-cloud-integration-and-related-components-023a472.md @@ -8,7 +8,389 @@ This topic provides information on patch releases for hotfixes, bugfixes, and co This topic covers patches for the following capabilities and features of SAP Integration Suite: Cloud Integration, Trading Partner Management, Integration Advisor, Integration Assessment, Migration Assessment, and Edge Integration Cell. -The following patch release information covers the most recent changes made to the latest version of the software. For earlier patch release notes, see [Archive - Patch Release Notes for Cloud Integration](https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/f4b7126c524e4126b54fc7b4a34cadc0.html "This page contains a historical archive of all patch release notes for Cloud Integration.") :arrow_upper_right:. +The following patch release information covers the most recent changes made to the latest version of the software. + + + + + +## June 2024 + +**Software Increment: 2404** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Technical Component + + + +Software Version + + + +Description + +
+ +Cloud Integration + + + + + + + +Message processing failures with the message `Too many open files` have been observed after migrating to Camel 3x. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.53.31 + + + +A null pointer exception was thrown when sending an XI message. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.53.29 + + + +During software update, a *Timer* step configured with a start date triggered the writing of a message processing log at an unscheduled time. + +This patch fixes the issue. + +
+ +Cloud Integration + + + +6.53.27 + + + +The JDBC Kafka consumer took too much time in case of an error. + +The patch fixes the issue so that processing happens in asynchronous mode now. + +
+ +Cloud Integration + + + +6.53.25 + + + +Content transport was impacted by an outdated service key stored in the credential store. The patch fixes this issue and ensures a consistent update of the affected entry in the credential store. + +
+ +Trading Partner Management + + + +6.53.23 + + + +When updating an authorized user ID that contains special characters in the Partner Directory, the user ID was not encoded. This patch fixes the issue + +
+ +Cloud Integration + + + +6.53.23 + + + +There was an issue with the EDI Splitter when processing requests containing attachments in ISO-8859-1 encoded stream. Special characters got converted to invalid characters. This patch fixes the issue. + +
+ + + + + +## May 2024 + +**Software Increment: 2403** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Technical Component + + + +Software Version + + + +Description + +
+ +Trading Partner Management + + + +6.52.21 + + + +When activating an AS2 security which is configured with a certificate, the certificate configured for the security wasn’t found. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.52.20 + + + +There have been DNS cache issues with JCo library resulting in the RFC receiver adapter to throw the error `Opening socket to partner failed: error 111 - Connection refused`. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.52.19 + + + +The *Inspect* feature was not available. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.52.18 + +8.16.7 + + + +The missing DOCNUM field in the request payload was causing an error “Mandatory IDoc SOAP header missing”. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.52.17 + + + +There was an issue with number range redeployment that lead to artifacts getting stuck. This patch fixes the issue. + +
+ + + + + +## April 2024 + +**Software Increment: 2402** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Technical Component + + + +Software Version + + + +Description + +
+ +Cloud Integration + + + +6.51.28 + + + +There have been problems to load *Monitor* page. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.51.27 + + + +There were some issues with the generation of key-pairs with X.509 certificates using elliptic curve algorithms \(for example, secp192k1, secp256k1, secp192r1, and others\). This patch fixes the issue. + +
+ +Cloud Integration + + + +6.51.26 + + + +There has been a performance issue with the Inspect feature. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.51.25 + + + +There was an issue with a potential negative impact on the deployment and undeployment of integration artifacts. This patch fixes the issue. + +
+ +Cloud Integration + + + +6.51.23 + + + +System performance has been improved and truncation of value mapping has been fixed by changing the way XML files are read. + +
diff --git a/docs/ISuite/plan-your-setup-of-edge-integration-cell-217fed1.md b/docs/ISuite/plan-your-setup-of-edge-integration-cell-217fed1.md index e0495586..6dbc82ca 100644 --- a/docs/ISuite/plan-your-setup-of-edge-integration-cell-217fed1.md +++ b/docs/ISuite/plan-your-setup-of-edge-integration-cell-217fed1.md @@ -35,7 +35,7 @@ For a production environment, you need to provide a PostgreSQL database and a Re For test and demo purposes, you can deploy an internal PostgreSQL database and a Redis data store as part of Edge Integration Cell, but these built-in services aren't highly available, nor scalable as required for a production environment. -You require a load balancer to expose Edge Integration Cell endpoints and load balance traffic across K8s nodes and services. On cloud platforms, you can choose between using an external load balancer exposed to Internet or an internal load balancer for private networks. For more information, see +You require a load balancer integrated with your Kubernetes infrastructure to expose Edge Integration Cell endpoints and load balance traffic across K8s nodes and services. On cloud platforms, you can choose between using an external load balancer exposed to Internet or an internal load balancer for private networks. For more information, see [https://learn.microsoft.com/en-us/azure/aks/internal-lb%20\(Azure\)](https://learn.microsoft.com/en-us/azure/aks/internal-lb%20(Azure)) or diff --git a/docs/ISuite/prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md b/docs/ISuite/prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md index e571cdcf..c96a68c4 100644 --- a/docs/ISuite/prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md +++ b/docs/ISuite/prepare-for-deployment-on-amazon-elastic-kubernetes-service-eks-6f95afa.md @@ -26,7 +26,7 @@ Create an AWS account \(mandatory\). -[https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html) +[Create a standalone AWS account](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html) @@ -38,7 +38,7 @@ Create a Kubernetes cluster on Amazon Elastic Kubernetes Service \(mandatory\). -[https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html) +[Getting started with Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html) @@ -50,7 +50,7 @@ Sign up for the Amazon Elastic Container Registry \(Amazon ECR\) service \(recom -[https://docs.aws.amazon.com/eks/latest/userguide/IAM\_policies.html](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html) +[IAM for Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html) @@ -62,7 +62,7 @@ Create at least one storage class and a dynamic provisioner for it in your clust -[https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html](https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html) +[Storage classes](https://docs.aws.amazon.com/eks/latest/userguide/storage.html) @@ -74,7 +74,7 @@ Install Amazon Elastic File System \(EFS\) Container Storage Interface \(CSI\) d -[https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) +[Amazon EFS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) @@ -86,7 +86,7 @@ Install AWS Command Line Interface \(CLI\). -[https://aws.amazon.com/cli](https://aws.amazon.com/cli) +[AWS Command Line Interface](https://aws.amazon.com/cli) @@ -98,7 +98,7 @@ Install the Kubernetes command-line tool `kubectl`. -[https://kubernetes.io/docs/tasks/tools/\#kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) +[Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) diff --git a/docs/ISuite/prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md b/docs/ISuite/prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md index dcd9de35..c1fb9fa2 100644 --- a/docs/ISuite/prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md +++ b/docs/ISuite/prepare-for-deployment-on-azure-kubernetes-service-aks-a3c3a9c.md @@ -28,7 +28,7 @@ Create a Microsoft Azure account. -[https://support.microsoft.com/en-us/account-billing/how-to-create-a-new-microsoft-account-a84675c3-3e9e-17cf-2911-3d56b15c0aaf](https://support.microsoft.com/en-us/account-billing/how-to-create-a-new-microsoft-account-a84675c3-3e9e-17cf-2911-3d56b15c0aaf) +[How to create a new Microsoft account](https://support.microsoft.com/en-us/account-billing/how-to-create-a-new-microsoft-account-a84675c3-3e9e-17cf-2911-3d56b15c0aaf) @@ -45,7 +45,7 @@ Subscribe to Microsoft Azure. -[https://learn.microsoft.com/en-us/dynamics-nav/how-to--sign-up-for-a-microsoft-azure-subscription](https://learn.microsoft.com/en-us/dynamics-nav/how-to--sign-up-for-a-microsoft-azure-subscription) +[Sign Up for a Microsoft Azure Subscription](https://learn.microsoft.com/en-us/dynamics-nav/how-to--sign-up-for-a-microsoft-azure-subscription) @@ -57,7 +57,7 @@ Sign up for Azure Kubernetes Service \(AKS\). -[https://docs.microsoft.com/en-us/azure/aks](https://docs.microsoft.com/en-us/azure/aks) +[AKS](https://docs.microsoft.com/en-us/azure/aks) @@ -73,11 +73,11 @@ The service principal ID and client secret can be used as logon credentials. The -[https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal) +[Create an Azure container registry using the Azure portal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal) -[https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal) +[Azure Container Registry authentication with service principals](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal) -[https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks) +[Authenticate with ACR from AKS](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks) @@ -89,7 +89,7 @@ Install the Azure Command-Line Interface \(CLI\). -[https://docs.microsoft.com/en-us/cli/azure/install-azure-cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) +[How to install the Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) @@ -101,7 +101,7 @@ Install the Kubernetes command-line tool `kubectl`. -[https://kubernetes.io/docs/tasks/tools/\#kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) +[Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) diff --git a/docs/ISuite/prepare-for-deployment-on-red-hat-openshift-ocp-21ae0fd.md b/docs/ISuite/prepare-for-deployment-on-red-hat-openshift-ocp-21ae0fd.md new file mode 100644 index 00000000..74e27978 --- /dev/null +++ b/docs/ISuite/prepare-for-deployment-on-red-hat-openshift-ocp-21ae0fd.md @@ -0,0 +1,86 @@ + + +# Prepare for Deployment on Red Hat OpenShift \(OCP\) + +OCP storage configuration depends on the underlying storage infrastructure. For information about supported storage, see [3247839](https://me.sap.com/notes/3247839), and for storage infrastructure, see [https://docs.openshift.com/container-platform/4.14/storage/index.html](https://docs.openshift.com/container-platform/4.14/storage/index.html). + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Tasks + + + +More Information + +
+ +Create a Kubernetes cluster \(mandatory\). + + + +[Install OCP](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/installing/index) + +
+ +Set up a private container registry for replicating container images \(recommended but not mandatory\). + + + +Example: [Quay](https://access.redhat.com/documentation/en-us/red_hat_quay/3.11) \(recommended\) + +Quay is included as part of OCP. It's an example of a container registry that you can use with Edge Lifecycle Management. + +
+ +Create at least one storage class and a dynamic provisioner for it in your cluster. + +Storage classes should support dynamic provisioning for access modes `ReadWriteOnce` and `ReadWriteMany`. + + + +[OCP Storage](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/storage/index) + +
+ +Install the Kubernetes command-line tool `kubectl`. + + + +[Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) + +
+ +Install the OpenShift command-line tool `oc` \(recommended\). + + + +[OpenShift CLI](https://docs.openshift.com/container-platform/4.15/cli_reference/openshift_cli/getting-started-cli.html) + +
+ diff --git a/docs/ISuite/prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md b/docs/ISuite/prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md index d9b3250c..cfd02485 100644 --- a/docs/ISuite/prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md +++ b/docs/ISuite/prepare-for-deployment-on-suse-rancher-kubernetes-engine-rke-or-rke2-0359e5c.md @@ -30,11 +30,7 @@ Create a Kubernetes cluster \(mandatory\) -RKE: [https://rke.docs.rancher.com/](https://rke.docs.rancher.com/) - -or - -RKE2: [https://docs.rke2.io/](https://docs.rke2.io/) +[RKE](https://rke.docs.rancher.com/) or [RKE2](https://docs.rke2.io/) @@ -46,9 +42,9 @@ Set up a private container registry for replicating container images \(recommend -Example Harbor: [https://goharbor.io/](https://goharbor.io/) \(recommended\) +Example: [Harbor](https://goharbor.io/) \(recommended\) -Harbor is a widely used open source registry. It's one example for a container registry that can be used together with Edge Lifecycle Management. +Harbor is a widely used open source registry. It's an example of a container registry that you can use together with Edge Lifecycle Management. @@ -62,21 +58,21 @@ Storage classes should support dynamic provisioning for access modes `ReadWriteO -Example Longhorn: [https://longhorn.io/docs/](https://longhorn.io/docs/). +Example: [Longhorn](https://longhorn.io/docs/) -Longhorn is a cloud native distributed block storage that can be used as storage backend. For other options, refer to Rancher documentation. +Longhorn is a cloud native distributed block storage that you can use as storage backend. For other options, refer to the [Rancher](https://ranchermanager.docs.rancher.com/) documentation. -Install the Kubernetes command-line tool `kubect l` +Install the Kubernetes command-line tool `kubectl` -[https://kubernetes.io/docs/tasks/tools/\#kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) +[Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) diff --git a/docs/ISuite/prepare-your-kubernetes-cluster-46720c5.md b/docs/ISuite/prepare-your-kubernetes-cluster-46720c5.md index 6027b9d7..c8f92dbb 100644 --- a/docs/ISuite/prepare-your-kubernetes-cluster-46720c5.md +++ b/docs/ISuite/prepare-your-kubernetes-cluster-46720c5.md @@ -32,7 +32,7 @@ Your Kubernetes cluster must meet certain requirements before you can set up Edg > ### Note: > For information about Kubernetes versions, see SAP Note [3247839](https://me.sap.com/notes/3247839). > -> You can install Edge Integration Cell on Kubernetes clusters on cloud platforms such as Amazon Web Services \(Amazon Elastic Kubernetes Service, Amazon EKS\), Microsoft Azure \(Azure Kubernetes Service, AKS\) and SUSE Rancher \(Rancher Kubernetes Engine, RKE, or RKE2\). +> You can install Edge Integration Cell on Kubernetes clusters on cloud platforms such as Amazon Web Services \(Amazon Elastic Kubernetes Service, Amazon EKS\), Microsoft Azure \(Azure Kubernetes Service, AKS\), SUSE Rancher \(Rancher Kubernetes Engine, RKE, or RKE2\) and Red Hat OpenShift \(OpenShift Kubernetes Engine, OKE\). - The Kubernetes cluster must have role-based access control \(RBAC\) enabled. diff --git a/docs/ISuite/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md b/docs/ISuite/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md index 7f3b1571..a918cbe9 100644 --- a/docs/ISuite/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md +++ b/docs/ISuite/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md @@ -79,7 +79,7 @@ West Europe -51.105.226.79, 20.107.78.224, 20.4.205.181, 108.143.96.175, 172.201.40.15, 20.31.245.126 +51.105.226.79, 20.4.205.181, 20.31.245.126 @@ -693,6 +693,9 @@ europe-west3 +> ### Note: +> In case any discrepancies are observed in the IPs, please create a support ticket on the **OPU-API-OD-OPS** component. + @@ -839,8 +842,6 @@ us-east-1 [Configuring Additional Virtual Host in Cloud Foundry Environment](configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md "A virtual host allows you to host multiple domain names on the API Management capability within Integration Suite.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") - [User Roles in API Management](user-roles-in-api-management-7010b58.md "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") [Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md "You can deactivate your API Management capability from Integration Suite to disable your account from the API Management service.") diff --git a/docs/ISuite/sap-s-4hana-cloud-c099a42.md b/docs/ISuite/sap-s-4hana-cloud-c099a42.md index 925ec1af..599b2e4d 100644 --- a/docs/ISuite/sap-s-4hana-cloud-c099a42.md +++ b/docs/ISuite/sap-s-4hana-cloud-c099a42.md @@ -103,7 +103,7 @@ Create a destination to enable the communication between your business system an You can define destinations to data sources using two authentication models: identity propagation \(preferred\) and based on a technical user. Both options are described here for each supported business system. > ### Note: -> Graph caches destination settings. If you want to change these settings after the business data graph is created, you need to edit the business data graph configuration and update it. For more information, see [Modify Your Business Data Graph](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/0084c4dd85954fc7b3ea6c05ff37d550.html "When you edit your business data graph configuration, it overwrites the existing configuration.") :arrow_upper_right:. +> Graph caches destination settings. If you want to change these settings after the business data graph is created, you need to edit the business data graph configuration and update it. For more information, see [Modify Your Business Data Graph](50-Development/modify-your-business-data-graph-0084c4d.md). As the SAP BTP administrator, you must create and configure an HTTP destination that either supports principal propagation or is based on a technical user. diff --git a/docs/ISuite/sap-sales-cloud-5c50b2b.md b/docs/ISuite/sap-sales-cloud-5c50b2b.md index 6779f115..7e153b36 100644 --- a/docs/ISuite/sap-sales-cloud-5c50b2b.md +++ b/docs/ISuite/sap-sales-cloud-5c50b2b.md @@ -323,7 +323,7 @@ For more information, see [Configure the OAuth Client for OData Access](https:// ### Prerequisites -- You know the name of the identity provider created in [Configure OAuth Identity Provider in SAP Sales Cloud](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/a22152f0f53a48bdbb4385cd438e0324.html "As an administrator for SAP Sales Cloud, you need to establish trust with the SAP BTP subaccount and create destinations..") :arrow_upper_right:. +- You know the name of the identity provider created in [Configure OAuth Identity Provider in SAP Sales Cloud](50-Development/sap-sales-cloud-a22152f.md#loioa22152f0f53a48bdbb4385cd438e0324__OAuth_SalesCloud). diff --git a/docs/ISuite/setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md b/docs/ISuite/setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md index 64ba5e8d..e3199ffb 100644 --- a/docs/ISuite/setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md +++ b/docs/ISuite/setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md @@ -17,8 +17,6 @@ The high-level view for SAP API Management and the SAP Cloud Identity is capture [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md "API Management protects your backend services. However, API Management needs to establish connectivity to your backend services during an API call execution.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") - [User Roles in API Management](user-roles-in-api-management-7010b58.md "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") [Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md "You can deactivate your API Management capability from Integration Suite to disable your account from the API Management service.") diff --git a/docs/ISuite/sizing-guidelines-bcc6f62.md b/docs/ISuite/sizing-guidelines-bcc6f62.md index e6b9f690..95d84edc 100644 --- a/docs/ISuite/sizing-guidelines-bcc6f62.md +++ b/docs/ISuite/sizing-guidelines-bcc6f62.md @@ -4,6 +4,3 @@ Understand the key components of Edge Integration Cell, the factors that influence its performance, and the methods to calculate the size for the hardware resources required. For detailed sizing guidelines, see: [Sizing Guide for Edge Integration Cell](https://help.sap.com/doc/b4d0660095654e2789de3d1e3ab1c199/CLOUD/en-US/Sizing_Guide_Edge_Integration_Cell.pdf). -> ### Remember: -> All the sizing guidelines provided in the referred sizing guide are applicable only for integration scenarios with synchronous messaging. - diff --git a/docs/ISuite/supported-patterns-ad867ae.md b/docs/ISuite/supported-patterns-ad867ae.md index df8fbf67..b988201b 100644 --- a/docs/ISuite/supported-patterns-ad867ae.md +++ b/docs/ISuite/supported-patterns-ad867ae.md @@ -46,3 +46,11 @@ For example: ## Recipient List Asynchronous +Recipient list-based integration scenarios and content-based routing integration scenarios can be migrated using the pattern Recipient List Asynchronous. + +For example, if your ICO is designed with a recipient list where the message is sent to the default receiver in case the receiver is not determined, the following pattern applies.![](images/RL_ASYNC_0003_5163d0f.png) + +If your ICO is designed with 1 router and a receiver for each router branch sending message to default receiver in case of receiver not determined, the following pattern applies. ![](images/CBR_ASYNC_0003_b742101.png) + +Similarly, based on other receipient list integration scenarios and content-based routing integration scenarios, the migration tooling applies the Recipient List Asynchronous pattern and dynamically adds the flow steps. + diff --git a/docs/ISuite/technical-landscape-edge-integration-cell-f60efc1.md b/docs/ISuite/technical-landscape-edge-integration-cell-f60efc1.md index c4bdaff1..a28f2d68 100644 --- a/docs/ISuite/technical-landscape-edge-integration-cell-f60efc1.md +++ b/docs/ISuite/technical-landscape-edge-integration-cell-f60efc1.md @@ -39,7 +39,7 @@ Edge Lifecycle Management \(Edge LM\) is used as the foundation for software lif Software shipment is based on the SAP Repository-Based Shipment Channel \(RBSC\). Edge LM also supports container image replication to a local container registry for offline consumption. Edge Integration Cell will be defined as an Edge LM solution with the different components based on Helm charts. > ### Note: -> Edge Integration Cell delivery consists of images retrieved from SAP Repository-Based Shipment Channel \(RBSC\), deployed using Edge LM. The images for Edge LM are also contained in the same repository. +> Edge Integration Celll delivery consists of images retrieved from SAP Repository-Based Shipment Channel \(RBSC\), deployed using Edge LM. The images for Edge LM are also contained in the same repository. @@ -142,13 +142,15 @@ Runtime and Operations In addition to runtime components for executing integration scenarios and API proxies, Edge Integration Cell also includes management components for edge operations. -Components require connectivity to certain SAP Integration Suite and Business Technology Platform \(BTP\) services. Service keys are used to share the connectivity information with Edge Integration Cell \(Beta\) components. For security reason, these service keys also need to be rotated as part of the software upgrade. Depending on the service type, keys have different validity timelines. +Components require connectivity to certain SAP Integration Suite and SAP Business Technology Platform services. Service keys are used to share the connectivity information withEdge Integration Cell components. For security reason, these service keys also need to be rotated as part of the software upgrade. Depending on the service type, keys have different validity timelines. -Edge Deploy Controller accesses the platform’s object store where credentials have a validity of 86 days. In general, service keys need to be rotated after 120 days. Key rotation is integrated in Edge Integration Cell \(Beta\) lifecycle operations. +Edge Deploy Controller accesses the platform’s object store where credentials have a validity of 86 days. In general, service keys need to be rotated after 120 days. Key rotation is integrated in Edge Integration Cell lifecycle operations. > ### Caution: > If service key rotation is not performed then connectivity to the respective Cloud services stops working. This will impact functionality like content synchronization or specific runtime features. +Edge Local Authentication and Authorization provides inbound local authentication and authorization for Integration Flows and API proxies. It removes the real-time dependency on SAP Business Technology Platform for inbound authentication and authorization. Currently only ervice keys of type Certificate/External Certificate are supported for local authentication and authorization. For more information, see [Edge Local Authentication and Authorization](edge-local-authentication-and-authorization-510d447.md). + @@ -209,6 +211,18 @@ Manages security material on the edge. +Edge Local Authentication and Authorization + + + + +Performs inbound local authentication and authorization for integration flow models and API proxies. + + + + + + Edge Event Controller @@ -326,7 +340,7 @@ Used for asynchronous messaging and system internal event integration. -Edge Integration Cell requires external services for managing persistence and policies. +Edge Integration Cell requires external services for managing persistence and policies.A Load Balancer is required to expose Edge Integration Cell endpoints and load balance traffic across K8s nodes and services. **** @@ -366,6 +380,18 @@ Redis An in-memory data store used for caching. + + + + + +Load Balancer + + + + +External Load Balancer integrated with K8s infrastructure. + diff --git a/docs/ISuite/trading-partner-management-28fe3dc.md b/docs/ISuite/trading-partner-management-28fe3dc.md new file mode 100644 index 00000000..de93d885 --- /dev/null +++ b/docs/ISuite/trading-partner-management-28fe3dc.md @@ -0,0 +1,30 @@ + + +# Trading Partner Management + +SAP Trading Partner Management \(TPM\) is a microservice that meets the needs of your B2B data exchange such as individual definition and configuration of specific electronic exchange of business data between you and your trading partners. B2B users have different levels of requirements for data exchange starting from the different kind of communication protocols such as AS2, SFTP, etc. to the usage of different types of B2B standards or APIs. TPM helps you manage B2B relationships with multiple trading partners. The easy-to-use user interface helps you cope with the complexity of B2B communication between trading partners. + +TPM, just like Cloud Integration and Integration Advisor, is a capability of SAP Integration Suite. This application achieves the goal by using the entities and artifacts provided by the other capabilities of SAP Integration Suite such as: + +- SAP Integration Advisor + +- SAP Cloud Integration + + + + + +## Features + +The application helps you to: + +- Create and maintain trading partner profiles with their B2B requirements. This includes creating the profile of own company with all relevant information for setting up B2B scenarios such as contact person, identifiers, communication protocol and its parameters, and B2B standards. + +- Create communication partner profile to maintain all your AS2 specific configurations. +- Develop templates for trading partner agreements based on the requirements of your B2B scenarios. +- Create trading partner agreements using the templates and also including the requirements of the trading partners. +- Push the auto-generated runtime artefacts of the B2B scenarios as defined in the agreements into the Partner Directory of SAP Cloud Integration. This will ensure that the B2B messages get processed individually by a single integration flow at runtime. +- Deploy and run integration flows to conduct end-to-end business transactions. + +To get started, see [Getting Started with B2B Scenarios in SAP Integration Suite](50-Development/getting-started-with-b2b-scenarios-in-sap-integration-suite-ba066bb.md). + diff --git a/docs/ISuite/unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md b/docs/ISuite/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md similarity index 67% rename from docs/ISuite/unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md rename to docs/ISuite/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md index 365adc25..ddca51ba 100644 --- a/docs/ISuite/unbinding-a-cloud-foundry-application-from-an-api-management-api-portal-service-instance-09fd33a.md +++ b/docs/ISuite/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-portal-service-09fd33a.md @@ -1,8 +1,8 @@ -# Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance +# Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance -When you unbind a Cloud Foundry application from an API Management, API portal service instance, an API proxy is undeployed and the connection between the route service and the Cloud Foundry application is removed. +When you unbind a multi-cloud foundation application from an API Management, API portal service instance, an API proxy is undeployed and the connection between the route service and the multi-cloud foundation application is removed. @@ -15,10 +15,6 @@ When you unbind a Cloud Foundry application from an API Management, API portal s -## Context - - - ## Procedure In order to unbind, open the command prompt and enter the following command: diff --git a/docs/ISuite/understanding-software-version-numbers-caad468.md b/docs/ISuite/understanding-software-version-numbers-caad468.md new file mode 100644 index 00000000..b25626d4 --- /dev/null +++ b/docs/ISuite/understanding-software-version-numbers-caad468.md @@ -0,0 +1,140 @@ + + +# Understanding Software Version Numbers + +Understand the software version numbers indicated for each patch. + +A software version designation is composed of three digits separated by a period, for example, `6.53.23`. + +- The major version is 6 in this example. + +- The second digit denotes the monthly software increment \(which corresponds to increment 2404\). + +- The third number is incremented with each software patch. + + +**** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Component + + + +Major Version + + + +Software Version Example + +
+ +Cloud Integration \(Cloud Foundry environment\) + + + +6 + + + +6.53.23 + +
+ +Trading Partner Management + + + +6 + + + +6.53.23 + +
+ +Integration Advisor + + + +1 + + + +1.74.3 + +
+ +Integration Assessment + + + +6 + + + +6.53.23 + +
+ +Migration Assessment + + + +6 + + + +6.53.23 + +
+ +Edge Integration Cell + + + +8 + + + +8.17.5 + +
+ diff --git a/docs/ISuite/unified-entities-9bcd2ec.md b/docs/ISuite/unified-entities-9bcd2ec.md index 3fdffbdc..5e6ca4ec 100644 --- a/docs/ISuite/unified-entities-9bcd2ec.md +++ b/docs/ISuite/unified-entities-9bcd2ec.md @@ -10,7 +10,7 @@ Developers of extension apps use these common attributes, regardless of where th ![](images/Unified_Entities_be6c8d3.png) -Unified entities have association attributes that connect them to the system-specific representations of the same object \(`_s4` and `_c4c`\). These associations effectively provide developers with a consolidated and navigable 360° view of all the attributes of these objects in SAP. To access an attribute such as `Brand`, the app simply issues a `sap.graph/Product(123)/_s4/Brand` request. Of course, SAP S/4HANA system-specific attributes are only available if such a system is part of the underlying enterprise landscape. Graph handles key mapping complexities under the hood. For more information, see [Data Locating Policy](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/28d2c2cd55454c968661b60c0a829abe.html "Data in the business data graph is connected via key-based references.") :arrow_upper_right:. +Unified entities have association attributes that connect them to the system-specific representations of the same object \(`_s4` and `_c4c`\). These associations effectively provide developers with a consolidated and navigable 360° view of all the attributes of these objects in SAP. To access an attribute such as `Brand`, the app simply issues a `sap.graph/Product(123)/_s4/Brand` request. Of course, SAP S/4HANA system-specific attributes are only available if such a system is part of the underlying enterprise landscape. Graph handles key mapping complexities under the hood. For more information, see [Data Locating Policy](50-Development/data-locating-policy-28d2c2c.md). Whether or not an entity is read-only depends on various parameters of your landscape. The metadata of your business data graph tells you which entities are writable. diff --git a/docs/ISuite/user-roles-in-api-management-7010b58.md b/docs/ISuite/user-roles-in-api-management-7010b58.md index e4db638c..1e34bbbd 100644 --- a/docs/ISuite/user-roles-in-api-management-7010b58.md +++ b/docs/ISuite/user-roles-in-api-management-7010b58.md @@ -199,8 +199,6 @@ Use this role to: [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md "API Management protects your backend services. However, API Management needs to establish connectivity to your backend services during an API call execution.") -[User Roles in API Management \(New\)](user-roles-in-api-management-new-911ca5a.md "Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned.") - [Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md "You can deactivate your API Management capability from Integration Suite to disable your account from the API Management service.") [Setting Up API Management with SAP Cloud Identity Services](setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md "SAP Cloud Platform allows customers to connect their SAP Cloud Identity Services with the BTP offerings.") diff --git a/docs/ISuite/user-roles-in-api-management-new-911ca5a.md b/docs/ISuite/user-roles-in-api-management-new-911ca5a.md deleted file mode 100644 index 5192ece3..00000000 --- a/docs/ISuite/user-roles-in-api-management-new-911ca5a.md +++ /dev/null @@ -1,729 +0,0 @@ - - -# User Roles in API Management \(New\) - -Similar to other capabilities of the SAP Integration Suite, the API Management capability defines a set of technical roles that grant specific permissions to users. Users can be assigned roles through SAP BTP's role collection concept. While users have the option to create their own role collections, a set of predefined role collections is automatically created when the API Management capability is provisioned. - -Please refer to the table below for a list of tasks and the corresponding role collections. - -For more information, see [Assign Role Collections](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/9e1bf57130ef466e8017eab298b40e5e.html) and [Assigning Role Collections to Users](assigning-role-collections-to-users-80bb02e.md) - - - -As an administrator of SAP API Management in the Cloud Foundry environment, you can manitain API Portal and API business hub enterprise roles and role collections, which can be used in user management. Typically, a role collection consists of one or multiple roles. You assign roles to role collections, which are in turn assigned to users. Using the SAP BTP cockpit, you can display information about the role collections that have been maintained as well as the roles available in a role collection. - -The following predefined roles are shipped with API Portal. These roles by default, are shared, visible, and accessible within all the accounts that have subscribed to API Portal: - -The following predefined roles are shipped with API business hub enterprise: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Tasks - - - -Predefined Role Collections - - - -Reference - -
- -Create subaccounts in your global account. - -Create service instance for API Management and Integration Suite. - -Configure role collections and provide user access to role collections - - - -Subaccount Administrator - - - -[Create a Subaccount](https://help.sap.com/docs/btp/sap-business-technology-platform/create-subaccount?q=entitlements) - -
- -Subscribe to Integration Suite. - - - -Integration\_Provisioner - - - -[Subscribing and Configuring Initial Access to Integration Suite](https://help.sap.com/docs/integration-suite/sap-integration-suite/subscribing-to-integration-suite?q=centralised) - -
- -Activate the API Management capabilities, the API business hub enterprise, and Graph. - - - -Integration\_Provisioner - - - -[Enabling API Management Capability from Integration Suite](https://help.sap.com/docs/integration-suite/sap-integration-suite/enabling-api-management-capability-from-integration-suite?version=CLOUD) - -
- -Deactivate the API Management capabilities, the API business hub enterprise, and Graph. - - - -Integration\_Provisioner - - - -[Deactivate the API Management Capability](https://help.sap.com/docs/integration-suite/sap-integration-suite/cancel-api-management-service-subscription?version=CLOUD) - -
- -Use the Graph Navigator in API business hub enterprise to inspect business data graphs. - - - -GraphNavigator.Viewer - - - -[Configuring User Access](https://help.sap.com/docs/integration-suite/sap-integration-suite/cohttps://help.sap.com/docs/integration-suite/sap-integration-suite/configuring-user-access?version=CLOUDnfiguring-user-access?version=CLOUD) - -
- -Create and activate business data graphs. - - - -Graph.KeyUser - - - -[Configuring User Access](https://help.sap.com/docs/integration-suite/sap-integration-suite/cohttps://help.sap.com/docs/integration-suite/sap-integration-suite/configuring-user-access?version=CLOUDnfiguring-user-access?version=CLOUD) - -
- -Set up API Management capability in Integration Suite. - - - -APIManagement.Selfservice.Administrator - - - -[Setting Up API Management Capability](https://help.sap.com/docs/integration-suite/sap-integration-suite/setting-up-api-management-service?q=centralised) - -
- -Setting up API business hub enterprise. - - - -AuthGroup.SelfService.Admin - - - -[Enabling API Management Capability from Integration Suite](https://help.sap.com/docs/integration-suite/sap-integration-suite/enabling-api-management-capability-from-integration-suite?version=CLOUD) - -[Setting Up API Management Capability](https://help.sap.com/docs/integration-suite/sap-integration-suite/setting-up-api-management-service?q=centralised) - -
- -Configure one or more virtual hosts. - - - -APIManagement.Selfservice.Administrator - -> ### Note: -> If you want to create an additional virtiual host, you must create an instance of apiportal-apiaccess plan with the *APIManagement.Selfservice.Administrator* role. See, [API Access Plan for API Portal](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD). - - - - - -[Requesting an Additional Virtual Host in Cloud Foundry Environment](https://help.sap.com/docs/integration-suite/sap-integration-suite/requesting-additional-virtual-host-in-cloud-foundry-environment?version=CLOUD) - -
- -Establish and test the connection between centralised API business hub enterprise and multiple Integration Suite API Management tenants. - - - -- APIPortal.Administrator - -- AuthGroup.API.Admin - -- AuthGroup.APIPortalRegistration - - > ### Note: - > To create a connection request, you need to have the AuthGroup.APIPortalRegistration role. - -- APIPortal Service.CatalogIntegration - - > ### Note: - > The client credentials required to establish the connection are generated for the APIPortal.Service.CatalogIntegration role. - - - - - - -[Create a Connection Request for the Centralized API business hub enterprise](https://help.sap.com/docs/integration-suite/sap-integration-suite/create-connection-request-for-centralized-api-business-hub-enterprise-new-design?version=CLOUD) - -
- -As a guest user, you can access the API Management capability in read-only mode. You can view all API proxies, policies, existing products, API providers, and analytics, but can’t edit them. - - - -APIPortal.Guest - - - -  - -
- -- Discover APIs - -- Configure an API provider - -- Configure API proxies - -- Import API specification - -- Configure certificates - -- Configure Key Value Maps - -- Test API proxies using the API Test Console - - - - - - -APIPortal.Administrator - - - -[Build API Proxies](https://help.sap.com/docs/integration-suite/sap-integration-suite/build-apis?version=CLOUD) - -
- -- Configure and publish products, group API proxies into products - -- Create a custom role for a product - - - - - - -APIPortal.Administrator - - - -[Publish API Proxies](https://help.sap.com/docs/integration-suite/sap-integration-suite/publish-apis?version=CLOUD) - -[Creating a Custom Role](https://help.sap.com/docs/integration-suite/sap-integration-suite/creating-custom-role?version=CLOUD&q=custom%20role) - -
- -Configure rate plans and view bills. - - - -APIPortal.Administrator - - - -[Monetize API Proxies](https://help.sap.com/docs/integration-suite/sap-integration-suite/monetize-apis?version=CLOUD) - -
- -Analyze the API proxy usage and performance. - - - -APIPortal.Administrator - - - -[Analyze API Proxies](https://help.sap.com/docs/integration-suite/sap-integration-suite/analyze-apis?version=CLOUD&q=custom%20role) - -
- -Approve or reject the connection request between API business hub enterprise and Integration Suite API Management tenant. - - - -AuthGroup.API.Admin - - - -[Approve the Pending Connection Requests](https://help.sap.com/docs/integration-suite/sap-integration-suite/approve-pending-connection-requests-new-design?version=CLOUD&q=test%20connect%20APi%20business%20hub%20enterprise) - -
- -- Approve the registration request of an application developer - -- Revoke the rights of an application developer - -- Manage notifications in API business hub enterprise - -- Adjust the visibility of the Graph navigator on API business hub enterprise - -- Revoke the credentials \(app key and secret\) of an application - - - - - - -AuthGroup.API.Admin - - - -[Consume API Proxies](https://help.sap.com/docs/integration-suite/sap-integration-suite/consume-apis?version=CLOUD&q=test%20connect%20APi%20business%20hub%20enterprise) - -
- -As a Site Administrator, you can customize the visual layout of the API business hub enterprise using the Site Editor. - - - -AuthGroup.Site.Admin - - - -[Customize the Visual Format of the API business hub enterprise](https://help.sap.com/docs/integration-suite/sap-integration-suite/customize-visual-format-of-api-business-hub-enterprise?version=CLOUD) - -
- -As a Content Administrator, you can create domain categories and add the related products into relevant categories. - - - -- AuthGroup.API.Admin \(to be tested\) -- AuthGroup.Content.Admin - - - - - -[Manage Domain Categories](https://help.sap.com/docs/integration-suite/sap-integration-suite/manage-domain-categories-new-design?version=CLOUD) - -
- -As an Application Developer, you can: - -- Access the API business hub enterprise. - -- Create, update, and delete applications. - -- View analytics information on application usage, performance, and error count. - -- View and download bills for subscribed applications. - - - - - - -AuthGroup.API.ApplicationDeveloper - - - -[View Applications, Costs, and Analyze Reports](https://help.sap.com/docs/integration-suite/sap-integration-suite/view-applications-costs-and-analyze-reports-new-design?version=CLOUD) - -[Create an Application](https://help.sap.com/docs/integration-suite/sap-integration-suite/create-application-new-design?version=CLOUD) - -
- -**Edge Integration Cell** - - - - - - - - - - - - - -
- -Tasks - - - -Predefined Role Collections - - - -Reference - -
- -Design an API artifact and define its behavior by adding policies and integration steps to it. - - - -- APIPortal.Administrator - -- PI\_Integration\_Developer - - - - - - -[API Development](50-Development/api-development-94957bc.md) - -
- - - - - -## Technical Roles for Constructing Custom Role Collections - -If you want to create your own set of role collections, you can utilize the following technical roles from the provided list: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Technical roles - - - -Included in predefined role collection - -
- -- Cloud Connector Administrator - -- Destination Administrator - -- Subaccount Admin - -- Subaccount Service Administrator - -- User - -- Role Administrator - - - - - - -Subaccount Administrator - -
- -IntegrationProvisioningAdmin - - - -Integration\_Provisioner - -
- -APIPortalAdmin - - - -APIPortal.Administrator - -
- -CatalogIntegration - - - -APIPortal.Service.CatalogIntegration - -
- -Guest - - - -APIPortal.Guest - -
- -onboardingtemplate - - - -APIManagement.SelfService.Administrator - -
- -Graph\_Key\_User - - - -Graph.KeyUser - -
- -APIAdmin - - - -AuthGroup.API.Admin - -
- -APIPortalConnectionRequest - - - -AuthGroup.APIPortalRegistration - -
- -ApplicationDeveloper - - - -AuthGroup.API.ApplicationDeveloper - -
- -ContentAdmin - - - -AuthGroup.Content.Admin - -
- -ContentAuthor - - - -AuthGroup.ContentAuthor - -
- -SelfServiceAdmin - - - -AuthGroup.SelfService.Admin - -
- -SiteAdmin - - - -AuthGroup.Site.Admin - -
- -Graph\_Navigator\_Viewer - - - -GraphNavigator.Viewer - -
- -**Related Information** - - -[Configuring Additional Virtual Host in Cloud Foundry Environment](configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md "A virtual host allows you to host multiple domain names on the API Management capability within Integration Suite.") - -[Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](region-specific-ip-addresses-available-for-api-management-cloud-foundry-environment-585d639.md "API Management protects your backend services. However, API Management needs to establish connectivity to your backend services during an API call execution.") - -[User Roles in API Management](user-roles-in-api-management-7010b58.md "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") - -[Cancel API Management Service Subscription](cancel-api-management-service-subscription-df6df2b.md "You can deactivate your API Management capability from Integration Suite to disable your account from the API Management service.") - -[Setting Up API Management with SAP Cloud Identity Services](setting-up-api-management-with-sap-cloud-identity-services-1e88d9c.md "SAP Cloud Platform allows customers to connect their SAP Cloud Identity Services with the BTP offerings.") - diff --git a/docs/ISuite/what-is-graph-ad1c48d.md b/docs/ISuite/what-is-graph-ad1c48d.md index 180b2f29..0a5424ff 100644 --- a/docs/ISuite/what-is-graph-ad1c48d.md +++ b/docs/ISuite/what-is-graph-ad1c48d.md @@ -2,8 +2,6 @@ # What Is Graph? -Extending traditional API Management, Graph enables you to expose all your business data in the form of a semantically connected data graph, accessed via a single unified and powerful API. - Graph is a capability of API Management within SAP Integration Suite. With Graph, developers access your business data as a single semantically connected data graph, spanning the suite of SAP products and beyond. Targeting SAP's ecosystem of partner and customer developers, Graph's powerful API reduces the cost and complexity of creating and deploying reusable extensions and other client applications. Enterprise landscapes continue to expand in scale and complexity. Each additional system, SaaS, or microservice introduces new protocols, data models, connectivity, and security conventions. Real-world problems often span multiple lines of business, services, and APIs. Consequently, even the most experienced developers struggle to understand all of the technologies and interfaces involved. Developing new business-extending client applications requires an ever-growing range of expertise and skills. The phenomenal adoption of low-code tools by nonprofessional developers further increases the gap. @@ -27,9 +25,9 @@ As part of SAP Integration Suite, Graph is compatible with SAP's Cloud Applicati **Related Information** -[Configure](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/1b52dd10f37c45feabaa1949bc80f261.html "Before Graph can be used, the Tenant administrator, needs to configure Graph as a capability of API Management within SAP Integration Suite.") :arrow_upper_right: +[Configure](50-Development/configure-1b52dd1.md "Before Graph can be used, the Tenant administrator, needs to configure Graph as a capability of API Management within SAP Integration Suite.") -[Model](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/31f8c54de9ca4e8799371e7d385cde08.html "It is common knowledge that data-driven software should be modeled on its underlying business processes.") :arrow_upper_right: +[Model](50-Development/model-31f8c54.md "It is common knowledge that data-driven software should be modeled on its underlying business processes.") -[Develop](https://help.sap.com/viewer/15e49174b4ed461e8d8b071ba13af3de/PROD/en-US/68ce43a3c609468d95721031085007b1.html "As a developer you want to build applications that consume data from business data graphs. This section provides all the information you need to start developing.") :arrow_upper_right: +[Develop](50-Development/develop-68ce43a.md "As a developer you want to build applications that consume data from business data graphs. This section provides all the information you need to start developing.") diff --git a/docs/apim/API-Management/2020-archives-085f4e9.md b/docs/apim/API-Management/2020-archives-085f4e9.md deleted file mode 100644 index 526395af..00000000 --- a/docs/apim/API-Management/2020-archives-085f4e9.md +++ /dev/null @@ -1,1065 +0,0 @@ - - -# 2020 Archives - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Technical Component - - - -Capability - - - -Environment - - - -Title - - - -Description - - - -Type - - - -Available as of - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Edit APIs with an in built API designer - - - -You can edit your APIs using the API designer, which is now embedded in the API Portal. For more information, see [Edit an API Proxy](edit-an-api-proxy-a64b952.md). - - - -New - - - -2020-12-23 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -List externally managed APIs on the APIPortal - - - -You can now import and list externally managed APIs on the API Portal. For more information, see [Externally Managed APIs](externally-managed-apis-848015d.md) - - - -New - - - -2020-12-02 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Consume Integration flows more securely with OAuth Client credentials support for CPI Providers. - - - -You can now use OAuth2ClientCredentials when creating an API provider. For more informatio see, [Create an API Provider](create-an-api-provider-6b263e2.md) - - - -New - - - -2020-12-02 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API state can be entered during import, and is available during export of an API. - - - -For more information on the details of the API state to be provided during import, see [Import an API Definition](import-an-api-definition-9342a93.md). - - - -New - - - -2020-12-02 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Runtime has been updated. - - - -The update in the API Runtime has caused the following changes: - -- In the JWT policy, validation may fail if the RSA keys are smaller than 2048 bits. -- The Concurrent Rate Limit Policy has been deprecated. -- In the ExtractVariables policy when an XML variable is not resolved via an XPath expression, an error occurs. So, continueOnError should be set to true or IgnoreUnresolvedVariables set to true to allow execution of the policy. - - - - - -Changed - - - -2020-10-27 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Client SDK is now available. - - - -The client SDK is now available, for more information see [API Services](api-services-007d50f.md). - - - -New - - - -2020-10-27 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Advanced API Analytics - - - -Advanced API Analytics brings to you the all new analytics dashboard, providing handy and powerful analytical reporting tools to track your API performance and usage. Fore more information, see [Advanced API Analytics](advanced-api-analytics-5973d4a.md). - - - -New - - - -2020-10-27 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Shadow user creation - - - -There is a new process for shadow user creation, for more information, see [Shadow Users](APIM-Initial-Setup/shadow-users-a0f5fe5.md) - - - -Changed - - - -2020-10-21 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Versioning - - - -You can now version your APIs. For more information, see [API Versioning](api-versioning-b3cda3b.md) - - - -New - - - -2020-10-08 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Migration from Neo environment to Cloud Foundry - - - -You can now choose to clone the API Portal and API business hub enterprise entities at different times during migration. For more information, see [Clone API Management Content](APIM-Migration/clone-api-management-content-7abd887.md) - - - -New - - - -2020-10-08 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Embedded API Designer - - - -The API Designer is now embedded withing the API Portal, allowing you to create and update your APIs in the same space. You will find some changes in the API designer, such as a shift in the editor to the right side of the screen, and a change in the theme, moving to a brighter background to align with the API portal. - - - -Changed - - - -2020-10-08 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Create an API for an Integration Flow - - - -Users can discover Integration Flows thought the Cloud Integration API Provider and generate APIs for the same. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). - - - -New - - - -2020-09-09 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Create an API Provider of type Cloud Integration - - - -Users can now create an API Provider of type “Cloud Integration” to connect to a Cloud Integration system, discover Integration Flows through the API Provider and generate APIs for the same. For more information on creating an API Provider of type Cloud Integration, see [Create an API Provider](create-an-api-provider-6b263e2.md). - - - -New - - - -2020-09-09 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Services - - - -From API Management, a variety of APIs are offered as services in specific use cases and workflows. For more information, see [API Services](api-services-007d50f.md) - - - -New - - - -2020-08-11 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Request for an Additional Virtual Host in Cloud Foundry Environment - - - -Create a new virtual host or update an alias for an existing virtual host in the Cloud Foundry environment. For more information, see [Configuring Additional Virtual Host in Cloud Foundry Environment](APIM-Initial-Setup/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md). - - - -New - - - -2020-08-11 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Proxy States - - - -As an API Management administrator, you can set states for an API proxy while creating or updating the API proxy. For more information, see [API Proxy States](api-proxy-states-091cda4.md). - - - -New - - - -2020-08-11 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -OpenAPI Specification 3.0 in API Managemen - -t - - - -API Management now supports OpenAPI Specification \(OAS\) 3.0. For more information, see [OpenAPI Specification 3.0](openapi-specification-3-0-3ce080d.md). - - - -New - - - -2020-08-11 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Migration Assistance for API Management from Neo to Cloud Foundry Environment - - - -You can now choose to migrate your API Management artifacts from an existing API Management subscription in the Neo environment to another API Management subscription in the public cloud infrastructures \(hyperscalers\) within the Cloud Foundry environment. For more information, see [Migrating API Management from Neo to Cloud Foundry Environment](APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md). - - - -New - - - -2020-08-06 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Access plan for API business hub enterprise - - - -Take a look at the newly introduced API Access plan for the API business hub enterprise in the Cloud Foundry environment. Creating a service instance using this plan enables you to use APIs to interact with the API business hub enterprise. For more information, see [Accessing API business hub enterprise APIs Programmatically](APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md). - - - -New - - - -2020-07-23 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Access plan for API Portal - - - -Take a look at the newly introduced API Access plan for the API Portal in the Cloud Foundry environment. Creating a service instance using this plan enables you to use APIs to interact with the API Portal. For more information, see [Accessing API Management APIs Programmatically](APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md). - -. - - - -New - - - -2020-07-23 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -On-premise Connectivity plan - - - -Introduced On-Premise Connectivity plan in the Cloud Foundry environment. Creating a service instance using this plan helps you to obtain a service key to enable principal propagation. For more information, see [Accessing On-Premise Systems through API Management](APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md). - - - -New - - - -2020-06-04 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Provider of type *On Premise* - - - -Create an API Provider of type *On Premise* to connect to an on-premise system via Cloud Connector. For more information, see [Create an API Provider](create-an-api-provider-6b263e2.md) - - - -New - - - -2020-06-04 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Management as Route Service plan - - - -Introduced API Management as Route Service plan in the Cloud Foundry environment. Creating a service instance using this plan helps you in managing the Cloud Foundry applications. For more information, see [Managing Cloud Foundry Microservices through API Management](APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md). - - - -New - - - -2020-06-04 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Provider of type Open Connectors - - - -You can now create an API Provider of type Open Connectors to connect to third-party APIs. For more details, see [Create an API Provider](create-an-api-provider-6b263e2.md) - - - -New - - - -2020-06-04 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Creating Custom Role - - - -You can now create a custom role for API products in API Management. Take a look at [Creating a Custom Role](APIM-Initial-Setup/creating-a-custom-role-9d827cd.md) to know more. You can also assign permission to a product via UI. For more information, see [Assign Permission to a Product via UI](assign-permission-to-a-product-via-ui-09fb892.md). - - - -New - - - -2020-03-16 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Unsubscribing to the API Management service - - - -If necessary, users can unsubscribe to the API portal and API business hub enterprise applications. For more details, see [Cancel API Management Service Subscription](APIM-Initial-Setup/cancel-api-management-service-subscription-df6df2b.md). - - - -New - - - -2020-03-16 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Setting up API Portal and API business hub enterprise applications. - - - -You can now set up your **API Portal** and **API business hub enterprise** applications on Cloud Foundry environment. Take a look at the initial setup of API Portal application [Set Up API Portal Application](APIM-Initial-Setup/set-up-api-portal-application-29c281b.md). For setting up the API business hub enterprise application, see [Set Up API business hub enterprise Application Using the Standalone Tile](APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md). - - - -New - - - -2020-02-28 - -
- -**Related Information** - - -[Archive 2023](archive-2023-a8dd11f.md "") - -[2022 Archives](2022-archives-7eaa63d.md "") - -[2021 Archives](2021-archives-bdf0f0e.md "") - diff --git a/docs/apim/API-Management/2021-archives-bdf0f0e.md b/docs/apim/API-Management/2021-archives-bdf0f0e.md deleted file mode 100644 index ca5268e0..00000000 --- a/docs/apim/API-Management/2021-archives-bdf0f0e.md +++ /dev/null @@ -1,1217 +0,0 @@ - - -# 2021 Archives - - - -**2021** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Technical Component - - - -Capability - - - -Environment - - - -Title - - - -Description - - - -Action - - - -Type - - - -Available as of - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Monitor the Health of Custom Domain Virtual Host Certificates - - - -You can use SAP Cloud Application Lifecycle Management \(ALM\) application for monitoring the health of API Management certificates. For more information, see [Monitor the Health of Custom Domain Virtual Host Certificates Using SAP Cloud ALM](monitor-the-health-of-custom-domain-virtual-host-certificates-using-sap-cloud-alm-7bd9d9f.md). - - - -Info only - - - -New - - - -2021-12-12 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Update to the Client SDK - - - -You can now apply policy template to an existing API proxy. For more information, refer to the Client SDK version 1.4.0 in [API Services](api-services-007d50f.md). - - - -Info only - - - -New - - - -2021-09-29 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Applications table on My Workspace - - - -The *My Workspace* section in API Business Hub Enterprise has been revamped to provide better performance. The Cost Incurred column has been removed from the Applications table. You can view the cost incurred details in the *Cost* section. For more information,see [Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right:. - - - -Info only - - - -New - - - -2021-09-29 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -SAP Analytics Cloud for API Management - - - -You can use the API Management Reporting Dashboard on SAP Analytics Cloud to monitor API usage and performance through various API metrics and KPIs. For more information see,[SAP Analytics Cloud for](sap-analytics-cloud-for-fb3648a.md). - - - -Info only - - - -New - - - -2021-08-31 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Overriding the default update operation for API Proxy of Type ODATA - - - -When discovering an API from the on-premise SAP Gateway system via OData API Provider, for the entities that are defined as "sap:updatable" in the backend service, you can choose the update operation \("PUT" and "PATCH"\) for OData V2 and OData V4 respectively. For more information, see [Overriding the Default Update Operation for API Proxy of Type OData](overriding-the-default-update-operation-for-api-proxy-of-type-odata-4a12c59.md). - - - -Info only - - - -New - - - -2021-08-31 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Product Transport - - - -When transport is triggered for a Product, all the entities of the Product get transported along with the Product. For more information, see [Transporting a Product from Source to Destination](transporting-a-product-from-source-to-destination-3a4cdd2.md). - - - -Recommended - - - -New - - - -2021-08-09 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -API Designer - - - -For a given Resource, you can use the API Designer to detect and correct the errors in swagger definition, and save the changes. For more information, see the note in step 14 in [Create an API Proxy](create-an-api-proxy-c0842d5.md). - - - -Info only - - - -New - - - -2021-08-09 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Save and Deploy API Proxy - - - -Saving is a design time activity; at this stage, multiple aspects of the proxy might change. Until all the changes made to the proxy are considered and are finally saved, the proxy should not be deployed. - -Action: Previously, editing and then saving the changes in an already deployed API, would deploy the changes in runtime. Now, after saving the changes you've made to the API proxy, you have to choose *Deploy* for the latest changes to reflect in runtime. For more information, see [Edit an API Proxy](edit-an-api-proxy-a64b952.md). - -Notes: - -- API proxies always get imported to the destination API portal in the deployed state. For more information, see [Transporting an API Proxy from Source to Destination](transporting-an-api-proxy-from-source-to-destination-2fe1aa2.md). Additionally, APIs attached to the Product get imported to the destination API portal in the deployed state. For more information, see [Transporting a Product from Source to Destination](transporting-a-product-from-source-to-destination-3a4cdd2.md). - -- When an API proxy is transported or exported individually or as a part of a Product, by default, it gets imported to the target in the deployed state. For more information, see [Import an API Definition](import-an-api-definition-9342a93.md). - -- If you try to publish a Product that has an API with saved changes attached to it, you get a warning message that there are changes in the APIs that aren't deployed yet. Similarly, you'll receive a warning message if you try to publish a Product which has multiple APIs attached to it, and few of these APIs have changes that are saved but not deployed. For more information, refer the note in step 9 in [Create a Product](create-a-product-d769622.md). - - - - - - -Required - - - -New - - - -2021-08-09 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Auditing and Logging Information - - - -Here you can find a list of the security events that are logged by TECHNICAL COMPONENT. For more information, see [Auditing and Logging Information for API Management](auditing-and-logging-information-for-api-management-77024b3.md). - - - -Info only - - - -New - - - -2021-08-09 - -
- -API Management - - - -Integration Suite - - - -- - - - - -API Business Hub Enterprise - - - -Ypu can now update the credentials used to establish a connection between the API portal and the API Business Hub Enterprise for a submitted request and an approved request. - -Action: To update the credentials, see [Updating the Connection Request Credentials for a Submitted Request \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/eb84854e31d943b490af77cfb218ddbb.html "Update the credentials you've used to establish a connection between the API portal and the API business hub enterprise.") :arrow_upper_right: and [Updating the Connection Request Credentials for an Approved Request \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/b583b7a62f3c4cfdb50a499250c25c15.html "There can be instances where you have to update the credentials once the connection request is approved by the API business hub enterprise admin.") :arrow_upper_right:. - - - -Recommended - - - -New - - - -2021-07-09 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Migrating API Management Subscription Created Using the Starter Plan Service Instance - - - -You can now to migrate the design-time components that you have in the Neo environment, which was previously set up using Starter Plan instance, to the Cloud Foundry environment, keeping the runtime components as is. - -Action: To migrate the design-time components from Neo to Cloud Foundry, see [Migrating API Management Subscription Created Using the Starter Plan Service Instance](APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-9778a36.md) - - - -Recommended - - - -New - - - -2021-07-06 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Custom Domain Configuration for API Portal or API Business Hub Enterprise Subscription - - - -To complete the process of configuring a custom domain for the API Portal or the API Business Hub Enterprise application using the Custom Domain Service in the SAP BTP Cloud Foundry environment, you need to contact the SAP API Management operations team. For more information, see [Custom Domain Configuration for API Portal or API business hub enterprise Subscription](APIM-Initial-Setup/custom-domain-configuration-for-api-portal-or-api-business-hub-enterprise-subsc-c4e67a9.md). - - - -Recommended - - - -New - - - -2021-06-25 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Update to the Client SDK - - - -You can now export policy templates from the API portal. - -Action: For more information on how to export the policy templates, refer to the Client SDK version 1.3.0 in [API Services](api-services-007d50f.md). - - - -Recommended - - - -New - - - -2021-06-14 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Generate client ID and secret from API Portal UI - - - -You can now generate the credentials from the API Portal to establish the connection with centralized API Business Hub Enterprise. - -Action: See the Next Steps section in [Set Up API Portal Application](APIM-Initial-Setup/set-up-api-portal-application-29c281b.md). See the Prerequisites section and the Note in the Results section in [Create a Connection Request for the Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/02f7877360a64c6b8d853fed9b2d9cc6.html "To publish the API portal content on the API business hub enterprise, you must create a request to connect the API portal to the API business hub enterprise.") :arrow_upper_right:. - - - -Recommended - - - -New - - - -2021-06-14 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Configuring Load Balancing for API Proxy from API Portal. - - - -You can now configure the load balancer to distribute the load efficiently across multiple API providers. For more information, see [Configuring Load Balancing](configuring-load-balancing-503a3aa.md). - - - -Recommended - - - -New - - - -2021-06-14 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Region specific NAT IP addresses - - - -To get region specific NAT IP addresses \(egress, IPs for request from API Management\), raise a support ticket. For more information, see [Region-Specific IP Addresses Available for API Management Cloud Foundry Environment](APIM-Initial-Setup/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environ-585d639.md). - - - -Info only - - - -Changed - - - -2021-06-14 - -
- -API Management - - - -Integration Suite - - - -- Cloud Foundry - - - - - -Converting Externally Managed APIs to Internally Managed APIs - - - -You can convert an external API, whose lifecycle isn’t be managed by SAP API Management to an internal API so that management capabilities can be enabled for that API. - -Action:To convert an external API to an internal API, see [Converting Externally Managed APIs to Internally Managed APIs](converting-externally-managed-apis-to-internally-managed-apis-1fc41ac.md). - - - -Recommended - - - -New - - - -2021-05-13 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Updating the Connection Request Credentials - - - -There can be instances where you have to update the credentials that you've used to establish a connection between the API portal and the API Business Hub Enterprise. For more information, see [Updating the Connection Request Credentials for a Submitted Request \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/eb84854e31d943b490af77cfb218ddbb.html "Update the credentials you've used to establish a connection between the API portal and the API business hub enterprise.") :arrow_upper_right:. - - - -Recommended - - - -New - - - -2021-04-12 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Perform Additional Tasks in API Designer - - - -To download the API swagger specifications, choose Download and select JSON or YAML format. For more information, see [Perform Additional Tasks in API Designer](perform-additional-tasks-in-api-designer-a92cf80.md). - - - -Info only - - - -New - - - -2021-04-12 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Transporting API Providers, Certificates, and Key Value Maps - - - -You can now trigger the transport of API Provider, Key Store Certificate, Trust Store, and Key Value Maps individually. - -Action: To trigger the transport of API Provider, Key Store Certificate, Trust Store, and Key Value Maps individually, see[Triggering Content Transport Using SAP Cloud Transport Management Service](triggering-content-transport-using-sap-cloud-transport-management-service-cc36fab.md). - - - -Recommended - - - -New - - - -2021-04-12 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Update to the Client SDK - - - -Two new commands to create API Proxies either by providing parameter information or by uploading JSON files have been added. For more information, see [API Services](api-services-007d50f.md). - - - -Info only - - - -New - - - -2021-03-16 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Content Transport Using Cloud Transport Management Service - - - -You can now use the SAP Cloud Transport Management service for exporting, importing, and shipping the API Management content from the Development or Test environment to Production environment. - -Action: To transport API Management content from the Development or Test environment to Production environment, see [Transport APIs and Its Related Artifacts](transport-apis-and-its-related-artifacts-eb83118.md). - - - -Recommended - - - -New - - - -2021-03-16 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Configuring HealthMonitor and Load Balancer for API Proxy using .Zip - - - -Configure health monitor and the load balancer to put the active target server in rotation and to distribute the load efficiently across multiple servers. For more information, see [Load Balancing Across API Providers](load-balancing-across-api-providers-7ac0c09.md). - - - -Recommended - - - -New - - - -2021-03-16 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -UI changes in the SAP BTP Cockpit - - - -A new path has been added on the UI to subscribe to the application plan for API portal and API Business Hub Enterprise. For more information, refer to the step 3 in the following topics: [Set Up API Portal Application](APIM-Initial-Setup/set-up-api-portal-application-29c281b.md) [Set Up API business hub enterprise Application Using the Standalone Tile](APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md). - - - -Info only - - - -Changed - - - -2021-02-15 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -API Business Hub Enterprise - - - -You can now maintain a centralized API catalog in one API Business Hub Enterprise that accepts contents like API proxies, API products, and so on, from multiple API portals. - -Action: You can select multiple products published from the same portal but you can't select products published from different portals. For more information, see [Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/33b706f4f2e148ffb1cb9289d5cda27d.html "The centralized API business hub enterprise is a central API catalog, allowing application developers to consume APIs and other assets, from a common platform.") :arrow_upper_right: and [Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right:. - - - -Recommended - - - -New - - - -2021-02-15 - -
- -API Management - - - -Integration Suite - - - -Cloud Foundry - - - -Discover REST and SOAP APIs - - - -Discover REST and SOAP APIs along with OData APIs while creating a proxy for Integration flow. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). - - - -Info only - - - -New - - - -2021-01-18 - -
- -**Related Information** - - -[Archive 2023](archive-2023-a8dd11f.md "") - -[2022 Archives](2022-archives-7eaa63d.md "") - -[2020 Archives](2020-archives-085f4e9.md "") - diff --git a/docs/apim/API-Management/2022-archives-7eaa63d.md b/docs/apim/API-Management/2022-archives-7eaa63d.md deleted file mode 100644 index 82816640..00000000 --- a/docs/apim/API-Management/2022-archives-7eaa63d.md +++ /dev/null @@ -1,787 +0,0 @@ - - -# 2022 Archives - - - -**2022** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Technical Component - - - -Environment - - - -Title - - - -Description - - - -Action - - - -Lifecycle - - - -Type - - - -Line of Business - - - -Modular Business Process - - - -Product - - - -Latest Revision - - - -Available as of - -
- -API Management - - - -- Cloud Foundry - - - - - -API Business Hub Enterprise \[New Design\] - - - -If you have added API Business Hub Enterprise as a capability with Integration suite, or if you’ve subscribed to API Business Hub Enterprise as part of standalone API Management subscription, we now have a new design of the user interface for you to experience. For more information, see [Consume API Proxies](consume-api-proxies-ea561e4.md) and [Configure API business hub enterprise](configure-api-business-hub-enterprise-54b4607.md). - - - -Info only - - - -Deprecated - - - -New - - - -Service - - - -Not applicable - - - -API Management - - - -2022-12-12 - - - -2022-12-10 - -
- -API Management - - - -- Cloud Foundry - - - - - -Decommisioning Concurrent Rate Limit Policy - - - -Support for Concurrent Rate Limit policy has been completely decommisioned. You can no longer create or update an API proxy with Concurrent Rate Limit policy. For more information, see [Concurrent Rate Limit](concurrent-rate-limit-8f22baa.md). - - - -Info only - - - -Deprecated - - - -New - - - -Service - - - -Not applicable - - - -  - - - -2022-10-24 - - - -2022-10-24 - -
- -API Management - - - -- Cloud Foundry - - - - - -Consume APIs Using SAP Business Application Studio - - - -The service center in SAP Business Application Studio provides a central entry point to explore products and services from API business hub enterprise. For more information, see [Consume API Proxies Using SAP Business Application Studio](consume-api-proxies-using-sap-business-application-studio-15732eb.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-07-01 - -
- -API Management - - - -- Kyma - - - - - -Consuming API Management Service Instance from Kyma - - - -Kyma environment provides a fully managed Kubernetes runtime based on the open-source project "Kyma". You can use the Kyma environment to search and discover API Management, API Portal and API business hub enterprise applications. For more information, see [Consume API Management Service Instance from Kyma](APIM-Initial-Setup/consume-api-management-service-instance-from-kyma-3b53c26.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-07-01 - -
- -API Management - - - -- Cloud Foundry - - - - - -Decommissioning of Concurrent Rate Limit - - - -The Concurrent Rate Limit policy is being decommissioned. The support for the Concurrent Rate Limit policy will come to an end very soon. If you’re still using the policy and wondering which policy to use to best meet your rate-limiting needs, see [Replace Concurrent Rate Limit Policy with Alternative Policies](replace-concurrent-rate-limit-policy-with-alternative-policies-b70e0d2.md). - - - -Info only - - - -Deleted - - - -Announcement - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-07-01 - -
- -API Management - - - -- Cloud Foundry - - - - - -Optimisation of the timeout propagation for API proxies - - - -Previously, the connection to the backend was released only after the default timeout. Now, the connection to the backend is released earlier if the "io.timeout.millis" value is set lower than the default value, thereby improving the performance of the API proxy. It's recommended that you redeploy the API proxies created based on the on-premise backend system before July 2022. For more information, see [Target Endpoint Properties](target-endpoint-properties-edeed6a.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-07-01 - -
- -API Management - - - -- Cloud Foundry - - - - - -Download Open API specification - - - -You can now download the open API specification for the APIs that are part of the API business hub enterprise in JSON format. For more information, see [Consume API Proxies](consume-api-proxies-ea561e4.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-04-30 - -
- -API Management - - - -- Cloud Foundry - - - - - -Service Callout policy - - - -You can now use on-premise type of API Provider in the Service Callout policy. For more information, see [Service Callout](service-callout-6b40873.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-04-02 - -
- -API Management - - - -- Cloud Foundry - - - - - -Custom Domain Configuration - - - -The custom domain feature is now enabled for API Management as a capability within the Integration Suite product. For more information, see [Custom Domain Configuration for API Portal or API business hub enterprise Subscription](APIM-Initial-Setup/custom-domain-configuration-for-api-portal-or-api-business-hub-enterprise-subsc-c4e67a9.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-03-11 - -
- -API Management - - - -- Cloud Foundry - - - - - -Skipping the cloning of Application Key and Secret in side by side migration - - - -If you want to skip the cloning of Application Key and Secret in side by side migration, then set the `“skipApplicationKeySecretCloning”` flag to true. For more information, see the Procedure section in [Clone API Management Content](APIM-Migration/clone-api-management-content-7abd887.md). Also, a new version of the tenant cloning tool 1.6.2 is now available. For more information, see [Clone API Management Content](APIM-Migration/clone-api-management-content-7abd887.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-02-15 - -
- -API Management - - - -- Cloud Foundry - - - - - -Migrating API Management Subscription Created Using the Starter Plan Service Instance to a Different Subaccount - - - -If you have Integration Suite Premium edition license available in a different sub-account, then API Management design time subscription can be migrated to this different sub-account as well. For more information, see [Migrating API Management Subscription Created Using the Starter Plan Service Instance to Different Subaccounts](APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-1f4ed86.md). Also, a new parameter has been added to the `apim-tct-input.json` file. For more information, see [Clone API Management Content](APIM-Migration/clone-api-management-content-7abd887.md). - - - -Info only - - - -General Availability - - - -New - - - -Service - - - -Not applicable - - - -  - - - - - - - -2022-01-15 - -
- -**Related Information** - - -[Archive 2023](archive-2023-a8dd11f.md "") - -[2021 Archives](2021-archives-bdf0f0e.md "") - -[2020 Archives](2020-archives-085f4e9.md "") - diff --git a/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md b/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md index f5d5525c..46f222fd 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md @@ -10,7 +10,7 @@ The *devportal-apiaccess* plan allows you to access the API business hub enterpr ## About the Plan -The service key, consisting of url \(application url\), clientId, clientSecret, and tokenUrl is used to generate a Bearer Token with the help of a REST client. This Bearer Token, along with the application url and API endpoint, is used to trigger the APIs. +The service key, consisting of url \(application url\), clientId, clientSecret, and tokenUrl is used to generate a bearer token with the help of a REST client. This bearer token, along with the application url and API endpoint, is used to trigger the APIs. This topic explains how to enable API access for API business hub enterprise. @@ -27,7 +27,7 @@ This topic explains how to enable API access for API business hub enterprise. - You have the `space developer` role assigned to you. - You have created a service instance under the *Authorization and Trust Management* tile. - 1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). + 1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace*. 3. Choose *Authorization and Trust Management* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog that opens, choose the *apiaccess* plan. @@ -43,7 +43,7 @@ This topic explains how to enable API access for API business hub enterprise. The client credentials like url, clientId, and clientSecret details appear for the given service key. -- You have created a destination of type `OAuth2Credentials` to the XSUAA APIs by using the credentials you derived from creating the service key. +- You have created a destination of type `OAuth2Credentials` to the XSUAA APIs by using the credentials you derived from creating the service key. This is required to access the XSUAA APIs for authorization and trust mangement services. 1. From your *Subaccount*, navigate to *Connectivity* \> *Destinations* \> *New Destination*. 2. Choose the service instance that you created above. 3. In the *Destination Configuration* window, provide the details. @@ -80,12 +80,12 @@ This topic explains how to enable API access for API business hub enterprise. ## Creating a Service Instance in the API Management, API business hub enterprise -Create a service instance using API Access plan. +Create a service instance using *devportal-apiaccess* plan. 1. In your web browser, open the *SAP BTP Cockpit* - [https://account.hana.ondemand.com/cockpit](https://account.hana.ondemand.com/cockpit). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API Business Hub Enterprise* \> *Instances* \> *New Instance*. -4. In the *Create Instance* dialog that opens, choose the plan as *devportal-apiaccess*. +4. In the *Create Instance* dialog that opens, choose *devportal-apiaccess*. 5. Click *Next*. 6. In the section *Specify parameters*, provide the details as mentioned below, based on the role you require. @@ -548,7 +548,7 @@ In the REST client: **Related Information** -[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the Business Accelerator Hub.") +[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the SAP Business Accelerator Hub.") [Managing Cloud Foundry Microservices through API Management](managing-cloud-foundry-microservices-through-api-management-e609a3e.md "The apim-as-route-service plan helps you in managing Cloud Foundry applications by including policies such as rate limit, quota. The service instance you create through this plan allows you to bind to the route service and creates an API Proxy. This API Proxy serves in establishing a secure connection with your Cloud Foundry application and all the calls made to the Cloud Foundry application are routed via API Management, API portal.") diff --git a/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md b/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md index 2ed07bde..637f759f 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md @@ -2,7 +2,7 @@ # Accessing API Management APIs Programmatically -The *apiportal-apiaccess* plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the [Business Accelerator Hub](https://api.sap.com/package/APIMgmt/odata). +The *apiportal-apiaccess* plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the SAP Business Accelerator Hub. @@ -22,7 +22,7 @@ The API Access plan allows you to generate a service key by creating a service i - You've enabled API Management capability using Integration suite. For more information, refer [Subscribing to Integration Suite](https://help.sap.com/docs/SAP_INTEGRATION_SUITE/51ab953548be4459bfe8539ecaeee98d/8a3c8b7a6b1c4f249bb81d11644ef806.html?version=CLOUD) and [Activating Capabilities](https://help.sap.com/docs/SAP_INTEGRATION_SUITE/51ab953548be4459bfe8539ecaeee98d/2ffb343c163c48a4b3a90f9f3c487328.html?version=CLOUD). - OR + **OR** You have subscribed to the standalone *API Management, API portal* tile in the Cloud Foundry environment. For more information, see [Set Up API Portal Application](set-up-api-portal-application-29c281b.md). @@ -39,19 +39,20 @@ To enable API access for API Management, API portal execute the steps in the sec Create a service instance using API Access plan to generate a service key. -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). -2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* -3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. +1. In your web browser, open the *SAP BTP Cockpit* - . +2. [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap) +3. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* +4. Choose *API Management, API portal* \> *Instances* \> *New Instance*. > ### Note: > If you are unable to view the *API Management, API Portal* tile, please check your entitlements. For more information, see [Managing Entitlements and Quotas Using the Cockpit](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/c8248745dde24afb91479361de336111.html). -4. In the *Create Instance* dialog that opens, choose the *apiportal-apiaccess* plan. -5. In the section *Specify parameters*, paste one of the following JSON codes, to assign a specific role. +5. In the *Create Instance* dialog that opens, choose the *apiportal-apiaccess* plan. +6. In the section *Specify parameters*, paste one of the following JSON codes, to assign a specific role. The following roles are supported for the current scenario: - Assign `APIPortal.Administrator` role to access the API portal APIs and perform operations like create, update, delete on various API portal entities as specified in the [SAP Business Accelerator Hub](https://api.sap.com/package/APIMgmt?section=Artifacts) + Assign `APIPortal.Administrator` role to access the API portal APIs and perform operations like create, update, delete on various API portal entities as specified in the SAP Business Accelerator Hub. ``` @@ -79,8 +80,8 @@ Create a service instance using API Access plan to generate a service key. } ``` -6. Click *Next* until you reach the *Confirm* section -7. In the section *Confirm*, enter a unique *Instance Name* and choose *Finish*. +7. Click *Next* until you reach the *Confirm* section +8. In the section *Confirm*, enter a unique *Instance Name* and choose *Finish*. The creation of service instance is successful. @@ -401,10 +402,10 @@ In the REST Console: 3. Similarly, paste the *clientId* and *clientSecret* in the place of `Username` and `Password`. 4. Make a POST Call. 5. Obtain the Bearer Token from the output and copy it in a notepad. - - Now, to trigger an API, in the same REST Console, append the API endpoint \(obtained from the API portal APIs that are located in the SAP API Management package of API Business Hub\) to the *url*. + - Now, to trigger an API, in the same REST Console, append the API endpoint \(obtained from the API portal APIs that are located in the SAP API Management package in SAP Business Accelerator Hub\) to the *url*. > ### Note: - > Currently, the *apiportal-apiaccess* plan allows you to access only the API Management APIs from the [SAP API Management package](https://api.sap.com/package/APIMgmt?section=Artifacts). + > Currently, the *apiportal-apiaccess* plan allows you to access only the API Management APIs from the SAP API Management package in SAP Business Accelerator Hub. - Choose `Bearer Token` as the `Authorization` type and paste the copied Bearer Token in the specified space. - Include payloads, if needed. diff --git a/docs/apim/API-Management/APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md b/docs/apim/API-Management/APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md index 079f1aa1..9e16344c 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md @@ -44,7 +44,7 @@ This topic explains how to obtain a service key in order to enable principal pro Create a service instance to generate a service key that is used to enable the principal propagation. -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog, choose *on-premise-connectivity* plan. @@ -313,7 +313,7 @@ You can use the credentials to establish: **Related Information** -[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the Business Accelerator Hub.") +[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the SAP Business Accelerator Hub.") [Accessing API business hub enterprise APIs Programmatically](accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md "The devportal-apiaccess plan allows you to access the API business hub enterprise APIs to programmatically onboard developers, create applications, and more.") diff --git a/docs/apim/API-Management/APIM-Initial-Setup/images/ABHE_Connection_a5eb276.png b/docs/apim/API-Management/APIM-Initial-Setup/images/ABHE_Connection_a5eb276.png deleted file mode 100644 index 464e02e3..00000000 Binary files a/docs/apim/API-Management/APIM-Initial-Setup/images/ABHE_Connection_a5eb276.png and /dev/null differ diff --git a/docs/apim/API-Management/APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md b/docs/apim/API-Management/APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md index 98ddb873..b92d817c 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md @@ -37,7 +37,7 @@ Create a service instance in *API Management, API portal* to start managing your Follow the below procedure to create a service instance on Cloud Foundry: -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* 3. Choose *API Management, API portal* \> *Instances* \> *New Instance*. 4. In the *Create Instance* dialog, choose *apim-as-route-service* plan. @@ -51,7 +51,7 @@ Follow the below procedure to create a service instance on Cloud Foundry: -## Binding a Cloud Foundry Application to an API Management, API portal Service Instance +## Binding a Multi-Cloud Foundation Application to an API Management, API Portal Service Instance Create a service instance and bind the Cloud Foundry application to *API management, API portal* service. When you bind an application, an API proxy is created and a new route is added to the application. The route initially redirects all calls to the proxy URL and then to the application. @@ -93,7 +93,7 @@ Open the command-line interface for Cloud Foundry and enter the following comman **Related Information** -[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the Business Accelerator Hub.") +[Accessing API Management APIs Programmatically](accessing-api-management-apis-programmatically-24a2c37.md "The apiportal-apiaccess plan offers external applications the ability to access the public APIs of the Integration Suite API Management capability. These APIs are used by the external applications to perform CRUD operations on API Management features like API proxies or products. These APIs are built on REST and OData principles and are extensively documented on the SAP Business Accelerator Hub.") [Accessing API business hub enterprise APIs Programmatically](accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md "The devportal-apiaccess plan allows you to access the API business hub enterprise APIs to programmatically onboard developers, create applications, and more.") diff --git a/docs/apim/API-Management/APIM-Initial-Setup/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environ-585d639.md b/docs/apim/API-Management/APIM-Initial-Setup/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environ-585d639.md index 5dfd969f..0ea76e71 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environ-585d639.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/region-specific-ip-addresses-available-for-api-management-cloud-foundry-environ-585d639.md @@ -79,7 +79,7 @@ West Europe -51.105.226.79, 20.107.78.224, 20.4.205.181, 108.143.96.175, 172.201.40.15, 20.31.245.126 +51.105.226.79, 20.4.205.181, 20.31.245.126 @@ -693,6 +693,9 @@ europe-west3 +> ### Note: +> In case any discrepancies are observed in the IPs, please create a support ticket on the **OPU-API-OD-OPS** component. + diff --git a/docs/apim/API-Management/APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md b/docs/apim/API-Management/APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md index 401acda0..cc90cc00 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md @@ -25,7 +25,7 @@ To discover, consume and monitor API from a centralized API catalog, set up the ## Context -Depending upon the license you hold, you can use the *API Management, API Business Hub Enterprise* stand-alone tile to subscribe to the application, or you can set up the API business hub enterprise capability from the **Integration Suite** launchpad. To set up API business hub enterprise from **Integration Suite**, see [Setting Up API Management Capability from Integration Suite](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/f6eb4332cd5144ef91f4a84cc614ba1c.html "You can provision the API Management capability from the Integration Suite launchpad.") :arrow_upper_right:. +Depending upon the license you hold, you can use the *API Management, API Business Hub Enterprise* stand-alone tile to subscribe to the application. > ### Note: > Ensure that you don’t have an instance of a starter plan created in the same subaccount where you plan to create an API business hub enterprise subscription. Also, note that the API Management capabilities from Integration Suite and API Management subscriptions using the stand-alone tile can’t coexist in the same subaccount. @@ -76,11 +76,7 @@ You’re registered as an application developer on the API business hub enterpri **Related Information** - - -[Configure the API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b71b166d6984e8f81a212568af5ce94.html "You can configure the API business hub enterprise to personalize it for your organization.") :arrow_upper_right: - -[Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right: - [Assign User Roles in API Management](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/911ca5a620e94ab581fa159d76b3b108.html "Use role collections to group together different roles that can be assigned to API Portal and API business hub enterprise users.") :arrow_upper_right: +[Consume API Proxies](../consume-api-proxies-ea561e4.md "Consume API proxies via the API business hub enterprise. In the API business hub enterprise, an application developer registers, explores the API exposed by customers, creates applications, and tests API proxies.") + diff --git a/docs/apim/API-Management/APIM-Initial-Setup/setting-up-api-portal-application-using-api-management-standalone-tile-9d8c7ae.md b/docs/apim/API-Management/APIM-Initial-Setup/setting-up-api-portal-application-using-api-management-standalone-tile-9d8c7ae.md index 2a85ee2c..703c0d74 100644 --- a/docs/apim/API-Management/APIM-Initial-Setup/setting-up-api-portal-application-using-api-management-standalone-tile-9d8c7ae.md +++ b/docs/apim/API-Management/APIM-Initial-Setup/setting-up-api-portal-application-using-api-management-standalone-tile-9d8c7ae.md @@ -31,8 +31,6 @@ You should have API Management, API portal subscription to set up the API portal > ### Note: > Ensure that you don’t have an instance of a starter plan created in the same subaccount where you plan to create an API Management, API portal subscription. Also, note that API Management capabilities from Integration Suite and API Management subscriptions using the stand-alone tile can’t coexist in the same subaccount. -Perform the step-by-step instructions to set up the API portal application. However, you can also refer the following video for visual instructions: - @@ -112,11 +110,7 @@ The API portal is now configured. Log on to the API portal again. You can now cr ## Next Steps -To start publishing the API portal content, you must enable the API Business Hub Enterprise. To publish the API portal content on the API Business Hub Enterprise located in the same subaccount, see [Set Up API business hub enterprise Application Using the Standalone Tile](set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md). To publish the API portal content on the centralized API Business Hub Enterprise, follow the on-screen instructions and see [Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/33b706f4f2e148ffb1cb9289d5cda27d.html "The centralized API business hub enterprise is a central API catalog, allowing application developers to consume APIs and other assets, from a common platform.") :arrow_upper_right:. - -Once API Business Hub Enterprise is set up, navigate to :gear: and choose *Connection*. - -![](images/ABHE_Connection_a5eb276.png) +To start publishing the API portal content, you must enable the API Business Hub Enterprise. To publish the API portal content on the API Business Hub Enterprise located in the same subaccount, see [Set Up API business hub enterprise Application Using the Standalone Tile](set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md). **Related Information** diff --git a/docs/apim/API-Management/APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md b/docs/apim/API-Management/APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md new file mode 100644 index 00000000..ddca51ba --- /dev/null +++ b/docs/apim/API-Management/APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md @@ -0,0 +1,34 @@ + + +# Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance + +When you unbind a multi-cloud foundation application from an API Management, API portal service instance, an API proxy is undeployed and the connection between the route service and the multi-cloud foundation application is removed. + + + + + +## Prerequisites + +- You have logged on as a `space developer`. +- You have bound an application to service instance under *API Management, API portal*. + + + +## Procedure + +In order to unbind, open the command prompt and enter the following command: + +``` + +cf unbind-route-service sap-cf-domain.com apim-service-instance-name --hostname my-app + +<-- Example +cf unbind-route-service cfapps.sap.hana.ondemand.com apim-prod-instance --hostname taxapp +--> + +``` + +> ### Note: +> You can unbind an application from a service only from the command-line interface and not from SAP BTP Cockpit. + diff --git a/docs/apim/API-Management/APIM-Migration/clone-api-management-content-7abd887.md b/docs/apim/API-Management/APIM-Migration/clone-api-management-content-7abd887.md index 44688ecf..6e1a9fa4 100644 --- a/docs/apim/API-Management/APIM-Migration/clone-api-management-content-7abd887.md +++ b/docs/apim/API-Management/APIM-Migration/clone-api-management-content-7abd887.md @@ -94,6 +94,11 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in > > The `selectiveEntityMigration` parameter is optional. +> ### Note: +> We recommend migrating all API artifacts during the migration activity. While it is possible to selectively migrate API proxies, this should not be the preferred method for migrating API artifacts. It should only be used with careful consideration of dependencies. +> +> If you need to regularly move or migrate API Management artifacts between tenants, it is recommended to use the transport capability instead. For more information, see [Transport APIs and Its Related Artifacts](../transport-apis-and-its-related-artifacts-eb83118.md). + ## Procedure @@ -382,15 +387,15 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - This is the Tenant ID for your Cloud Foundry sub account where starter plan serivce instance is enabled. + This is the Tenant ID for your multi-cloud foundation sub account where starter plan serivce instance is enabled. > ### Note: > If you are migrating within the same subaccount, you are not required to add this parameter. > - > This parameter is mandatory if you are migrating to a Cloud Foundry subaccount, which is different from your existing starter plan subaccount. + > This parameter is mandatory if you are migrating to a multi-cloud foundation subaccount, which is different from your existing starter plan subaccount. > ### Note: - > Navigate to the cockpit to fetch the Cloud Foundry Tenant ID for the subaccount where the starter plan service instance exists.![](images/Tenant_ID_293b582.png) + > Navigate to the cockpit to fetch the multi-cloud foundation Tenant ID for the subaccount where the starter plan service instance exists.![](images/Tenant_ID_293b582.png) @@ -924,7 +929,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - URL received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + URL received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. @@ -978,7 +983,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client ID received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + The client ID received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -1007,7 +1012,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client secret received during creation of the service key for Developer Portal API access for the `AuthGroup.API.Admin` role. + The client secret received during creation of the service key for developer portal API access for the `AuthGroup.API.Admin` role. You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -1477,8 +1482,8 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in "url": "", "username": "", "password": "" - }, - "cfSubaccountTenantID": "1d1b3316-cf22-44b5-973f-d2d8a132444a" + } + }, "target": { @@ -1503,13 +1508,17 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in } }, - “skipApplicationKeySecretCloning” : , + "skipApplicationKeySecretCloning" : , "clone": { "skip-apiportal": , "skip-devportal": }, "stage": <"DEFAULT" | "SWITCHOVER"> + "selectiveEntityMigration": , //If you are setting the 'selectiveEntityMigration' parameter to true, please make sure to enter the names of the API proxies in the 'selectiveEntities' field using a comma-separated format. + "selectiveEntities": { + "APIProxies": ["Proxy1", "Proxy2", "Proxy3"] + } } ``` diff --git a/docs/apim/API-Management/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md b/docs/apim/API-Management/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md index 2deff964..cbe4bb15 100644 --- a/docs/apim/API-Management/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md +++ b/docs/apim/API-Management/APIM-Migration/clone-api-management-content-between-cloud-foundry-environments-2e5d127.md @@ -67,7 +67,7 @@ Once you have your source and target system ready, you can clone your API Manage ## Context -To migrate all API Management entities, you need to complete the apim-tct-input.json file in the tenant cloning tool by providing all the necessary details. command to make the file executable. +To migrate all API Management entities, you need to complete the apim-tct-input.json file in the tenant cloning tool by providing all the necessary details. In case you want to migrate selected API proxies from the source API Management tenant to the target API Management tenant, make the following configurations in the `apim-tct-input.json` file: @@ -94,6 +94,11 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in > > The `selectiveEntityMigration` parameter is optional. +> ### Note: +> We recommend migrating all API artifacts during the migration activity. While it is possible to selectively migrate API proxies, this should not be the preferred method for migrating API artifacts. It should only be used with careful consideration of dependencies. +> +> If you need to regularly move or migrate API Management artifacts between tenants, it is recommended to use the transport capability instead. For more information, see [Transport APIs and Its Related Artifacts](../transport-apis-and-its-related-artifacts-eb83118.md). + ## Procedure @@ -778,7 +783,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in The client ID received during creation of the service key for API portal API access for the `APIPortal.Administrator` role - You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. + You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the The client secret received during creation of the service key for `apim-tct-input.json` file. @@ -805,7 +810,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The client secret received during creation of the service key for API portal API access for the `APIPortal.Administrator` role + API portal API access for the `APIPortal.Administrator` role You’re prompted to enter these values while running the command in Step 3 if you haven’t already provided these details in the `apim-tct-input.json` file. @@ -866,7 +871,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in - The contents of the certificate received during creation of the service key for API portal API access for the APIPortal.Administrator role. + The client secret received during creation of the service The contents of the certificate received during creation of the service key for API portal API access for the APIPortal.Administrator role. @@ -1475,7 +1480,7 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in "tokenUrl": ".authentication.sap.hana.ondemand.com/oauth/token>", "clientId": "", "clientSecret": "" - }, + } }, @@ -1495,13 +1500,17 @@ By enabling this feature, you can explicitly clone the API proxies mentioned in } }, - “skipApplicationKeySecretCloning” : , + "skipApplicationKeySecretCloning" : , "clone": { "skip-apiportal": , "skip-devportal": }, - "stage": <"DEFAULT"> + "stage": <"DEFAULT">, + "selectiveEntityMigration": , //If you are setting the 'selectiveEntityMigration' parameter to true, please make sure to enter the names of the API proxies in the 'selectiveEntities' field using a comma-separated format. + "selectiveEntities": { + "APIProxies": ["Proxy1", "Proxy2", "Proxy3"] + } } ``` diff --git a/docs/apim/API-Management/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md b/docs/apim/API-Management/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md index 9418b1da..b5017f97 100644 --- a/docs/apim/API-Management/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md +++ b/docs/apim/API-Management/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md @@ -11,13 +11,13 @@ Refer this section for the entities that are cloned and entities that aren’t c ## Entities That Are Cloned > ### Note: -> Currently, when a custom role is assigned to a Product, the Application creation using the tenant cloning tool is not supported. +> Currently, when a custom role is assigned to a product, the application creation using the tenant cloning tool is not supported. > -> As a work-around, before initiating the cloning process, remove the custom role assigned to the Product in the Source system and proceed with the cloning process. +> As a work-around, before initiating the cloning process, remove the custom role assigned to the product in the source system and proceed with the cloning process. > -> After the cloning process is completed, reassign the custom roles to the Product in the Source system. Also, ensure that the custom roles are assigned to the Product in the Target system. +> After the cloning process is completed, reassign the custom roles to the product in the source system. Also, ensure that the custom roles are assigned to the product in the target system. > -> In case the custom roles aren’t appearing in the *Permission* tab, as mentioned in the Prerequisite section, ensure that the custom roles are created and assigned to the developers in the target Cloud Foundry environment. +> In case the custom roles aren’t appearing in the *Permission* tab, as mentioned in the **Prerequisite** section, ensure that the custom roles are created and assigned to the developers in the target multi-cloud foundation. > ### Note: > If you have made any customizations to the `HelloWorld` sample proxy, and you want to migrate this proxy to the target, while cloning you might get the following error: `"Unable to import API Proxy from zip file; xml content invalid"`To address this, execute the following steps: @@ -36,7 +36,7 @@ Refer this section for the entities that are cloned and entities that aren’t c > > > > ``` > -> Please note that your userId is as per your Identity Service configuration. You can find your userId when you open any proxies in the API portal. +> Please note that your userId is as per your **Identity Service** configuration. You can find your userId when you open any proxies in the API portal. > > 3. Save the zip file. > @@ -47,7 +47,7 @@ Refer this section for the entities that are cloned and entities that aren’t c > > With this the `created_by` will reflect in the API proxy. -The following list displays the API Management entities that are cloned: +The following list displays the API Management entities that can be cloned: - Certificates and Certificate Store - Rate Plans @@ -62,6 +62,8 @@ The following list displays the API Management entities that are cloned: - Application Developer - Access Control Permissions for API Product - Custom Metrics and Charts +- Cache Resources + diff --git a/docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md b/docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md similarity index 58% rename from docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md rename to docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md index b3ae7e48..ffc717b9 100644 --- a/docs/ISuite/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md +++ b/docs/apim/API-Management/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md @@ -1,23 +1,23 @@ -# Migrating API Management from Neo to Cloud Foundry Environment +# Migrating API Management from Neo to Multi-Cloud Foundation -You can migrate the API Management content in Neo environment to a public cloud infrastructure \(hyperscalers\) within the Cloud Foundry environment. +You can migrate the API Management content in Neo environment to a public cloud infrastructure \(hyperscalers\) within a multi-cloud foundation. -Migration Assistant for asset migration includes the tools and utilities that enable migration of design time assets nondisruptively from the Neo to the Cloud Foundry environment. +Migration Assistant for asset migration includes the tools and utilities that enable migration of design time assets nondisruptively from the Neo to multi-cloud foundation. Your source system is the system that contains your API Management content in the Neo environment. -Your target system is the system that hosts your API Management content on the hyperscalers-managed infrastructure within the Cloud Foundry environment. Here Cloud Foundry environment can be your native standalone API Management subscription or API Management capability within the Integration Suite. +Your target system refers to the infrastructure that hosts your API Management content on a hyperscaler-managed infrastructure within a multi-cloud foundation. This multi-cloud foundation can either be your native standalone API Management subscription or the API Management capability within the Integration Suite. For the migration assistance, you must have an Integration Suite subscription with API Management capability enabled within Integration Suite. After completing the prerequisites mentioned in the steps below, you can clone your API Management artifacts nondisruptively from the source to the target system. Post cloning, you must complete some user actions and validate your target system. > ### Note: -> The Developer portal is renamed to API business hub enterprise in Cloud Foundry environment. In this document API business hub enterprise is referred to as Developer portal even in Cloud Foundry environment. +> The developer portal is renamed to API business hub enterprise within the multi-cloud foundation. In this document API business hub enterprise is referred to as developer portal even within the multi-cloud foundation. The steps assisting the migration of your API Management from your source system to a target system are: diff --git a/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-1f4ed86.md b/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-1f4ed86.md index 7cbe908b..e8763fb9 100644 --- a/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-1f4ed86.md +++ b/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-1f4ed86.md @@ -2,7 +2,7 @@ # Migrating API Management Subscription Created Using the Starter Plan Service Instance to Different Subaccounts -Migrate the design-time components from the Neo environment, which was previously set up using Starter Plan instance, to the Cloud Foundry environment, keeping the runtime components as is. +Migrate the design-time components from the Neo environment, which was previously set up using Starter Plan instance, to the multi-cloud foundation, keeping the runtime components as is. @@ -17,9 +17,9 @@ With the Integration Suite premium edition license available in a different suba > > - Analytics data can't be retained, as Advanced Analytics gets newly configured in the different subaccount. However, if you come across any analytics data from the previous subaccount, you must ignore the data and consider the analytics data after the migration task is completed. > -> - Subscribe to the API portal and the API business hub enterprise in the other Cloud Foundry subaccount. This is the subaccount with the Integration Suite premium edition license. +> - Subscribe to the API portal and the API business hub enterprise in the other multi-cloud foundation subaccount. This is the subaccount with the Integration Suite premium edition license. > -> - Tenant type \(for example, production and test\) of the newly onboarded API Management on the Cloud Foundry environment must be same as that of the source API Management on the Neo environment. +> - Tenant type \(for example, production and test\) of the newly onboarded API Management on the multi-cloud foundation must be same as that of the source API Management on the Neo environment. > > - Ensure that both the source and the target subaccounts are in the same data center for migrating the API Management subscription to a different subaccount. > @@ -74,7 +74,7 @@ With the Integration Suite premium edition license available in a different suba - Provide the Neo account details where API Management is enabled. - - Provide the Cloud Foundry account details where starter plan service instance is created. + - Provide the multi-cloud foundation account details where starter plan service instance is created. - Provide the details of the target Integration Suite subscription account for migrating the starter plan subscription to a different subaccount. Since you already have the Integration Suite premium license available, you can create the API Management subscription before creating the ticket. @@ -119,5 +119,5 @@ With the Integration Suite premium edition license available in a different suba ## Results -Migration of API Management subscription \(created using the Starter Plan service instance\) to a different subaccount is complete. There can be downtime for certain API proxies \(having policies that are specific to Neo/ Cloud Foundry environment\) created out of on-premise providers. +Migration of API Management subscription \(created using the Starter Plan service instance\) to a different subaccount is complete. There can be downtime for certain API proxies \(having policies that are specific to Neo/ multi-cloud foundation\) created out of on-premise providers. diff --git a/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-9778a36.md b/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-9778a36.md index 57132ae7..a6129b85 100644 --- a/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-9778a36.md +++ b/docs/apim/API-Management/APIM-Migration/migrating-api-management-subscription-created-using-the-starter-plan-service-instan-9778a36.md @@ -2,7 +2,7 @@ # Migrating API Management Subscription Created Using the Starter Plan Service Instance -You can choose to migrate the design-time components that you have in the Neo environment, which was previously set up using Starter Plan instance, to the Cloud Foundry environment, keeping the runtime components as is. +You can choose to migrate the design-time components that you have in the Neo environment, which was previously set up using Starter Plan instance, to the multi-cloud foundation, keeping the runtime components as is. @@ -10,12 +10,12 @@ You can choose to migrate the design-time components that you have in the Neo en ## Context -You can also enable the new API Management design time subscription on the same Cloud Foundry subaccount, where you have created the starter plan service instance. +You can also enable the new API Management design time subscription on the same multi-cloud foundation subaccount, where you have created the starter plan service instance. > ### Note: -> You must subscribe to the API portal and the Developer Portal in the same Cloud Foundry subaccount where the starter plan instance is created. +> You must subscribe to the API portal and the developer portal in the same multi-cloud foundation subaccount where the starter plan instance is created. > -> Tenant type \(for example, production and test\) of the newly onboarded API Management on the Cloud Foundry environment must be same as that of the source API Management on the Neo environment. +> Tenant type \(for example, production and test\) of the newly onboarded API Management on the multi-cloud foundation must be same as that of the source API Management on the Neo environment. > ### Caution: > The migration of the Starter Plan Service Instance might involve downtime of the API runtime calls. @@ -66,13 +66,13 @@ You can also enable the new API Management design time subscription on the same - Provide the Neo account details where API Management is enabled. - - Provide the Cloud Foundry account details where starter plan service instance is created. + - Provide the multi-cloud foundation account details where starter plan service instance is created. > ### Note: > Once you receive a confirmation from SAP on the ticket, you can resume the migration process from step 2. -2. Prepare the target system by enabling the API Management subscription on the Cloud Foundry subaccount where your starter plan instance was created. +2. Prepare the target system by enabling the API Management subscription on the multi-cloud foundation subaccount where your starter plan instance was created. To complete the checks, before you start migrating your API Management artifacts nondisruptively from your source system to a target system, see [Prerequisites](prerequisites-c1904bc.md). @@ -111,5 +111,5 @@ You can also enable the new API Management design time subscription on the same ## Results -Migration of API Management subscription created using the Starter Plan service instance is complete.There can be downtime for certain API proxies \(having policies that are specific to Neo/ Cloud Foundry environment\) created out of on-premise providers. +Migration of API Management subscription created using the Starter Plan service instance is complete.There can be downtime for certain API proxies \(having policies that are specific to Neo/ multi-cloud foundation\) created out of on-premise providers. diff --git a/docs/apim/API-Management/APIM-Migration/migration-of-api-management-content-d66b3e5.md b/docs/apim/API-Management/APIM-Migration/migration-of-api-management-content-d66b3e5.md index e2fb5181..a9887af3 100644 --- a/docs/apim/API-Management/APIM-Migration/migration-of-api-management-content-d66b3e5.md +++ b/docs/apim/API-Management/APIM-Migration/migration-of-api-management-content-d66b3e5.md @@ -48,7 +48,7 @@ Standard Migration -[Migrating API Management from Neo to Cloud Foundry Environment](migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md) +[Migrating API Management from Neo to Multi-Cloud Foundation](migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md) diff --git a/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-116d82c.md b/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-116d82c.md index 805bb02f..92732862 100644 --- a/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-116d82c.md +++ b/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-116d82c.md @@ -6,7 +6,7 @@ Post the completion of the cloning process, you must perform some actions, check -The following sections outline the tasks that need to be completed after the cloning of your API Management content from Neo to the Cloud Foundry environment. +The following sections outline the tasks that need to be completed after the cloning of your API Management content from Neo to the multi-cloud foundation. @@ -185,7 +185,7 @@ Depending on the configurations you have on your source system, you must configu To know more about the entities that are cloned and the entities that aren’t cloned, see [Cloned and Uncloned Entities](cloned-and-uncloned-entities-8973ca0.md). > ### Note: -> For the on-premise APIs, the URL of the target.basepath changes while migrating from Neo to Cloud Foundry. If you’ve customized any of the policies, where the target.basepath is being used, then make sure that you update the content of the policy accordingly in the target Cloud Foundry system. For example, after migration the target.basepath URL in Cloud Foundry might have an additional segment. You need to verify if this additional segment adversely affects the policy execution in target Cloud Foundry system. +> For the on-premise APIs, the URL of the target.basepath changes while migrating from Neo to multi-cloud foundation. If you’ve customized any of the policies, where the target.basepath is being used, then make sure that you update the content of the policy accordingly in the target multi-cloud foundation system. For example, after migration the target basepath URL in multi-cloud foundation might have an additional segment. You need to verify if this additional segment adversely affects the policy execution in targetmulti-cloud foundation system. @@ -193,35 +193,35 @@ To know more about the entities that are cloned and the entities that aren’t c ## Migrating Route Service Binding -If you've used the [Managing Cloud Foundry Microservices through API Management](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md) to manage your Cloud Foundry applications, you can now migrate the existing route service binding, from the API Management instance on Neo to the new API Management instance on Cloud Foundry. +If you've used the [Managing Cloud Foundry Microservices through API Management](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md) to manage your multi-cloud foundation applications, you can now migrate the existing route service binding, from the API Management instance on Neo to the new API Management instance on multi-cloud foundation. ### Prerequisites -- A route service binding exists between your application on Cloud Foundry and the API Management service instance in the Neo environment. -- You have enabled API Management on your Cloud Foundry sub account +- A route service binding exists between your application on multi-cloud foundation and the API Management service instance in the Neo environment. +- You have enabled API Management on your multi-cloud foundation subaccount. - You have the space developer role assigned to you. Depending upon the location of your application, and your API Management service instance, the steps to migrate the route service binding vary. -### Cloud Foundry Application and API Management capability on the same subaccount +### Multi-Cloud Foundation Application and API Management capability on the same subaccount If your cloud foundry application and the API Management capability are on the same sub account, then use the following steps to migrate the route service binding: 1. Create an API Management, API portal service instance using the service plan, apim-as-route-service. For more information, see [Creating an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__CreatingAPIMInstance) -2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__unbinding) -3. Bind your application to the API Management service instance on Cloud Foundry. For more information, see [Binding a Cloud Foundry Application to an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) +2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md) +3. Bind your application to the API Management service instance on multi-cloud foundation. For more information, see [Binding a Muti-Cloud Foundation Application to an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) -### Cloud Foundry Application and API Management capability on different sub accounts +### Multi-Cloud Foundation Application and API Management capability on different sub accounts -If your Cloud Foundry application and the API Management capability are on different sub accounts, then use the following steps to migrate the route service binding: +If your multi-cloud foundation application and the API Management capability are on different sub accounts, then use the following steps to migrate the route service binding: -1. Create a User Provided Service in the sub account where your Cloud Foundry application is present, using the proxy URL from the sub account in which your API Management instance is present. In order to create this User Provided Service, open the command prompt and use the following command +1. Create a **User Provided Service** in the subaccount where your multi-cloud foundation application is present, using the proxy URL from the sub account in which your API Management instance is present. In order to create this **User Provided Service**, open the command prompt and use the following command > ### Sample Code: > ``` @@ -231,8 +231,8 @@ If your Cloud Foundry application and the API Management capability are on diffe For more information, see [User Provided Service](https://docs.cloudfoundry.org/services/route-services.html#user-provided) -2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Cloud Foundry Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__unbinding) -3. Bind the User Provided Service created in the first step to the Cloud Foundry Application. For this binding, use the following command: +2. Unbind your application from the API Management service instance on Neo. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md) +3. Bind the User Provided Service created in the first step to the multi-cloud foundation application. For this binding, use the following command: > ### Sample Code: > ``` diff --git a/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-49e9716.md b/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-49e9716.md index 4379acc0..293da3ba 100644 --- a/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-49e9716.md +++ b/docs/apim/API-Management/APIM-Migration/post-cloning-tasks-49e9716.md @@ -174,7 +174,7 @@ Depending upon the location of your application, and your API Management service If your cloud foundry application and the API Management capability are on the same sub account, then use the following steps to migrate the route service binding: 1. Create an API Management, API portal service instance using the service plan, apim-as-route-service. For more information, see [Creating an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__CreatingAPIMInstance) -2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see +2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md) 3. Bind your application to the API Management service instance on Cloud Foundry. For more information, see [Binding a Cloud Foundry Application to an API Management, API portal Service Instance](../APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md#loioe609a3efe6d64e1781cbf81ae5592071__Binding) @@ -193,7 +193,7 @@ If your Cloud Foundry application and the API Management capability are on diffe For more information, see [User Provided Service](https://docs.cloudfoundry.org/services/route-services.html#user-provided) -2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see +2. Unbind your application from the API Management service instance on Cloud Foundry. For more information, see [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](../APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md) 3. Bind the User Provided Service created in the first step to the Cloud Foundry Application. For this binding, use the following command: > ### Sample Code: diff --git a/docs/apim/API-Management/APIM-Migration/prerequisites-c1904bc.md b/docs/apim/API-Management/APIM-Migration/prerequisites-c1904bc.md index 7c24a204..c364184f 100644 --- a/docs/apim/API-Management/APIM-Migration/prerequisites-c1904bc.md +++ b/docs/apim/API-Management/APIM-Migration/prerequisites-c1904bc.md @@ -8,7 +8,7 @@ Checks to be completed before you start migrating your API Management content no - Your source system is the system that has your API Management subscription in the Neo environment. -- Your target system is the system that has your API Management content on the hyperscalers-managed infrastructure within the Cloud Foundry environment. +- Your target system is the system that has your API Management content on the hyperscalers-managed infrastructure within the multi-cloud foundation. @@ -78,13 +78,10 @@ Checks to be completed before you start migrating your API Management content no - If you have already enabled API Management on your target system, and want to reuse the same for migration: - - - It's recommended that you do not have any pre-existing entities such as API proxies or products on this system. - - > ### Note: - > Any entity, if pre-existing in your target API Management capability, can be over-written during the cloning process. +- If you have already enabled API Management on your target system, and want to reuse the same for migration, it's recommended that you do not have any pre-existing entities such as API proxies or products on this system. + > ### Note: + > Any entity, if pre-existing in your target API Management capability, can be over-written during the cloning process. - If your target system is connected to a custom IDP, ensure that your IDP is configured correctly, and mapping for the details like your first name, last name, email ID, and user ID is done. @@ -98,9 +95,22 @@ Checks to be completed before you start migrating your API Management content no - APIPortal.Administrator - AuthGroup.API.Admin - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. To know more about API access plans for API portal, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD). To know more about API access plan for API business hub enterprise, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD), without which the cloning of the API business hub enterprise entities might fail. + For , see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD) + + For API business hub enterprise, execute the following mandatory steps: + + - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. + + - Create a service instance under the *Authorization and Trust Management* tile. + + - Create a destination of type *OAuth2Credentials* to the XSUAA APIs by using the credentials you derived from creating the service key. + + - Create a service instance with the *AuthGroup.API.Admin* role to access theAPI business hub enterprise APIs. + + To perform the above steps, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD) + -- When you have API products protected by the custom roles permission in the source Neo system, ensure that custom roles creation and assignments are done in the target Cloud Foundry environment before starting the migration. +- When you have API products protected by the custom roles permission in the source Neo system, ensure that custom roles creation and assignments are done in the target system within the multi-cloud foundation before starting the migration. Once you complete these checks, you can start cloning your API Management content from the source to the target system. See [Clone API Management Content](clone-api-management-content-7abd887.md). diff --git a/docs/apim/API-Management/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md b/docs/apim/API-Management/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md index 91a237e6..4a255838 100644 --- a/docs/apim/API-Management/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md +++ b/docs/apim/API-Management/APIM-Migration/prerequisites-for-the-source-and-the-target-system-1b181dd.md @@ -100,7 +100,20 @@ Both the source and the target system are the system that has your API Managemen - APIPortal.Administrator - AuthGroup.API.Admin - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. To know more about API access plans for API portal, see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD). To know more about API access plan for API business hub enterprise, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD), without which the cloning of the API business hub enterprise entities might fail. + For , see [Accessing API Management APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-portal?version=CLOUD) + + For API business hub enterprise, execute the following mandatory steps: + + - Make a note of the service keys \(`url`, `tokenurl`, `clientId`, and `clientSecret`\) for the given roles, and keep handy. + + - Create a service instance under the *Authorization and Trust Management* tile. + + - Create a destination of type *OAuth2Credentials* to the XSUAA APIs by using the credentials you derived from creating the service key. + + - Create a service instance with the *AuthGroup.API.Admin* role to access theAPI business hub enterprise APIs. + + To perform the above steps, see [Accessing API business hub enterprise APIs Programmatically](https://help.sap.com/docs/integration-suite/sap-integration-suite/api-access-plan-for-api-business-hub-enterprise?version=CLOUD) + - When you have API products protected by the custom roles permission in the source Cloud Foundry system, ensure that custom roles creation and assignments are done in the target Cloud Foundry environment before starting the migration. diff --git a/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md b/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md index c9c4d8bd..08001074 100644 --- a/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md +++ b/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-6d15ffd.md @@ -44,6 +44,3 @@ This topic describes the behavior of the Tenant Cloning Tool with respect to clo > > **Reason for the error**: During migration, the product gets cloned along with the newly revised rate plan in the target tenant. However, while creating the application in the target tenant, the system couldn't locate the revised rate plan ID. The revised rate plan ID was not present in the payload as it belonged to an older subscription, resulting in application creation failure. -> ### Note: -> CacheResources cloning is currently not supported via the Tenant Cloning Tool. You must create it manually on the target using the following service: `/apiportal/api/1.0/Management.svc/CacheResources`. - diff --git a/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md b/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md index 6c7cc4f5..56b4e15b 100644 --- a/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md +++ b/docs/apim/API-Management/APIM-Migration/tenant-cloning-tool-behavior-b23c603.md @@ -44,6 +44,3 @@ This topic describes the behavior of the Tenant Cloning Tool with respect to clo > > **Reason for the error**: During migration, the product gets cloned along with the newly revised rate plan in the target tenant. However, while creating the application in the target tenant, the system couldn't locate the revised rate plan ID. The revised rate plan ID was not present in the payload as it belonged to an older subscription, resulting in application creation failure. -> ### Note: -> CacheResources cloning is currently not supported via the Tenant Cloning Tool. You must create it manually on the target using the following service: `/apiportal/api/1.0/Management.svc/CacheResources`. - diff --git a/docs/apim/API-Management/additional-attributes-in-openapi-specification-35f357c.md b/docs/apim/API-Management/additional-attributes-in-openapi-specification-35f357c.md index bf1097d0..6e8d77e3 100644 --- a/docs/apim/API-Management/additional-attributes-in-openapi-specification-35f357c.md +++ b/docs/apim/API-Management/additional-attributes-in-openapi-specification-35f357c.md @@ -2,759 +2,12 @@ # Additional Attributes in OpenAPI Specification -OpenAPI Specification allows you to define additional attributes or custom extensions that start with `x-`, such as `x-servers`. +OpenAPI Specification allows you to define additional attributes or custom extensions that start with `x-`, such as `x-sap-api-type`. You can use an OpenAPI Specification to describe extra functionality of the API that is not covered by the standard OpenAPI Specification. -Additional attributes or custom extensions are supported on the `root` level of the OpenAPI Specification and in the following places: +. To know more about these additional attributes, see: -- `info` section -- `paths` section -- `responses` section -- `tags` -- Security schemes - -The following additional attributes have been introduced for use with API designer. All these attributes must be defined at the root level of the OpenAPI Specification. - -**List of additional attributes** - - - - - -## x-sap-api-type - -> ### Sample Code: -> ``` -> -> { -> "x-sap-api-type": "ODATA" -> } -> ``` - -You can use this attribute to display the API type. For example: - -The API Type is set according to the following rules of precedence: - -1. If EDMX file is present, then the type is set as ODATA. -2. If WSDL file is present, then the type is set as SOAP. -3. If x-sap-api-type is mentioned in the swagger, then the respective value is set. For OData APIs, to differentiate the V2, and V4 OData APIs, you will need to specify the following values in swagger for the x-sap-api-type attribute: - - - - - - - - - - - - - - - -
- - Type of API - - - - Input - -
- - OData V2 API - - - - ODATA - -
- - OData V4 API - - - - ODATAV4 - -
- -4. The default is REST. - - - - - -## x-sap-shortText - -The `x-sap-shortText` attribute is used to display a short description of your APIs. - -> ### Note: -> The `x-sap-shortText` is a mandatory attribute that must be defined in the API definition file. - -> ### Sample Code: -> ``` -> -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-sap-shortText": " Work with the SAP Workflow service." -> } -> -> ``` - -The text should not exceed 180 characters. The following characters are allowed in the x-sap-shortText: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -Character - - - -Description - -
- -A-Z - - - -Latin letters, case insensitive - -
- -0-9 - - - -Numbers - -
- -  - - - -Space - -
- -\_ - - - -Underscore - -
- -\- — – - - - -Different Hyphens - -
- -. - - - -Dot - -
- -, - - - -Comma - -
- -\(\) - - - -Paranthesis - -
- -'s - - - -Possession apostrophe - -
- -Make sure a short text doesn't contain special characters like $, &, !, %, \\, /, \*, ; and so forth. - -Do not use semicolons to separate two sentences. Rather, make it two separate sentences. - -Please note, though forward slash is not an allowed character to use, it is allowed in a product name, such as S/4HANA or combination of words country/region. - - - - - -## x-sap-stateInfo - -You use `x-sap-stateInfo` attribute to display the current status of an API. - -> ### Note: -> The `x-sap-stateInfo` is an optional attribute. That is, if you do not use this attribute in your API definition file, then by default, the current status of an API is marked as `Active`. However, If you want to publish your API in the `Beta` status or you have decided to transition your API from `Active` to `Deprecated` or `Decommissioned` status, then it is mandatory to use this attribute to indicate the new status of your API. - - - -### API status - -An API can be marked with any of the following statuses: - -- Beta - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is `Beta`. - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.0", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Beta" - > } - > } - > ``` - -- Active - - If `x-sap-stateInfo` attribute is not defined or left empty, then the default status of the API is taken as `Active`. - -- Deprecated - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is deprecated as on 14th August 2018, and a new version of the API is available: - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.2", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Deprecated", - > "deprecationDate": "2018-08-14", - > "successorApi": "http://api.sap.com/api/product_text_classification_api" - > } - > } - > ``` - - > ### Note: - > You must enter the `deprecationDate` in the format `yyyy-mm-dd` - -- Decommissioned - - The following is a sample code snippet of an API definition file in which `x-sap-stateInfo` attribute is used to indicate that the current status of the API is decommissioned as on 05th September 2018, and a new version of the API is available: - - > ### Sample Code: - > ``` - > { - > "swagger": "2.0", - > "info": { - > "title": "Business API", - > "version": "1.1.2", - > "description": "API for Reading Business Partner, Supplier, Customer and Contact Persons" - > }, - > - > "x-sap-stateInfo": { - > "state": "Decommissioned", - > "decommissionedDate": "2018-10-05", - > "successorApi": "http://api.sap.com/api/product_text_classification_api" - > } - > } - > ``` - - - - -### Change Log - -If you have defined the `x-sap-stateInfo` attribute, then you must also ensure that you have entered the change log information in the *Artifact.json* file of your API package. - -> ### Note: -> If you do not enter the changelog information in *Artifact.json* file, then it results in unsuccessful builds. - -**Change Log for a deprecate API**: The following is a sample code snippet of the *Artifact.json* file in which `changelog` attribute is used to indicate the most recent state of the API. - -> ### Sample Code: -> ``` -> { -> "type": "API", -> "changelog": [ -> { -> "state": "Deprecated", -> "date": "2018-09-14", -> "version": "1.0", -> "notes": "New api with enhanced functionality is available" -> }, -> { -> "state": "Active", -> "date": "2018-01-18", -> "version": "1.0.0", -> "notes": "Some bug fixes and performance enhancement" -> }, -> { -> "state": "Active", -> "date": "2021-01-08", -> "version": "1.0.0", -> "notes": "Notifications API has been moved out of Equipment API. Visit Notifications API" -> } -> -> ] -> } -> -> ``` - -> ### Note: -> You must enter the `date` in the format `yyyy-mm-dd`. The most recent state of the API must appear as the first entry under `changelog`, and the values defined for the `state` attribute in `API definition` file and `Artifact.json` file must be same. It is a good practice to indicate the recent changes made to the API using the `notes` attribute. This will help your API consumers to know if they need to follow certain rules or conditions before using the API. - -The following images show a sample API, which is marked `Deprecated` on the : - -![](images/deprecated_API_2_new_49ef553.png) - -**Change Log for a decommissioned API** The following is a sample code snippet of the *Artifact.json* file in which `changelog` attribute is used to indicate the decommissioned state of the API. - -> ### Note: -> When you transition an API from one state to another, you must enter the changelog information in *Artifatct.json* file. SAP Content pipeline strongly recommends the following: -> -> - You add the changelog information if you are publishing the first or intial version of an API. -> - You add the changelog information for every consecutive update of an already published API. - -> ### Sample Code: -> ``` -> { -> "type": "API", -> "changelog": [ -> { -> "state": "Decommissioned", -> "date": "2018-10-05", -> "version": "1.1.2", -> "notes": "This API is decommissioned" -> }, -> { -> "state": "Deprecated", -> "date": "2018-07-18", -> "version": "1.0", -> "notes": "This API is deprecated" -> }, -> { -> "state": "Active", -> "date": "2018-01-18", -> "version": "1.0.0", -> "notes": "Some bug fixes and performance enhancement" -> } -> ] -> } -> -> ``` - -> ### Note: -> You must enter the `date` in the format `yyyy-mm-dd`. The most recent recent state of the API must appear as the first entry under `changelog`, and the values defined for the `state` attribute in `API definition` file and `Artifact.json` file must be same. It is a good practice to indicate the recent changes made to the API using the `notes` attribute. This will help your API consumers to know if they need to follow certain rules or conditions before using the API. - -The following images shows a sample API, which is marked `Decommissioned` on the : - -![](images/decommissioned_api_3e00d2c.png) - - - -### Deprecating API Operation or Parameter - -**Marking an API operation or parameter as deprecated** - -> ### Note: -> In OpenAPI 2.0 specification, you have the provision to mark only an API operation as deprecated whereas in OpenAPI 3.0 specification, you can mark both API operation and a parameter as deprecated. - -In OpenAPI 2.0, use `deprecated: true` to mark an API operation as deprecated. - -> ### Sample Code: -> operation deprecation -> -> ``` -> { -> "paths": { -> "/list": { -> "get": { -> "responses": { -> "200": { -> "description": "This API Operation is deprecated." -> } -> } -> }, -> "deprecated": true -> } -> } -> } -> ``` - -In OpenAPI 3.0, use `deprecated: true` to mark an API operation and parameter as deprecated. - -> ### Sample Code: -> operation deprecation -> -> ``` -> { -> "paths": { -> "/list": { -> "get": { -> "responses": { -> "200": { -> "description": "This API Operation is deprecated." -> } -> } -> }, -> "deprecated": true -> } -> } -> } -> ``` - -> ### Sample Code: -> parameter deprecation -> -> ``` -> { -> "in": "query", -> "name": "id", -> "required": true, -> "schema": { -> "type": "string" -> }, -> "deprecated": true, -> "description": "Deprecated, use 'itemId' parameter instead." -> } -> ``` - -For more information, see [API Deprecation Policy](https://help.sap.com/doc/DRAFT/6a987e2f83f247649f52baa43d89eb1b/Dev/en-US/CTO%20Circle%20-%20API%20Deprecation%20final.pdf). - - - - - -## x-sap-csrf-token-path - -You use this attribute to provide a path relative to the basepath of your API for fetching X-CSRF-Token. That is, this attribute must contain the path of a resource that handles the fetching of x-csrf token requests. The relative path provided must not include server and transfer protocol information. - -> ### Sample Code: -> ``` -> { -> "host": "api.workflow.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/workflow-service/rest", -> "x-sap-csrf-token-path": "/" -> } -> ``` - -> ### Note: -> The relative\_path must be a path relative to the basepath that you have provided in your API. - -> ### Sample Code: -> Example -> -> ``` -> { -> "host": "api.workflow.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/workflow-service/rest", -> "x-sap-csrf-token-path": "/v1/xsrf-token" -> } -> ``` - - - - - -## x-sap-software-min-version - -You use this attribute to provide the minimum software version. For example: - -> ### Sample Code: -> ``` -> -> -> { -> "x-sap-software-min-version": "SAP NetWeaver 2.0" -> } -> ``` - - - - - -## x-sap-ext-overview - -You can use this attribute to provide stakeholder-specific information. For example: - -> ### Sample Code: -> ``` -> -> { -> "x-sap-ext-overview": [{ -> "name": "Communication Scenarios", -> "values": ["SAP_COM_0025 Name of SAP_COM_0025", "SAP_COM_0028 Name of SAP_COM_00028"] -> }, -> { -> "name": "Additional Property", -> "values": ["EntryValue1", "EntryValue2", "EntryValue3"] -> }] -> } -> -> ``` - -> ### Remember: -> Authentication details must not be a part of the x-sap-ext-overview. Add authentication details in the security scheme section. - - - - - -## x-servers - -The Open API specification 2.0 does not support multiple hosts \(and ports\), neither are path templating or patterns supported. Some APIs need support for both multiple hosts and path templating in the host parameter. This is because the host and landscape vary between regions. - -These features is supported in the `servers` property in the Open API specification v3.0. However, in Open API specification v2.0, the required configuration values can be added via the custom extension `x-servers`. - -For more information about how to specify sandbox url and multiple hosts or production servers in OpenAPI 3.0, see the Sandbox and Configure Information sections in [Governance Guidelines for API Packages](https://help.sap.com/viewer/4fb3aee633a84254a48d3f8c3b5c5364/Cloud/en-US/1e1cd898d3984bc79f214202e12ad5b5.html "A checklist to ensure your APIs have been correctly packaged before they are published on the SAP Business Accelerator Hub.") :arrow_upper_right: - -See [here](https://blogs.sap.com/2018/01/05/open-api-spec-2.0-vs-3.0/) to know more information about the differences between OpenAPI 2.0 and Open API 3.0 specifications - -If values are supplied for host, schemes, and basepath, then they together form the root URL of the API. The root URL points to a Sandbox system or a test system wherein the API can be tested. - -> ### Sample Code: -> ``` -> -> { -> "host": "sandbox.api.sap.com", -> "schemes": [ -> "https" -> ], -> "basePath": "/sap/v1" -> } -> ``` - -For more information on how to define schemes, host and basepath in the API specification, see [API Designer](api-designer-51f3ca1.md). - -`x-servers` attribute is used when you want to specify multiple hosts, for example, to specify values for different servers located across various geographical boundaries. The example below shows how multiple hosts with path templates can be defined using x-servers attribute. - -``` -{ - "info": { - "title": "This sample is a reference service, which runs on SAP BTP showcasing the e-commerce APIs for products, and suppliers.", - "version": "1.0" - }, - "x-servers": [ - { - "url": "https://{appname}{accountname}.{landscapehost}/espm-cloud-web/espm.svc/secure", - "description": "ESPM OData endpoints", - "templates": { - "appname": { - "default": "espm", - "description": "The application name used while deploying the ESPM application" - }, - "accountname": { - "description": "The SAP BTP subaccount id where the application is deployed" - }, - "landscapehost": { - "enum": [ - "hana.ondemand.com", - "us1.hana.ondemand.com", - "us2.hana.ondemand.com", - "ap1.hana.ondemand.com", - "hanatrial.ondemand.com" - ], - "default": "hana.ondemand.com", - "description": "The region(host) where the application is deployed." - } - } - } - ] -} -``` - - - - - -## x-sap-direction - -You can use this optional attribute to indicate the direction in which an API operates. - -The value for this field would be one of the following: - -- `inbound` \(default\) -- `outbound` -- `mixed` \(both inbound and outbound\) - -> ### Sample Code: -> ``` -> { -> "x-sap-direction": "outbound" -> } -> ``` - - - - - -## x-sap-extensible - -This optional attribute lets you indicate that a particular API is extensible. - -The value for this field would be one of the following: - -- `Manual`: API can be extended manually by custom fields in some business contexts. -- `Automatic`: API can be extended automatically using tools by custom fields in some business contexts. -- `No`: API can't be extended. - -> ### Sample Code: -> ``` -> { -> "x-sap-extensible": { -> "supported": "manual", -> "description": "API can be extended by custom fields on the following business contexts (field usage for this API needs to be selected):\r\n* Procurement: Purchasing Document (MM_PURDOC_HEADER)\r\n* Procurement: Purchasing Document Item (MM_PURDOC_ITEM)\r\n\r\n[How to add an extension field to an API](https://help.sap.com/viewer/9a281eac983f4f688d0deedc96b3c61c/latest/en-US/57909455bf7c4fdd8bcf48d76c1eae33.html)" -> }, -> } -> ``` - - - - - -## x-targetEndpoint - -For an API artifact to be working, you need to specify the target endpoint. - -> ### Sample Code: -> ``` -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-targetEndpoint": " -> https://sap.com" -> } -> ``` - - - - - -## Handcrafting your Open API Specification - -Handcrafting your Open API Specification to create a valid API artifact. - -For an API artifact to be working, you need to have a valid base path, virtual host, and target endpoint. - -For example, - -> ### Sample Code: -> ``` -> { -> "info": { -> "title": "SAP Workflow service API", -> "description": "Provides functionality to work with SAP Workflow service. You can, for example, start new workflow instances and work with tasks." -> }, -> "x-targetEndpoint": " -> https://sap.com" -> } -> ``` - -Virtual Host and Base Path information can be indicated using different attributes depending on the OpenAPISpecification version. - -Here’s an example for OpenAPISpecification 3.0: - -> ### Sample Code: -> ``` -> { -> "servers": [ -> { -> "url": " -> https://vh1.com/apipath1" -> } -> ] -> } -> ``` - -Where vh1.com indicates the virtual host and "apipath1" is the base path. - -Here’s an example for Swagger 2.0: - -> ### Sample Code: -> ``` -> -> { -> "host": "https://vh1.com:443" -> "basePath": "apipath1" -> } -> -> -> ``` - -Where vh1.com indicates the VH and "apipath1" is the base path. +- [Defined Specification Extensions for OpenAPI Specification v2.0](https://github.com/SAP/openapi-specification/tree/main/sap-schemas/v2.0#defined-specification-extensions) +- [Defined Specification Extensions for OpenAPI Specification v3.0](https://github.com/SAP/openapi-specification/tree/main/sap-schemas/v3.0#defined-specification-extensions) diff --git a/docs/apim/API-Management/additional-configurations-de7285c.md b/docs/apim/API-Management/additional-configurations-de7285c.md index 5661e7f9..7a1d98fe 100644 --- a/docs/apim/API-Management/additional-configurations-de7285c.md +++ b/docs/apim/API-Management/additional-configurations-de7285c.md @@ -17,3 +17,5 @@ Certificates give you the credentials and the knowledge needed to create an API [Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the , or by using the embedded API designer.") + diff --git a/docs/apim/API-Management/analyze-apis-7712c61.md b/docs/apim/API-Management/analyze-api-proxies-7712c61.md similarity index 95% rename from docs/apim/API-Management/analyze-apis-7712c61.md rename to docs/apim/API-Management/analyze-api-proxies-7712c61.md index 998c9249..969be3eb 100644 --- a/docs/apim/API-Management/analyze-apis-7712c61.md +++ b/docs/apim/API-Management/analyze-api-proxies-7712c61.md @@ -1,8 +1,8 @@ -# Analyze APIs +# Analyze API Proxies -Use the capabilities of API Analytics to analyze API usage and performance. +Use the capabilities of API Analytics to analyze API proxy usage and performance. provides comprehensive analytics capabilities to understand the various patterns of API consumption and performance. The API Analytics server uses the runtime data of the APIs to analyze the information. The runtime data is gathered, analyzed, and displayed as charts, headers, and key performance indicators \(KPIs\). diff --git a/docs/apim/API-Management/api-management-faqs-2d16070.md b/docs/apim/API-Management/api-management-faqs-2d16070.md new file mode 100644 index 00000000..541c824e --- /dev/null +++ b/docs/apim/API-Management/api-management-faqs-2d16070.md @@ -0,0 +1,322 @@ + + +# API Management FAQs + +Frequently asked questions for SAP API Management. + + + + + +## Connections + + + + + + + + + + + + + + + +
+ +Questions + + + +Answers + +
+ +How does API Management connect to on-premise back-end system \(SAP CRM, ERP, S/4 Hana\)? + + + +SAP API Management supports cloud connector and through cloud connector, it connects to backend on premise system. + +
+ +If APIM connects to on-premise system via cloud connector, is there any degrade in the performance? + + + +We do not see any degradation in performance when connecting APIM to on-premise system via cloud connector. + +
+ + + + + +## Supported Technologies + + + + + + + + + + + + + + + +
+ +Questions + + + +Answers + +
+ +Are HANA xsOData APIs supported by API Management? + + + +Yes, HANA xsOData APIs are supported by API Management. Further, API Management takes advantage of ODATA REST APIs through the metadata. This allows to quickly create API proxies, which will automatically import resources and documentation from the metadata. For more information, see [Connecting and exposing APIs from SAP HANA](https://community.sap.com/t5/technology-blogs-by-sap/blog-series-api-provider-part-4-connecting-and-exposing-apis-from-sap-hana/ba-p/13311799). + +
+ +Are JMS, AS2, RFC supported by API Management? + + + +No. These communication protocols are quite specific, and not within the scope of a dedicated API Management solution. For advanced integration scenarios in which protocol conversion or protocol support is needed, we recommend to use SAP Cloud Integration. + +
+ + + + + +## Differences Between Services + + + + + + + + + + + + + + + + + + + + + + + +
+ +Questions + + + +Answers + +
+ +What is the difference between SAP API business hub enterprise and SAP API Management? + + + +SAP API Management is a solution that helps customers to secure, manage, transform and publish APIs from both SAP and non-SAP systems. The published APIs can be consumed within mobile or web applications on any platform. Application developers who want to use a published API need to subscribe to the respective API. Usage of the published APIs can be monitored and analyzed from SAP API Management. + +SAP API business hub enterprise provides a central catalog of SAP and selected partner APIs allowing developers to search, discover, experience and consume the services they need to build new applications, app extensions or process integrations. + +
+ +What is the difference between an Enterprise Service Bus \(ESB\) with API Management Capabilities and SAP API Management? + + + +Enterprise Service Buses \(ESB\) are solutions designed to perform integration between siloed applications and systems, and direct partners. ESB evolved from the backend upwards, providing adapters to systems of records. ESB usually runs in the core of the IT, serves predictable traffic and provides protection against typical internal threats. Also, developers using the ESB’s interfaces are usually part of the core IT team, hence they have simplified access to the interfaces and their documentation. + +API Management is a solution designed at managing connectivity of modern, API-based, clients and applications: each interaction with the client or application involves a query to the backend. API Management is designed for the access from the outside world, with specific and unpredictable traffic as well as specific security threats. Lastly, because developers using the APIs may not be part of the core IT team of the providing organization, they need to rely on a well-documented and self-service oriented API Catalog to work efficiently. + +All the aspects described below significantly differentiate an ESB and an API Management: + +- An ESB is built for predictable traffic and internal usage, whereas API Management can handle unpredictable and very high traffic. + +- An ESB usually does not provide business monitoring capabilities, which is provided by API Management to steer digitalization projects. +- An ESB is built for securing interfaces using standard internal integration mechanisms, whereas API Management provides resilience to specific, new internet threats. +- An ESB can integrate with an Enterprise Service Repository, whereas API Management is built from the ground to provide simple API access to the developers through an API catalog. + + + +
+ +How is the API trial offering different from product offering? + + + +There is no difference in the feature set. All features available in production are also available in the trial. However, in the trial, you cannot onboard other developers. + +
+ +Is Raise Fault policy different from Fault Rules? + + + +In API Management, the Raise Fault policy is used to generate a custom HTTP status code. For more information, see [Creating your own status codes](https://community.sap.com/t5/technology-blogs-by-sap/sap-api-management-creating-your-own-status-codes/ba-p/13332769). + +
+ + + + + +## Capabilities + + + + + + + + + + + + + + + + + + + +
+ +Questions + + + +Answers + +
+ +Can non-SAP APIs be managed by API Management? + + + +Yes, API Management is agnostic when it comes to the APIs it manages. It can handle SAP APIs, non-SAP APIs, ODATA REST APIs, and many others. + +
+ +Can you implement business logic in API Management? + + + +Yes, it is possible to some extent. However, complex business logic should either be externalized into a microservice or implemented in the integration layer, such as SAP Cloud Integration. + +
+ +Is data validation possible within API Management? + + + +Yes, to some extent. XML formats can be validated against XML schemas, for instance. However, API Management does not validate the content of the message itself but rather checks the metadata and structure of the payload. For instance, API Management will fend off threats like XML bombs, amount of nested JSON structures, or code injections. + +
+ + + + + +## Other + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Questions + + + +Answers + +
+ +How to use SAP PO's SOAP interfaces in API Management? + + + +SAP Process Orchestration is the middleware of choice for SAP customers to build A2A and B2B interfaces. In this digital age, more customers are opening up interfaces for digital interactions as open APIs. Open APIs are used to integrate with partners and with other supply chain business networks and marketplaces. APIs are becoming the digital building blocks for integrations, especially in the B2B world. For more information, see [Blog Series](https://community.sap.com/t5/technology-blogs-by-sap/blog-series-use-sap-cloud-platform-api-management-to-expose-sap-process/ba-p/13343283). + +
+ +Where can I find more information on policies? + + + +For detailed information regarding policy types, see [Policy Types](https://help.sap.com/docs/sap-api-management/sap-api-management/policy-types?version=Cloud). + +
+ +How to onboard an application developer on the developer portal? + + + +For detailed instructions on how to onboard an application developer, see [Onboard an Application Developer](https://help.sap.com/docs/sap-api-management/sap-api-management/onboard-application-developer?version=Cloud). + +
+ +What are the predefined variables available in API Management policies? + + + +For detailed information of all the available variables in API Management policies, see [Variable References](https://help.sap.com/docs/sap-api-management/sap-api-management/variable-references?version=Cloud). + +
+ +What are the security policies offered by API Management? + + + +API Management offers many out-of-the-box API security best practices which can be customized based on your enterprise requirements. For more detailed information, see [API Security Best Practices](https://community.sap.com/t5/technology-blogs-by-sap/part-1-api-security-best-practices-restrict-access-to-api-based-on-ip/ba-p/13335433). + +
+ diff --git a/docs/apim/API-Management/archive-2023-a8dd11f.md b/docs/apim/API-Management/archive-2023-a8dd11f.md index 5c873b82..67e2da74 100644 --- a/docs/apim/API-Management/archive-2023-a8dd11f.md +++ b/docs/apim/API-Management/archive-2023-a8dd11f.md @@ -222,7 +222,7 @@ Manage external content in API business hub enterprise -The new *Manage External Content* option in *Enterprise Manager* enables you to configure additional content, such as Business Data Graphs \(BDGs\), for display on the API business hub enterprise. For more information, see [Manage External Content \(New Design\)](https://help.sap.com/docs/integration-suite/sap-integration-suite/manage-external-content-new-design). +The new *Manage External Content* option in *Enterprise Manager* enables you to configure additional content, such as Business Data Graphs \(BDGs\), for display on the API business hub enterprise. @@ -420,7 +420,7 @@ API Revisions Unique naming pattern for Drafts in API Revisions to clearly differentiate between the deployed draft and the working draft and the drafts originating from revisions. -See: [Creating API Revisions](https://help.sap.com/docs/integration-suite/sap-integration-suite/creating-api-revisions) \(SAP API Management customers choose: [Creating API Revisions](https://help.sap.com/docs/sap-api-management/sap-api-management/creating-api-revisions-0a0d7d41222e42e4834b30c89609f400)\) +See: [Creating API Revisions](https://help.sap.com/docs/integration-suite/sap-integration-suite/creating-api-revisions?version=CLOUD) \(SAP API Management customers choose: [Creating API Revisions](https://help.sap.com/docs/sap-api-management/sap-api-management/creating-api-revisions-0a0d7d41222e42e4834b30c89609f400)\) @@ -619,7 +619,7 @@ Certificate-based Credentials -The connection between the centralised API business hub enterprise and the API portal has been secured with certificate-based authentication. For more information, see [Create a Connection Request for the Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/02f7877360a64c6b8d853fed9b2d9cc6.html "To publish the API portal content on the API business hub enterprise, you must create a request to connect the API portal to the API business hub enterprise.") :arrow_upper_right: and [Create a Connection Request for the Centralized API business hub enterprise](APIM-Initial-Setup/create-a-connection-request-for-the-centralized-api-business-hub-enterprise-c7bda8c.md). +The connection between the centralised API business hub enterprise and the API portal has been secured with certificate-based authentication. For more information, see [Create a Connection Request for the Centralized API business hub enterprise](APIM-Initial-Setup/create-a-connection-request-for-the-centralized-api-business-hub-enterprise-c7bda8c.md). @@ -1389,7 +1389,7 @@ API business hub enterprise -The mandatory Client ID and Client Secret fields on *Edit Credentials* popup have been replaced with *\*API Portal Access Credentials* field. For more information, see [Updating the Connection Request Credentials for a Pending Request](APIM-Initial-Setup/updating-the-connection-request-credentials-for-a-pending-request-dd37a7b.md) and [Updating the Connection Request Credentials for a Submitted Request \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/eb84854e31d943b490af77cfb218ddbb.html "Update the credentials you've used to establish a connection between the API portal and the API business hub enterprise.") :arrow_upper_right:. +The mandatory Client ID and Client Secret fields on *Edit Credentials* popup have been replaced with *\*API Portal Access Credentials* field. For more information, see [Updating the Connection Request Credentials for a Pending Request](APIM-Initial-Setup/updating-the-connection-request-credentials-for-a-pending-request-dd37a7b.md). @@ -1499,12 +1499,3 @@ API Management -**Related Information** - - -[2022 Archives](2022-archives-7eaa63d.md "") - -[2021 Archives](2021-archives-bdf0f0e.md "") - -[2020 Archives](2020-archives-085f4e9.md "") - diff --git a/docs/apim/API-Management/assign-permission-to-a-product-via-ui-09fb892.md b/docs/apim/API-Management/assign-permission-to-a-product-via-ui-09fb892.md index 540a2a3a..b3e08bc4 100644 --- a/docs/apim/API-Management/assign-permission-to-a-product-via-ui-09fb892.md +++ b/docs/apim/API-Management/assign-permission-to-a-product-via-ui-09fb892.md @@ -22,7 +22,7 @@ Whenever you create a product or edit a draft product, permissions can be added > ### Note: > Currently, we do not support assigning of permissions to the products defined in the remote API portals that are connected to a centralised API business hub enterprise. > -> \*Remote API portals are those that are not in the same subaccount as the centralised API business hub enterprise and are configured via the manage connections. For more information, [Centralized API business hub enterprise](APIM-Initial-Setup/centralized-api-business-hub-enterprise-38422de.md) and [Centralized API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/33b706f4f2e148ffb1cb9289d5cda27d.html "The centralized API business hub enterprise is a central API catalog, allowing application developers to consume APIs and other assets, from a common platform.") :arrow_upper_right:. +> \*Remote API portals are those that are not in the same subaccount as the centralised API business hub enterprise and are configured via the manage connections. For more information, [Centralized API business hub enterprise](APIM-Initial-Setup/centralized-api-business-hub-enterprise-38422de.md). diff --git a/docs/apim/API-Management/auditing-and-logging-information-for-api-management-77024b3.md b/docs/apim/API-Management/auditing-and-logging-information-for-api-management-77024b3.md index 1a64e416..cb67fa55 100644 --- a/docs/apim/API-Management/auditing-and-logging-information-for-api-management-77024b3.md +++ b/docs/apim/API-Management/auditing-and-logging-information-for-api-management-77024b3.md @@ -320,7 +320,7 @@ Example: -[Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right: +[Create an Application](create-an-application-a501a6d.md) diff --git a/docs/apim/API-Management/components-of-api-management-24f1af0.md b/docs/apim/API-Management/components-of-api-management-24f1af0.md index 124f643c..31446fc1 100644 --- a/docs/apim/API-Management/components-of-api-management-24f1af0.md +++ b/docs/apim/API-Management/components-of-api-management-24f1af0.md @@ -20,7 +20,7 @@ Allows you to deploy and productively use your APIs. Applications consume the AP ### API Portal -The one-stop-shop to create, secure, and publish API Proxies. This is the place for easy discovery of APIs, and you the API Administrator, can manage, meter, secure your APIs, as well as define and publish rate plans. To know more about using the API Portal see, . +The one-stop-shop to create, secure, and publish API Proxies. This is the place for easy discovery of APIs, and you the API Administrator, can manage, meter, secure your APIs, as well as define and publish rate plans. To know more about using the API Portal see, [Build API Proxies](build-api-proxies-74c042b.md) and [Publish API Proxies](publish-api-proxies-75a4a11.md). @@ -32,7 +32,7 @@ Self-service for application developers to discover, browse, and explore APIs, s ### API Analytics -Provides powerful analytical tools to track your API usage. Use API Analytics to collect information on the URL, user ID for API call information, latency data, and so on. To know more about API Analytics, and how you can use it, see [Analyze APIs](analyze-apis-7712c61.md). +Provides powerful analytical tools to track your API usage. Use API Analytics to collect information on the URL, user ID for API call information, latency data, and so on. To know more about API Analytics, and how you can use it, see [Analyze API Proxies](analyze-api-proxies-7712c61.md). diff --git a/docs/apim/API-Management/consume-api-proxies-ea561e4.md b/docs/apim/API-Management/consume-api-proxies-ea561e4.md index 21f93584..9919475d 100644 --- a/docs/apim/API-Management/consume-api-proxies-ea561e4.md +++ b/docs/apim/API-Management/consume-api-proxies-ea561e4.md @@ -9,15 +9,9 @@ Consume API proxies via the API business hub enterprise. In the API business hub If you've added API business hub enterprise as a capability with Integration suite, or if you’ve subscribed to the API business hub enterprise as part of the standalone API Management subscription, you have the option to experience the new design of the API business hub enterprise user interface along with the classic design. -When you login for the very first time, you’ll still see the classic design of the API business hub enterprise. However, you can use the toggle switch to view the new design. At this point of time, only the Site Administrator can use the toggle switch. - > ### Note: > By default, the Site Administrator has an option to switch from classic to new design and set the new design as the default UI using the **Site Editor.** The Site Administrator has the right to enable the configuration to let all the other users switch between the old and the new design. For more information, see [Customize the Visual Format of the API business hub enterprise](customize-the-visual-format-of-the-api-business-hub-enterprise-2eacd52.md). -Refer this video for a complete walk through of the new design of the API business hub enterprise: - - - ![](images/ABHE_Block_509b298.png) API business hub enterprise is an application that provides a common platform for Application developers to consume API proxies. Every API Management customer is provided with their own API business hub enterprise application on cloud. The API business hub enterprise offers capabilities to onboard application developers, explore and test API proxies, create and subscribe to Applications. @@ -26,6 +20,10 @@ The API business hub enterprise supports the following features: - **Onboard an Application developer**- To explore the API proxies and subscribe to an Application, an Application developer must be registered to the API business hub enterprise. On registering, the Application developer is provided access to the API business hub enterprise. - **Browse Catalog**- Explore the Products \(assembled APIs\) available in the Catalog store, navigate to individual API proxies, read the API Documentation, and view the resources attached to the API proxies. + + > ### Note: + > A limitation within the open-source Swagger library, on which the API business hub enterprise relies, causes slow, improper, or no rendering of API schemas that contain circular references on deeply nested models on the platform. + - **Create Applications** – An Application developer can create on or more applications to consume API proxies. To consume the API proxies, an Application developer must subscribe to an Application \(assembled Products\). It is by subscribing to an Application that you return to the developer the key required to access the API proxies. - **Download JSON**- You can download the open API specification for the APIs that are part of the API business hub enterprise in JSON format. This enables the developer to use the metadata of the APIs for various aspects such as code/SDK generation for developing applications. @@ -36,7 +34,5 @@ The API business hub enterprise supports the following features: **Related Information** -[Configure the API business hub enterprise \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b71b166d6984e8f81a212568af5ce94.html "You can configure the API business hub enterprise to personalize it for your organization.") :arrow_upper_right: - [Configure API business hub enterprise](configure-api-business-hub-enterprise-54b4607.md "You can configure and customize the API business hub enterprise to suit your organization's needs.") diff --git a/docs/apim/API-Management/create-an-api-proxy-c0842d5.md b/docs/apim/API-Management/create-an-api-proxy-c0842d5.md index 910566f4..1e260204 100644 --- a/docs/apim/API-Management/create-an-api-proxy-c0842d5.md +++ b/docs/apim/API-Management/create-an-api-proxy-c0842d5.md @@ -258,11 +258,27 @@ Instead of consuming services directly, application developers can access API pr > > For more information on how to define multiple target endpoints using Route Rule, see [Enable Dynamic Routing](enable-dynamic-routing-49cbe91.md). -10. To define multiple target endpoints, navigate to the *Target EndPoint* tab and choose *Add*. +10. To define target endpoint properties, navigate to the *Target EndPoint* tab and choose *Add*. - Enter the *Property Name* and the *Values*. For the Target Endpoint property specifications, see [Target Endpoint Properties](target-endpoint-properties-edeed6a.md). + Enter the *Property Name* and the *Values*. For the target endpoint property specifications, see [Target Endpoint Properties](target-endpoint-properties-edeed6a.md). -11. Once you’ve filled in all the required details of the API, you can select one of the following two actions for the API: +11. To define multiple target endpoints, navigate to the *Target EndPoint* tab. + + Choose *Add* next to the *Target EndPoint* dropdown menu. + + In the *Add Target EndPoint* dialog, fill in the target endpoint *Name*, select the *API Provider*, where you want the target endpoint to point to, and specify the *Relative URL*, then choose *Add*. + + > ### Note: + > Only target endpoints of the type API provider can be added in this dialog. + + > ### Note: + > If you have an API proxy with a multi-target endpoint, it is recommended that the name of the target endpoint should be between 2 and 255 characters. If you enter a single character in the name field for the provider types OpenConnector or Cloud Integration Flow, the API proxy cannot be deployed to the runtime. + + Once added, the target endpoint will appear in the *Target EndPoint* dropdown menu. You can also change the type of the target endpoint from API provider to API proxy or URL. + + To add policies to the target endpoint, choose *Policies* from the top-right corner of the page. You can then view the target endpoint flow and the policies applied to it in the*Policy Editor*. To view the policies associated with a different target endpoint, you can navigate back to the *Target EndPoint* tab on the proxy details page. Select the desired target endpoint and return to the *Policy Editor*. + +12. Once you’ve filled in all the required details of the API, you can select one of the following two actions for the API: diff --git a/docs/apim/API-Management/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md b/docs/apim/API-Management/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md index 1d1766cd..ab97e97a 100644 --- a/docs/apim/API-Management/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md +++ b/docs/apim/API-Management/creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md @@ -94,7 +94,7 @@ Instead of directly consuming API services, application developers can access AP 8. Choose *Create*. - An API provider is auto-created with the name that is populated in the *Name* field of the *Create API* dialog. This auto-created API provider helps in storing the user credentials provided in the *Authentication* dialog and connects to the API proxy. + An API provider is auto-created with the name that is populated in the *Name* field of the *Create API* dialog. This creates an API provider of type *Cloud Integration Flow*. This auto-created API provider helps in storing the user credentials provided in the *Authentication* dialog and connects to the API proxy. 5. A *Create API* screen opens with the API proxy name on the top. You can edit the API proxy details, if necessary and choose*Save*. diff --git a/docs/apim/API-Management/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md b/docs/apim/API-Management/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md index 77cf8a7f..54ca5856 100644 --- a/docs/apim/API-Management/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md +++ b/docs/apim/API-Management/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md @@ -65,6 +65,6 @@ An API business hub enterprise administrator can perform the following tasks: > ### Note: > You can create a maximum of 18 custom attributes per application. You cannot modify the name of a created custom attribute. However, you can modify its value whenever required. You can delete a custom attribute if it is no longer needed. - For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/1cbd94c86c054d66b3826f6cd91e0df8.html "") :arrow_upper_right:. + For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](example-accessing-the-custom-attributes-of-an-application-1cbd94c.md). diff --git a/docs/apim/API-Management/creating-an-application-with-application-developer-role-99515fc.md b/docs/apim/API-Management/creating-an-application-with-application-developer-role-99515fc.md index 718700ba..59516217 100644 --- a/docs/apim/API-Management/creating-an-application-with-application-developer-role-99515fc.md +++ b/docs/apim/API-Management/creating-an-application-with-application-developer-role-99515fc.md @@ -64,6 +64,6 @@ You are about to create an application and add products to your application. You > ### Note: > You can create a maximum of 18 custom attributes per application. You cannot modify the name of a created custom attribute. However, you can modify its value whenever required. You can delete a custom attribute if it is no longer needed. - For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/1cbd94c86c054d66b3826f6cd91e0df8.html "") :arrow_upper_right:. + For more information on the usage of custom attributes in an application, see [Example: Accessing the Custom Attributes of an Application](example-accessing-the-custom-attributes-of-an-application-1cbd94c.md). diff --git a/docs/apim/API-Management/creating-the-references-ddc5fdf.md b/docs/apim/API-Management/creating-the-references-ddc5fdf.md index bb0b016b..ae480906 100644 --- a/docs/apim/API-Management/creating-the-references-ddc5fdf.md +++ b/docs/apim/API-Management/creating-the-references-ddc5fdf.md @@ -36,7 +36,7 @@ You can use the CertificateStoreReferences API to create a new certificate store > ### Sample Code: > ``` > { - > "name": "reference-name" + > "name": "reference-name", > "certificateStoreName": "store-name" > } > diff --git a/docs/apim/API-Management/data-protection-and-privacy-for-api-management-d50613e.md b/docs/apim/API-Management/data-protection-and-privacy-for-api-management-d50613e.md index 89cac704..cf346669 100644 --- a/docs/apim/API-Management/data-protection-and-privacy-for-api-management-d50613e.md +++ b/docs/apim/API-Management/data-protection-and-privacy-for-api-management-d50613e.md @@ -204,7 +204,7 @@ API Management stores the API portal administrator’s user ID. Storing the user API Management stores personal information such as first name, last name, user ID, and e-mail ID of users who have logged on to the Developer Portal. All the personal information stored in the application is deleted when the access for the corresponding user is revoked. -In API Management, application developers can contact their developer portal administrators to have their personal data erased and access revoked. For more information, see [Revoke Access \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/147fb9dca1414f6a956dd05b4c86d74d.html "Revoke the access of an application developer.") :arrow_upper_right: and [Delete Data of Unregistered Users](delete-data-of-unregistered-users-d548233.md). +In API Management, application developers can contact their developer portal administrators to have their personal data erased and access revoked. For more information, see [Revoke Access \[New Design\]](revoke-access-new-design-ce609bb.md) and [Delete Data of Unregistered Users](delete-data-of-unregistered-users-d548233.md). diff --git a/docs/apim/API-Management/different-methods-of-creating-an-api-proxy-4ac0431.md b/docs/apim/API-Management/different-methods-of-creating-an-api-proxy-4ac0431.md index 8f12e064..9a1035a3 100644 --- a/docs/apim/API-Management/different-methods-of-creating-an-api-proxy-4ac0431.md +++ b/docs/apim/API-Management/different-methods-of-creating-an-api-proxy-4ac0431.md @@ -65,5 +65,7 @@ You can also view the applications you’ve subscribed to. To know more, see [Vi [Key Components of an API](key-components-of-an-api-19c0654.md "This section introduces you to some of the key components of an API that you need to know before building APIs.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the , or by using the embedded API designer.") + [Additional Configurations](additional-configurations-de7285c.md " ") diff --git a/docs/apim/API-Management/edit-an-api-proxy-a64b952.md b/docs/apim/API-Management/edit-an-api-proxy-a64b952.md index d8c71056..91170630 100644 --- a/docs/apim/API-Management/edit-an-api-proxy-a64b952.md +++ b/docs/apim/API-Management/edit-an-api-proxy-a64b952.md @@ -90,12 +90,59 @@ Consider the following examples: @@ -145,3 +192,12 @@ Consider the following examples: The changes you've made to the API are saved and deployed successfully. +**Related Information** + + +[Key Components of an API](key-components-of-an-api-19c0654.md "This section introduces you to some of the key components of an API that you need to know before building APIs.") + +[Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") + +[Additional Configurations](additional-configurations-de7285c.md " ") + diff --git a/docs/apim/API-Management/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md b/docs/apim/API-Management/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md new file mode 100644 index 00000000..e45aa164 --- /dev/null +++ b/docs/apim/API-Management/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md @@ -0,0 +1,80 @@ + + +# Example: Accessing the Custom Attributes of an Application + +Let’s say as a Developer Portal Administrator, you would want to restrict the number of calls to an application based on Application Key. To achieve this result, you create two applications `Application_1` and `Application_2`. + +`Application_1` contains two products namely `Prod_1` and `Prod_2`. + +`Application_2` contains two products namely `Prod_3` and `Prod_4`. + +`Prod_1` and `Prod_2`contain two common APIs namely `API_1` and `API_2`. + +For `Application_1`, add the following custom attributes and its corresponding values: + +- app\_time\_unit = minute +- app\_quota\_interval = 1 +- app\_quota\_count = 9 + +For `Application_2`, add the following custom attributes and its corresponding values: + +- app\_time\_unit = minute +- app\_quota\_interval = 1 +- app\_quota\_count = 5 + +To leverage these custom attributes in your API proxy execution, you must: + +- add a verify API Key policy to the APIs that are part of your application. +- add a Quota policy to APIs that are part of your application. + +For `API_1` and `API_2`, add the following sample policy payloads: + +Sample payload for Verify API Key policy: + +> ### Sample Code: +> ``` +> +> xmlns='http://www.sap.com/apimgmt'> +> +> +> ``` + +Sample payload for Quota policy: + +> ### Sample Code: +> ``` +> +> +> +> +> +> +> +> +> +> true +> +> 2015-2-11 12:00:00 +> +> true +> +> +> +> +> +> ``` + +> ### Note: +> The attribute names `app_quota_interval`, `app_quota_count`, and `app_time_unit` must be the same attributes that you have added while creating the application. + +To verify if the custom attributes are used in runtime, make an API call with `` passed as a query parameter. For example, `https://?apikey=`. + +Call the same URL repeatedly and after 9 successive calls, your API proxy must return a Quota violation message. + +Similarly, make an API call with `` passed as a query parameter. For example,`https://?apikey=`. + +Call the same URL repeatedly and after 6 successive calls, your API proxy must return a Quota violation message. + diff --git a/docs/apim/API-Management/file-resource-79299d3.md b/docs/apim/API-Management/file-resource-79299d3.md index 76a95966..05b8cfae 100644 --- a/docs/apim/API-Management/file-resource-79299d3.md +++ b/docs/apim/API-Management/file-resource-79299d3.md @@ -2,7 +2,7 @@ # File Resource -File resource is a script or code snippet that can be attached to flows using policies. +File resources are scripts or schemas that can be attached to flows using policies. -An API proxy container supports definition of a number of Java, Python, or XSL scripts. These scripts can be executed in the context of either a java script, python script, or XSL transformation policy. Once a script is defined, it can be applied as a either a java script, python script, or XSL transformation policy in different flows. +An API proxy container supports definition of a number of Javascript, Python, XSL scripts. It also supports XSD ad WSDL schemas. These scripts can be executed in the context of either a java script, python script, or XSL transformation policy. Once a script is defined, it can be applied as a either a java script, python script, or XSL transformation policy in different flows. diff --git a/docs/apim/API-Management/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md b/docs/apim/API-Management/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md new file mode 100644 index 00000000..c661153e --- /dev/null +++ b/docs/apim/API-Management/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md @@ -0,0 +1,452 @@ + + +# Handling Faults using FaultRules and DefaultFaultRule + +When servicing a request, an API proxy may encounter various error conditions. These errors occur when a policy is unable to perform its intended function. In this section, we will explore the utilization of FaultRules and DefaultFaultRule to create a customized fault handling branch for handling such errors. + +By default, SAP API Management provides the client application with an Error code \(HTTP Status\) and fault message when an error occurs. The specific Error and HTTP status codes for each policy can be found in the documentation provided by help.sap. To illustrate, let's consider the [Verify API Key](verify-api-key-4d15a04.md) policy as an example. + +**Error Code** + + +
- Target Endpoint + Target EndPoint You can choose URL, API Provider, or API proxy, as the target endpoint as well as enter target endpoint rules. + + To define multiple-target endpoints, choose *Add* next to the *Target EndPoint* dropdown menu. + + In the *Add Target EndPoint* dialog, fill in the target endpoint *Name*, select the *API Provider*, where you want the target endpoint to point to, and specify the *Relative URL*, then choose *Add*. + + > ### Note: + > If you have an API proxy with a multi-target endpoint, it is recommended that the name of the target endpoint should be between 2 and 255 characters. If you enter a single character in the name field for the provider types OpenConnector or Cloud Integration Flow, the API proxy cannot be deployed to the runtime. + + > ### Note: + > Only target endpoints of the type API provider can be added in this dialog. + + Once added, the target endpoint will appear in the *Target EndPoint*dropdown menu. You can also change the type of the target endpoint from API provider to API proxy or URL. + + To add policies to the target endpoint, choose *Policies* from the top-right corner of the page. You can then view the target endpoint flow and the policies applied to it in the *Policy Editor*. To view the policies associated with a different target endpoint, you can navigate back to the *Target EndPoint* tab on the proxy details page. Select the desired target endpoint and return to the *Policy Editor*. + + > ### Note: + > If you wish to establish a connection with the Cloud Integration system, you must select an API provider of type *Cloud Integration Flow*. For more information on *Cloud Integration Flow*, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). + > + > If you want to select an API provider of the type *Open Connector*, please make sure that the tenant has a Key Value Map with the "kvm-map-name" that includes the "instance token" for the Open Connector. If this Key Value Map is not already present, you can use the following sample information to create it: + > + > URL : https:///apiportal/api/1.0/Management.svc/GenericKeyMapEntries + > + > Method : POST + > + > > ### Sample Code: + > > ``` + > > { + > > "name": "apim.oc.instance.token", + > > "scopeId": " ", + > > "scope": "APIPROXY", + > > "isEncrypted": true, + > > "genericKeyMapEntryValues": [ + > > { + > > "name": "default", + > > "mapName": "apim.oc.instance.token", + > > "value": "", + > > "scopeId": """, + > > "scope": "APIPROXY" + > > } + > > ] + > > } + > > + > > ``` + > + > Here, the refers to the name of the API Proxy, and \`default\` is the name of the Target Endpoint. The is the secret key associated with the Open Connector instance that you wish to establish a connection with. + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ +Error Name + + + +HTTP Status + +
+ +DeveloperStatusNotActive + + + +401 + +
+ +FailedToResolveAPIKey + + + +401 + +
+ +InvalidApiKey + + + +401 + +
+ +InvalidApiKeyForGivenResource + + + +401 + +
+ +invalid\_client-app\_not\_approved + + + +401 + +
+ +Customizing the error message and providing additional information can help consumers better understand and resolve errors, as the default error message may be unclear. It is also recommended to return custom headers or HTTP status codes when necessary. In certain situations, it may be necessary to execute a series of policies, such as logging the error and returning a custom message. + +To raise custom HTTP codes and/or messages, the[Raise Fault](raise-fault-c7f2e8d.md) policy can be used. However, for implementing a common error handling pattern, FaultRules and DefaultFaultRule are typically used. + + + + + +## FaultRules and DefaultFaultRule + +When an API proxy encounters an error, it deviates from the normal processing pipeline and enters an error state. In this error state, the API Proxy follows a specific order to execute FaultRules and DefaultFaultRule. + +- **FaultRules**: Contains the necessary logic to trigger custom error messages and other policies based on specific conditions. + +- **DefaultFaultRule**: Contains the logic to trigger custom error messages and other policies when no FaultRule is executed or when the *AlwaysEnforce* element is set to true. + + +> ### Note: +> An API proxy enters the error state only when the *continueOnError* attribute is set to *false* on a policy or when the Raise Fault policy is executed. +> +> In the Proxy Endpoint, FaultRules are evaluated from bottom to top, while in the Target Endpoint, they are evaluated from top to bottom. +> +> Only the first matching FaultRule is executed. + + + + + +## Create the that will trigger the policy + +In the `` or `` sections of the proxy configuration, you will add a `` XML block that contains one or more individual `` sections. Each FaultRule represents a different error that you want to handle. In the folowing example, we will use only one FaultRule to demonstrate its composition: + +You should also include a `` to provide a custom general error message in case none of your FaultRules are executed. + +Example: + +> ### Sample Code: +> ``` +> +> +> "invalid_key_rule" +> (fault.name = "FailedToResolveAPIKey") +> +> +> invalid-key-message +> 1 +> +> +> +> +> +> "default-fault" +> +> +> Default-message +> 1 +> +> +> +> +> ``` + +**Key points:** + +- **``**: FaultRule name. +- **``**: The name of the policy to be executed. The name is derived from the policy's name attribute on the parent element. +- **``**: API Management evaluates the condition and executes the policy only if the condition is true. If multiple FaultRules evaluate to true, API Management will execute the first one that is true. It is important to note that the order in which the FaultRules are evaluated, top to bottom or bottom to top, differs between the TargetEndpoint and ProxyEndpoint. If you don't include a condition, the FaultRule is automatically considered true. However, this is not considered a best practice. It is recommended that each FaultRule has its own condition specified. +- **``**: If no custom FaultRule is executed, the `` is triggered, and it sends a more generic custom message instead of the default API Management-generated message. A `` can also have a ``, but in most cases, you would not include one because you want it to execute regardless of any specific conditions, serving as a last resort. + + The `DefaultFaultRule` is typically used to return a generic error message for any unexpected error. For instance, it can include contact information for technical support. This default response serves the dual purpose of providing developer-friendly information while also obfuscating backend URLs or other information that might be used to compromise the system. + + + + + + +## Multiple FaultRules and Execution Logic + +This section describes the logic API Management uses in handling FaultRules, from how it arrives at a single FaultRule to execute to how "inner" Step conditions are handled when their FaultRule is triggered. Additionally, it provides guidance on when to define FaultRules in the `` versus the ``. + + + +### FaultRules Execution + +**Outer and Inner Conditions**: Now, let us refer to "outer" and "inner" conditions, which can also be called "FaultRule" and "Step" conditions, respectively. It is crucial to understand the difference between these two types of conditions. Here is an example of a FaultRule that includes both an outer FaultRule condition and an inner step condition. We will explore the differences further below. + +> ### Sample Code: +> ``` +> +> +> developer-over-quota-fault +> +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> +> +> (fault.name = "QuotaViolation") +> +> ``` + +In brief, here's the logic that API Management uses when an API proxy goes into an error state. It is important to note that there is a slight difference in the evaluation of FaultRules between the ProxyEndpoint and the TargetEndpoint: + +1. API Management evaluates the FaultRules in either the ProxyEndpoint or TargetEndpoint, depending on where the error occurred: + + - **ProxyEndpoint**: API Management starts from the bottom `` in the configuration XML and proceeds upwards, evaluating the `` of each `` \(the "outer" condition, not the "inner" `` conditions\). + + - **TargetEndpoint**: API Management starts from the top `` in the configuration XML and proceeds downwards, evaluating the `` of each `` \(the "outer" condition, not the "inner" `` conditions\). + + +2. Executes the first FaultRule whose condition is true. If a FaultRule has no condition, it's true by default. + + - When a FaultRule is executed, all Steps within the FaultRule are evaluated sequentially, from top to bottom in the XML configuration. Steps that do not have conditions are automatically executed, meaning their policies are executed, and Steps that have a `` element that evaluates to "true" are executed, while those with conditions that evaluate to "false" are not executed. + + - If a FaultRule is executed, but none of the Steps in the FaultRule are executed \(due to their conditions evaluating to "false"\), the API Management-generated default error message is returned to the client application. The `` is not executed because API Management has already executed its own FaultRule. + + > ### Note: + > The exception to this is if the `` has the child element `true`, which executes the DefaultFaultRule even if a FaultRule was executed. + > + > However, there's one instance where this isn't the case. If a FaultRule other than the DefaultFaultRule invokes a RaiseFault policy, the DefaultFaultRule does not execute, even if the `` element in the `` tag is true. + + +3. If no FaultRule is executed, API Management executes the ``, if present. + + + + +### ProxyEndpoint execution + +The evaluation of ProxyEndpoint FaultRules is done from bottom to top. Therefore, you should begin reading from the last FaultRule in the following sample and proceed upwards. Finally, consider the DefaultFaultRule as the last one to analyze. + +> ### Sample Code: +> ``` +> +> ... +> < faultRules > +> +> +> +> random-error-message +> +> +> Random-fault +> 1 +> +> +> +> +> +> +> +> +> over_quota +> +> +> developer-over-quota-fault +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> global-over-quota-fault +> (ratelimit.global-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> log-error-message +> 1 +> +> (fault.name = "QuotaViolation") +> +> +> +> +> +> +> +> default-fault +> true +> +> +> Default-message +> 1 +> +> +> +> +> ``` + + + +### TargetEndpoint execution + +The evaluation of TargetEndpoint FaultRules follows a top-to-bottom approach. Therefore, begin reading from the first FaultRule in the following sample and proceed downwards. Finally, consider the DefaultFaultRule as the last one to analyze. + +> ### Sample Code: +> ``` +> +> ... +> +> +> +> +> invalid_key_rule +> +> +> invalid-key-message +> 1 +> +> (fault.name = "FailedToResolveAPIKey") +> +> +> +> +> +> +> +> over_quota +> +> +> developer-over-quota-fault +> (ratelimit.developer-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> global-over-quota-fault +> (ratelimit.global-quota-policy.exceed.count GreaterThan "0") +> 1 +> +> +> log-error-message +> 1 +> +> (fault.name = "QuotaViolation") +> +> +> +> +> +> +> +> random-error-message +> +> +> Random-fault +> 1 +> +> +> +> +> +> +> +> +> default-fault +> true +> +> +> Default-message +> 1 +> +> +> +> +> ``` + + + + + +## Fault rule order + +As you can see in the previous example, the order in which you place your FaultRules is important, depending on whether the error occurs in the ProxyEndpoint versus the TargetEndpoint. + + + + + + + + + + + +
+ +ProxyEndpoint order + + + +TargetEndpoint order + +
+ +In the following example, since evaluation is performed from bottom to top, FaultRule 3 is executed, which means FaultRules 2 and 1 are not evaluated: + +5. FaultRule 1: FALSE + +4. FaultRule 2: TRUE + +3. FaultRule 3: TRUE + +2. FaultRule 4: FALSE + +1. FaultRule: 5 FALSE + + + +In the following example, since evaluation is performed from top to bottom, FaultRule 2 is executed, which means FaultRules 3, 4, and 5 are not evaluated: + +1. FaultRule 1: FALSE + +2. FaultRule 2: TRUE + +3. FaultRule 3: TRUE + +4. FaultRule 4: FALSE + +5. FaultRule: 5 FALSE + +
+ diff --git a/docs/apim/API-Management/images/decommissioned_api_3e00d2c.png b/docs/apim/API-Management/images/decommissioned_api_3e00d2c.png deleted file mode 100644 index 2da4a44b..00000000 Binary files a/docs/apim/API-Management/images/decommissioned_api_3e00d2c.png and /dev/null differ diff --git a/docs/apim/API-Management/images/deprecated_API_2_new_49ef553.png b/docs/apim/API-Management/images/deprecated_API_2_new_49ef553.png deleted file mode 100644 index ec74229b..00000000 Binary files a/docs/apim/API-Management/images/deprecated_API_2_new_49ef553.png and /dev/null differ diff --git a/docs/apim/API-Management/key-components-of-an-api-19c0654.md b/docs/apim/API-Management/key-components-of-an-api-19c0654.md index a86c4874..8b1fe3a6 100644 --- a/docs/apim/API-Management/key-components-of-an-api-19c0654.md +++ b/docs/apim/API-Management/key-components-of-an-api-19c0654.md @@ -111,5 +111,7 @@ Describes each API resource in a simple and concise manner. [Different Methods of Creating an API Proxy](different-methods-of-creating-an-api-proxy-4ac0431.md "An API proxy is the data object that contains all the functionality to be executed when an external user wants to access the backend service.") +[Edit an API Proxy](edit-an-api-proxy-a64b952.md "Once you’ve created an API proxy you can further change the proxy, either on the , or by using the embedded API designer.") + [Additional Configurations](additional-configurations-de7285c.md " ") diff --git a/docs/apim/API-Management/limits-in-api-management-f70f425.md b/docs/apim/API-Management/limits-in-api-management-f70f425.md index 36bfa20b..3a1475c1 100644 --- a/docs/apim/API-Management/limits-in-api-management-f70f425.md +++ b/docs/apim/API-Management/limits-in-api-management-f70f425.md @@ -84,7 +84,7 @@ Maximum number of resources that can be attached to an API proxy You can attached up to 100 resources to an API proxy. However, it is recommended that you do not add more than 100 resources to an API proxy as it might lead to a timeout while updating or deploying an API proxy. -In case you have a business requirement to attach more than 100 resources to an API proxy, please contact the SAP API Management support team by creating a ticket with component OPU-API-OD-DT. However, the team can support your request up to a maximum of 200 resources per API proxy. +In case you have a business requirement to attach more than 100 resources to an API proxy, please contact the SAP API Management support team by creating a ticket with component OPU-API-OD-DT. diff --git a/docs/apim/API-Management/onboard-an-application-developer-786d107.md b/docs/apim/API-Management/onboard-an-application-developer-786d107.md index 8359ad8f..c76c4080 100644 --- a/docs/apim/API-Management/onboard-an-application-developer-786d107.md +++ b/docs/apim/API-Management/onboard-an-application-developer-786d107.md @@ -18,7 +18,7 @@ To provide application developers with access to the API business hub enterprise 1. The application developers log on to the API business hub enterprise application with their IDP user credentials, and register to the API business hub enterprise. For more information, see [Register on API business hub enterprise](register-on-api-business-hub-enterprise-c85fafe.md). -2. The API administrator approves or rejects the request to access the API business hub enterprise. For more information, see [Managing the Access Request of the Users \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/5b3e2f607046447c867db43e9b7859c7.html "Procedure to provide or reject access to an Application developer for using the API business hub enterprise.") :arrow_upper_right:. +2. The API administrator approves or rejects the request to access the API business hub enterprise. For more information, see [Managing the Access Request of the Users \[New Design\]](managing-the-access-request-of-the-users-new-design-8b79ee8.md). If you haven’t enabled the automatic creation of shadow users, and you've not explicitly created shadow users for your developers, then they’re unable to log on to the application, and they’re asked to contact the administrator. For more information, see [Shadow Users](APIM-Initial-Setup/shadow-users-a0f5fe5.md) diff --git a/docs/apim/API-Management/patch-releases-for-api-management-6ddd927.md b/docs/apim/API-Management/patch-releases-for-api-management-6ddd927.md index b063d3de..712d243c 100644 --- a/docs/apim/API-Management/patch-releases-for-api-management-6ddd927.md +++ b/docs/apim/API-Management/patch-releases-for-api-management-6ddd927.md @@ -6,6 +6,115 @@ This topic provides information on patch releases for API Management that are pr + + +## July 2024 + +**Software Increment: 2405** + + + + + + + + + + + + + +
+ +Technical Component + + + +Software Version + + + +Description + +
+ +API Management + + + +1.170.4 + + + +Users were unable to discover resources for a few EDMX files. However, this issue has now been resolved. + +
+ + + + + +## June 2024 + +**Software Increment: 2404** + + + + + + + + + + + + + + + + + + +
+ +Technical Component + + + +Software Version + + + +Description + +
+ +API Management + + + +1.169.5 + + + +The import of the apiproxy with multiple target endpoints having the same on-premise provider as the target was previously failing. However, this issue has been resolved. + +
+ +API Management + + + +1.169.5 + + + +The issue of API Discovery including resources that were marked as false in the service metadata has been resolved. + +
+ + + ## May 2024 diff --git a/docs/apim/API-Management/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md b/docs/apim/API-Management/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md index 427a57ee..8d8d63eb 100644 --- a/docs/apim/API-Management/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md +++ b/docs/apim/API-Management/setting-up-oauth-for-cloud-integration-in-cloud-foundry-641c56b.md @@ -15,13 +15,13 @@ Use OAuth2ClientCredentials for connecting requests to the server. This OAuth2Cl > ### Note: > The values you provide for the above, are the ones associated with your Cloud Integration tenant. > -> **Generate *clientId*, *clientSecret*, and *tokenUrl* Associated with Your Cloud Integration Tenant** +> **Generate *clientId*, *clientSecret*, and *tokenUrl* Associated with Your Cloud Integration Tenant.** ## Procedure -1. In your web browser, open the *SAP BTP Cockpit* - [https://eu-access.cockpit.btp.cloud.sap](https://eu-access.cockpit.btp.cloud.sap). +1. In your web browser, open the *SAP BTP Cockpit* - [https://cockpit.btp.cloud.sap](https://cockpit.btp.cloud.sap). 2. From your *Subaccount*, navigate to *Spaces* in your Cloud Foundry environment and choose *Services* \> *Service Marketplace.* @@ -38,7 +38,7 @@ Use OAuth2ClientCredentials for connecting requests to the server. This OAuth2Cl ``` -6. Choose *Next* until you reach the *Confirm* section +6. Choose *Next* until you reach the *Confirm* section. 7. In the *Confirm* section, enter a unique *Instance Name* and choose *Finish*. @@ -57,7 +57,7 @@ The creation of service instance is successful. ## Next Steps -Now, for the created service instance, generate a service key from the steps given below: +Now, for the created service instance, generate a service key from the steps given next: @@ -108,5 +108,5 @@ Now, for the created service instance, generate a service key from the steps giv ## Context -The service keys provide you with *clientId* and *clientSecret*. The *clientId* can be used as username and secret can be used as password if you would like to connect to your integration flows of Cloud Integration via Basic Authentication. Alternatively, you can leverage the*clientId*, *clientSecret*, and *tokenUrl* from the service keys file to get the OAuth access token and then connect to your integration flow of Cloud Integration via OAuth access token approach. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). +The service keys provide you with *clientId* and *clientSecret*. The *clientId* can be used as username and secret can be used as password if you would like to connect to your integration flows of Cloud Integration via Basic Authentication. Alternatively, you can leverage the *clientId*, *clientSecret*, and *tokenUrl* from the service keys file to get the OAuth access token and then connect to your integration flow of Cloud Integration via OAuth access token approach. For more information, see [Creating an API Proxy using SAP Cloud Integration API Provider](creating-an-api-proxy-using-sap-cloud-integration-api-provider-aefbd74.md). diff --git a/docs/apim/API-Management/view-applications-feac368.md b/docs/apim/API-Management/view-applications-feac368.md index 87d6bb1d..f5c9c85e 100644 --- a/docs/apim/API-Management/view-applications-feac368.md +++ b/docs/apim/API-Management/view-applications-feac368.md @@ -10,7 +10,7 @@ In the context of API Management, an application is the unit of API consumption. API Management enables the creation of secure API proxies for your APIs. These proxies are protected using "Appkey" and "Secret". Application developers are required to acquire these credentials in order to utilize the API proxies exposed through the various products. They need to declare the usage of these products by creating an application from API business hub enterprise. -As an admin, you can view the list of applications that the developers have created in the API business hub enterprise, along with the developer details, associated products and AppKey and secret. +As an admin, you can view the list of applications that the application developers have created in the API business hub enterprise, along with the developer details, associated products and AppKey and secret. @@ -41,5 +41,5 @@ As an admin, you can view the list of applications that the developers have crea **Related Information** -[Create an Application \[Classic Design\]](https://help.sap.com/viewer/de4066bb3f9240e3bfbcd5614e18c2f9/Cloud/en-US/7b4e71b3887f4396aa22ce3e2ed7e0c3.html "Create an Application to consume the required APIs.") :arrow_upper_right: +[Create an Application](create-an-application-a501a6d.md "Create an Application to consume the required APIs.") diff --git a/docs/apim/API-Management/what-s-new-for-sap-api-management-cloud-foundry-d9d60be.md b/docs/apim/API-Management/what-s-new-for-sap-api-management-cloud-foundry-d9d60be.md index 3e3293bf..d4fc8518 100644 --- a/docs/apim/API-Management/what-s-new-for-sap-api-management-cloud-foundry-d9d60be.md +++ b/docs/apim/API-Management/what-s-new-for-sap-api-management-cloud-foundry-d9d60be.md @@ -71,6 +71,165 @@ Latest Revision Available as of + + +Version + + + + + + +API Management + + + + +- Cloud Foundry + + + + + + +Multiple Target Endpoints + + + + +Previously, the only way to add multiple target endpoints was through API proxy zip updates, and policies could only be added to the target endpoint that appeared first in the Target EndPoints dropdown menu. Now you have the ability to easily add and manage multiple target endpoints using the user interface. Furthermore, the UI enables you to model policies for all the available target enpoints within an API proxy. + +See: + +- [Create an API Proxy](https://help.sap.com/docs/integration-suite/sap-integration-suite/create-api?version=CLOUD&q=create%20an%20api%20proxy) + +- [Edit an API Proxy](https://help.sap.com/docs/integration-suite/sap-integration-suite/edit-api-proxy?version=CLOUD) + + +SAP API Management customers choose: + +- [Create an API Proxy](https://help.sap.com/docs/sap-api-management/sap-api-management/create-api?version=Cloud) + +- [Edit an API Proxy](https://help.sap.com/docs/sap-api-management/sap-api-management/edit-api-proxy?version=Cloud) + + + + + + + +  + + + + +Info only + + + + +General Availability + + + + +New + + + + +Technology + + + + +Not applicable + + + + +2024-07-14 + + + + +2024-07-14 + + + + +2405 + + + + + + +API Management + + + + +- Cloud Foundry + + + + + + +API Management Analytics + + + + +A navigation change has been implemented in the SAP Integration Suite for accessing API Management Analytics. The sub-menu previously named *APIs*, located under *Monitor* has been renamed to *Analyze* and relocated to the same level as *Monitor* in the navigation bar. The functionality remains unchanged, and it should continue to operate as it did before. + + + + +Info only + + + + +General Availability + + + + +Changed + + + + +Technology + + + + +Not applicable + + + + +  + + + + +2024-07-14 + + + + +2024-07-14 + + + + +2405 + + @@ -150,6 +309,11 @@ Not applicable 2024-05-31 + + + +2404 + @@ -218,6 +382,11 @@ Not applicable 2024-06-10 + + + +2404 + @@ -284,6 +453,11 @@ Not applicable 2024-06-10 + + + +2404 + @@ -332,6 +506,11 @@ SAP API Management customers choose: + + + +  + @@ -438,6 +617,11 @@ Not applicable 2024-04-06 + + + +  + @@ -515,6 +699,11 @@ Not applicable 2024-04-06 + + + +  + @@ -581,6 +770,11 @@ Not applicable 2024-04-04 + + + +  + @@ -647,6 +841,11 @@ Not applicable 2024-03-22 + + + +  + @@ -713,6 +912,11 @@ Not applicable 2024-03-09 + + + +  + @@ -779,6 +983,11 @@ Not applicable 2024-03-09 + + + +  + @@ -845,6 +1054,11 @@ Not applicable 2024-03-09 + + + +  + @@ -911,6 +1125,11 @@ Not applicable 2024-01-20 + + + +  + @@ -981,6 +1200,11 @@ Not applicable 2024-01-20 + + + +  + @@ -1061,6 +1285,11 @@ Not applicable 2024-01-20 + + + +  + diff --git a/docs/apim/API-Management/working-with-the-analytics-dashboard-e07e815.md b/docs/apim/API-Management/working-with-the-analytics-dashboard-e07e815.md index e540dbc4..b117a632 100644 --- a/docs/apim/API-Management/working-with-the-analytics-dashboard-e07e815.md +++ b/docs/apim/API-Management/working-with-the-analytics-dashboard-e07e815.md @@ -22,9 +22,9 @@ You can use the analytics dashboard to: ## Procedure -1. Log on to the . +1. Log on to the ********. -2. Choose the navigation icon on the left and choose *Analyze* \> *APIs*. +2. From the left navigation pane, choose *Analyze*. The *Analytics* dashboard appears. diff --git a/docs/apim/index.md b/docs/apim/index.md index a72d714b..fdaf47ba 100644 --- a/docs/apim/index.md +++ b/docs/apim/index.md @@ -12,21 +12,18 @@ How to use SAP API Management - [What's New for SAP API Management Cloud Foundry](API-Management/what-s-new-for-sap-api-management-cloud-foundry-d9d60be.md) - [Archive - Release Notes for SAP API Management](API-Management/archive-release-notes-for-sap-api-management-6adb6cd.md) - [Archive 2023](API-Management/archive-2023-a8dd11f.md) - - [2022 Archives](API-Management/2022-archives-7eaa63d.md) - - [2021 Archives](API-Management/2021-archives-bdf0f0e.md) - - [2020 Archives](API-Management/2020-archives-085f4e9.md) - [Patch Releases for API Management](API-Management/patch-releases-for-api-management-6ddd927.md) - [Patch Archive 2021](API-Management/patch-archive-2021-0a0bc81.md) - [Configure](API-Management/APIM-Initial-Setup/configure-0dc2f79.md) - [Initial Setup](API-Management/APIM-Initial-Setup/initial-setup-65c5110.md) - [Set Up API Portal Application](API-Management/APIM-Initial-Setup/set-up-api-portal-application-29c281b.md) - [Setting Up API Portal Application Using API Management Standalone Tile](API-Management/APIM-Initial-Setup/setting-up-api-portal-application-using-api-management-standalone-tile-9d8c7ae.md) - - [Configuring Additional Virtual Host in Cloud Foundry Environment](API-Management/APIM-Initial-Setup/configuring-additional-virtual-host-in-cloud-foundry-environment-a7b91e5.md) - [Set Up API business hub enterprise Application Using the Standalone Tile](API-Management/APIM-Initial-Setup/set-up-api-business-hub-enterprise-application-using-the-standalone-tile-80c0519.md) - [API Management Service Plans](API-Management/APIM-Initial-Setup/api-management-service-plans-e064663.md) - [Accessing API Management APIs Programmatically](API-Management/APIM-Initial-Setup/accessing-api-management-apis-programmatically-24a2c37.md) - [Accessing API business hub enterprise APIs Programmatically](API-Management/APIM-Initial-Setup/accessing-api-business-hub-enterprise-apis-programmatically-dabee6e.md) - [Managing Cloud Foundry Microservices through API Management](API-Management/APIM-Initial-Setup/managing-cloud-foundry-microservices-through-api-management-e609a3e.md) + - [Unbinding a Multi-Cloud Foundation Application from an API Management, API portal Service Instance](API-Management/APIM-Initial-Setup/unbinding-a-multi-cloud-foundation-application-from-an-api-management-api-porta-09fd33a.md) - [Accessing On-Premise Systems through API Management](API-Management/APIM-Initial-Setup/accessing-on-premise-systems-through-api-management-2fc7a5b.md) - [Circuit Breaker for On-Premise Provider](API-Management/APIM-Initial-Setup/circuit-breaker-for-on-premise-provider-bd3c2d5.md) - [Consume API Management Service Instance from Kyma](API-Management/APIM-Initial-Setup/consume-api-management-service-instance-from-kyma-3b53c26.md) @@ -121,6 +118,7 @@ How to use SAP API Management - [Endpoint Property Reference](API-Management/endpoint-property-reference-c196cf0.md) - [Proxy Endpoint Properties](API-Management/proxy-endpoint-properties-1705a92.md) - [Target Endpoint Properties](API-Management/target-endpoint-properties-edeed6a.md) + - [Handling Faults using FaultRules and DefaultFaultRule](API-Management/handling-faults-using-faultrules-and-defaultfaultrule-8be5a7b.md) - [Different Methods of Creating an API Proxy](API-Management/different-methods-of-creating-an-api-proxy-4ac0431.md) - [Create an API Proxy](API-Management/create-an-api-proxy-c0842d5.md) - [Create an API Proxy by Referring to an API Provider System](API-Management/create-an-api-proxy-by-referring-to-an-api-provider-system-84628b9.md) @@ -142,6 +140,7 @@ How to use SAP API Management - [Export and Import of API Definition](API-Management/export-and-import-of-api-definition-901fbde.md) - [Export an API Definition](API-Management/export-an-api-definition-420abb6.md) - [Import an API Definition](API-Management/import-an-api-definition-9342a93.md) + - [Edit an API Proxy](API-Management/edit-an-api-proxy-a64b952.md) - [Additional Configurations](API-Management/additional-configurations-de7285c.md) - [API Providers](API-Management/api-providers-42e13b2.md) - [Create an API Provider](API-Management/create-an-api-provider-6b263e2.md) @@ -176,7 +175,6 @@ How to use SAP API Management - [Copy an API Proxy](API-Management/copy-an-api-proxy-23974d6.md) - [Create a Policy](API-Management/create-a-policy-c90b895.md) - [Create a Script](API-Management/create-a-script-8938a24.md) - - [Edit an API Proxy](API-Management/edit-an-api-proxy-a64b952.md) - [Delete an API Proxy](API-Management/delete-an-api-proxy-5cd89a3.md) - [Externally Managed APIs](API-Management/externally-managed-apis-848015d.md) - [Adding Externally Managed APIs](API-Management/adding-externally-managed-apis-523ff94.md) @@ -234,11 +232,12 @@ How to use SAP API Management - [Create an Application](API-Management/create-an-application-a501a6d.md) - [Creating an Application with Application Developer Role](API-Management/creating-an-application-with-application-developer-role-99515fc.md) - [Creating an Application with API business hub enterprise Administrator Role](API-Management/creating-an-application-with-api-business-hub-enterprise-administrator-role-df4f777.md) + - [Example: Accessing the Custom Attributes of an Application](API-Management/example-accessing-the-custom-attributes-of-an-application-1cbd94c.md) - [Consume Applications](API-Management/consume-applications-d4f6fda.md) - [Analyze Applications](API-Management/analyze-applications-deb57dd.md) - [Consume API Proxies Using SAP Business Application Studio](API-Management/consume-api-proxies-using-sap-business-application-studio-15732eb.md) - [Test Runtime Behavior of APIs](API-Management/test-runtime-behavior-of-apis-15c7d52.md) - - [Analyze APIs](API-Management/analyze-apis-7712c61.md) + - [Analyze API Proxies](API-Management/analyze-api-proxies-7712c61.md) - [API Analytics](API-Management/api-analytics-6766dc3.md) - [Analytics Dashboard](API-Management/analytics-dashboard-ee416ac.md) - [Working with the Analytics Dashboard](API-Management/working-with-the-analytics-dashboard-e07e815.md) @@ -271,8 +270,9 @@ How to use SAP API Management - [Monitoring and Troubleshooting](API-Management/monitoring-and-troubleshooting-e765066.md) - [Limits in API Management](API-Management/limits-in-api-management-f70f425.md) - [Monitor the Health of Custom Domain Virtual Host Certificates Using SAP Cloud ALM](API-Management/monitor-the-health-of-custom-domain-virtual-host-certificates-using-sap-cloud-alm-7bd9d9f.md) + - [API Management FAQs](API-Management/api-management-faqs-2d16070.md) - [Migration of API Management Content](API-Management/APIM-Migration/migration-of-api-management-content-d66b3e5.md) - - [Migrating API Management from Neo to Cloud Foundry Environment](API-Management/APIM-Migration/migrating-api-management-from-neo-to-cloud-foundry-environment-92f2da1.md) + - [Migrating API Management from Neo to Multi-Cloud Foundation](API-Management/APIM-Migration/migrating-api-management-from-neo-to-multi-cloud-foundation-92f2da1.md) - [Prerequisites](API-Management/APIM-Migration/prerequisites-c1904bc.md) - [Clone API Management Content](API-Management/APIM-Migration/clone-api-management-content-7abd887.md) - [Cloned and Uncloned Entities](API-Management/APIM-Migration/cloned-and-uncloned-entities-8973ca0.md)