To enable the integration of your extension applications with the SAP S/4HANA Cloud system you have registered in the SAP BTP global account, and to configure the communication flow, you create a service instance of the SAP S/4HANA Cloud Extensibility service.
You have configured the required entitlements to make the APIs of the registered SAP S/4HANA Cloud system accessible in your subaccount in which your extension applications will reside. See Configure the Entitlements for the SAP S/4HANA Cloud Extensibility Service.
In both Cloud Foundry and Kyma environments, you consume services by creating a service instance. Service instances are created using a specific service plan.
To allow applications running on SAP BTP to consume SAP S/4HANA Cloud APIs, you need to create a service instance of the SAP S/4HANA Cloud Extensibility service using the api-access service plan.
These service plans have been deprecated:
sap_com_0109
sap_com_0009
sap_com_0008
However, you can still enable these communication scenarios using the api-access service plan:
Sales Order Integration (SAP_COM_0109): allows you to integrate your extension applications with sales order processing in SAP S/4HANA Cloud. For more information, see https://api.sap.com/api/API_SALES_ORDER_SRV/overview.
Product Integration (SAP_COM_0009): enables you to replicate product master data from client system to SAP S/4HANA system. For more information, see https://api.sap.com/api/PRODUCTMDMBULKREPLICATEREQUEST/overview.
Business Partner, Customer and Supplier Integration (SAP_COM_0008): allows you to consume the Business Partner API which enables you to create, read, update, and delete master data related to Business Partners, Suppliers, and Customers in an SAP S/4HANA system. For more information, see https://api.sap.com/api/API_BUSINESS_PARTNER/overview.
For a sample JSON for these communication scenarios, see Communication Arrangement JSON/YAML File - Properties.
The api-access service plan define the access to the corresponding SAP S/4HANA Cloud APIs. It supports both predefined and custom communication scenarios for consuming the SAP S/4HANA Cloud APIs and integrating your extension applications. See:
You create the service instance in your subaccount with the respective environment enabled. When creating the service instance, you configure the connectivity by specifying the required configurations in a JSON format. The following authentication scenarios are supported for the communication flow between the extension application and SAP S/4HANA Cloud:
-
Basic Authentication (inbound and outbound connections)
-
OAuth 2.0 Client Credentials (outbound connections)
-
OAuth 2.0 SAML Bearer Assertion (inbound connections)
To communicate with SAP S/4HANA Cloud the extension application can use Principal Propagation which is done using OAuth 2.0 SAML Bearer Assertion flows. Principal Propagation means you forward the identity of the logged-in cloud users when accessing or updating data in the SAP S/4HANA Cloud system.
This is useful in scenarios where you need to have restricted data access based on the logged-in user from your extension. Or, you want to ensure only users with the right permissions are able to update the system via extensions deployed in SAP BTP.
To use this authentication scenario, you first need to configure single-sign on (SSO) with the Identity Authentication service and protect your application. See Single Sign-On Configuration.
-
Client Certificate Authentication (inbound and outbound connections)
-
OAuth2mTLS (outbound connections)
Depending on whether you are using Cloud Foundry or Kyma environment, you have to follow different steps to create an SAP S/4HANA Cloud Extensibility service instance:
-
Create an SAP S/4HANA Cloud Extensibility Service Instance in the Cloud Foundry Environment
-
Create an SAP S/4HANA Cloud Extensibility Service Instance in the Kyma Environment
Related Information