Introduction: This document describes about how to create API proxy with API key verification policy and subscription of consumer application to generate API key for that consumer.

Here, we will create an API proxy for S/4 Hana public cloud’s API_BUSINESS_PARTNER OData Service.

Prerequisite: Communication Arrangement in S/4 Hana cloud, Please click here for details.

                       URL of S/4 Hana OData API:-https://<hostname>:<port>

                       Path:-/sap/opu/odata/sap/API_BUSINESS_PARTNER

  // You will get above details from the communication arrangement created in S/4 Hana cloud.

Create S/4 Hana as an API provider.

• In integration suite, go to Configure->API and select API Provider tab and click on create.

• Give name “S4” or any suitable name.

• Enter hostname “<your_S4hana_hostname>”and Port “<your_S4hana_port>”.

• Select Authentication type as BASIC 5jpg and enter User ID and Password.

• Save it.

Create API Proxy for API_BUSINESS_PARTNER OData service.

• In integration suite, go to Configure->API.

• Let’s give name “S4”.Put path of the API in URL

  Give any suitable name and title

  Select Host Alias, if you have multiple host configured.

  Give any base path, i am giving the same like API, when you enter version then same will be added before to the base path you have given.

  

• Click on create.

• You will see that API proxy is created now. at the top, you can see the API proxy end point

• Also, all resources related to this proxy are created, save it and click on policies to add/edit policies.

• In policy editor, you can see ProxyEndPoint and TargetEndPoint.

Let me put some lights on ProxyEndPoint and TargetEndPoint.

Please refer the below diagram to understand

1. Consumer(System or Person) sends the request to access API via proxy end point, we can add policies at pre flow based on the policies are required between consumer and API Management.
2. API Management sends the same request to target system(in our example S/4 Hana) after enhancing(if required) request to access target system. enhancement can be done using policies at pre flow of target end point.
3. S/4 Hana will send response back to API Management based on request sent from consumer via API Management. policies can also be added at post flow of target end point based on requirement.
4.  API Management will send response back to Consumer. here also policies can be added at post flow of proxy end point to remove some information which we don’t want to send to consumer. for example, headers or backend  URLs.

• Let’s add policy to verify API key, if we refer above diagram then API key should come with request 1 from consumer and if verified by API management then only request should enter APIM.
• Go to policy editor and add Verify API Key policy to pre flow of Proxy End Point.

• Enter any suitable name, i am giving VAPIK and Stream should be “Incoming request”.

• Click on update, then save and deploy API Proxy, now we are good with API proxy creation but authentication and  subscription of consumer is pending for this proxy.

• Authentication can be done via Basic/OAuth/PrivateKey or NoAuth with or without API Key verification. in this example, we will use No Auth but API key verification.

• Consumer has to subscribe to the product of the api for any type of authentication and API key generation for the consumer. before that, API has to be added to an existing or new product.

• Let’s create product, Go to Engage and create Product.

• Product will have S/4 Hana’s API so giving name “S4” and title “S4 API”, you can give any suitable name.
  

• Go to API tab and click on add, select APIs, click ok and publish the Product.

Here, I have added all APIs of Business Partner

• For Consumer Application subscription, go to top right corner of Integration Suite and click on tiles then API Business Hub Enterprise.

• Now S4 API product can be seen at home page of API Business Hub Enterprise.
  

• Click on S4 API product and here we can see APIs added to this product.

• Click on subscribe and select either “Create New Application” or Add to Existing Application”.  i am going for new application.

• Give consumer application title and save it, here i am giving “ConsumerOne” as title.

• Application Secret and Key has been generated, Application key is the API key for ConsumerOne.

• Now we are all set to test API proxy with API Key.

• Open postman to test this API, put header x-api-key with value of application key

Successfully got the response

• Let’s do negative testing by not adding x-api-key header in the request.

• Negative testing with wrong value of  x-api-key header.

Conclusion: This document explained that how to create an API proxy, How to add policies, How to                       create products and subscribe consumer to that product.