APIGEE To SAP Backend (OData Service) Connectivity...

RuchitaV · 06-07-2022 08:44 AM

Hi All ,
We am working on with SAP and exposing data using ODATA service via APIGEE, we are currently following Basic authentication between APIGEE and SAP ODATA service expose through gateway.
Considering the security and future scope of architecture wanted to implement secure Authentication between APIGEE and backend SAP gateway(S4Hana).

My Question are
What are the Different authentication possible other then Basic Authorization ?
If anyone has implemented could you please help what are the steps and is it all together possible between APIGEE and SAP?
Many Thanks,
Ruchita

dchiesa1

The Apigee gateway acts as a proxy. The proxy can mediate security. It can expose an endpoint that accepts one kind of security credential, and can invoke an upstream (backend) system that requires a different security credential.

For example, suppose your backend accepts Basic Authentication. You can create an Apigee API proxy that accepts an OAuth2 token, verifies that token, and if and only if the token is good, the proxy can

remove the Authorization header containing the token (Bearer osi0e9e409409r)
replace that Authorization header with a Basic Authentication header (Basic xxxysysyyssy)
and transmit that modified header to the upstream system

This is just one example. There are many other possibilities of course.

Apigee can accept or emit as security credentials

HTTP Basic Authentication
API Keys
OAuth2 opaque tokens
x.509 certificates passed via the transport layer
HTTP Digest
HTTPSignature
JWT access tokens regardless of issuer
AWS v4 signature
other kinds of custom signatures or credentials

And of course you could use combinations of those things. For example a Bearer token in concert with a signed payload.

could you please help what are the steps

Follow along the basic Apigee tutorials. Apply the desired security for the inbound request, and the desired security for the upstream request. Check back here if you get stuck.

RuchitaV

Thank you @dchiesa1 for your response

Can you suggest any blog or any sample example for authentication other than Basic authorization between APIGEE and SAP Backend?

Thanks in Advance

sprasadm

Ruchita, were you able to establish connection between APIGEE and NWGateway OData service??

dchiesa1

There are many examples.

Here are some samples explaining how to use Apigee: https://github.com/apigee/api-platform-samples

any sample example for authentication other than Basic authorization between APIGEE and SAP Backend?

I am a little confused by your question. Your question seems to suggest that there are a variety of authentication mechanisms Apigee might use to connect to your SAP backend. I think this is probably wrong. The SAP backend that you have in place will have a specific requirement for Authentication, that is determined by how it was set up for your environment. I am not an SAP expert so I don't know what the authentication possibilities are for SAP, nor do I know the most common approaches. Apigee, if it is acting as a facade to SAP, will need to conform to the requirement for your SAP system, whatever it is. If your SAP system requires Basic Auth, then that is what Apigee needs to use.

If you want to connect your Apigee to your SAP system, then, rather than surveying all the different ways Apigee can use authentication to upstream systems, I suggest you find a specific example HTTP request that works for YOUR SAP SYSTEM, and then try to implement the equivalent request in an Apigee proxy.

APIGEE To SAP Backend (OData Service) Connectivity other than Basic Authorization