Skip to Content
avatar image
Former Member

SAP PI 7.4 REST Adapter Authentication

Hello,

I have a scenario where in I need to call an API from a  thirdparty site. they utilize HMAC-SHA1 security. They provided me a key and a secret. They needed a signature as well to authenticate..how can I create this signature? is that a standard functionality for the SAP REST adapter or should i need to write a JAVA code?

I need to generate a URL something similar to this to access this API, how should I configure the REST adapter? We have PI 7.4 SP12

https://api.serviceonline.com/v1/search/datafile?timestamp=1369844777731&key=fCTYXpuGkVcnDf6JLSSbtA==&signature=8qrFmQbQgILzdDeQfbJTxHXeZvE=


All security values shown here are for illustration purposes only.


Thank you.


Larry.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Jan 27, 2016 at 02:25 AM

    Hi Larry

    AFAIK, there is no standard feature in the REST adapter to generate such a signature.

    I think you'd need to generate the signature using some Java logic. Some API providers provide sample logic to access their services, like the example for Amazon below. You can probably check with the provider if they have something similar.

    Java Sample Code for Calculating HMAC-SHA1 Signatures - Amazon Simple Queue Service

    You can use third party libraries to do so, for example the open source library from Apache below. I haven't tried it myself, but you should be able to search for examples online.

    https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/HmacUtils.html

    Rgds

    Eng Swee

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Eng Swee,

      You are absolutely right. I mislooked requirement to have URL amended with HMAC-SHA1 related attributes like signature, for some reason I thought Larry needs HMAC-SHA1 authentication support in relation to WSS4J standards. I totally agree with you, that if the requirement is to construct proper URL for called service and enrich it with HMAC-SHA1 compliant signature / hash value, then your and Indrajit's recommendations make sense and there is no need to over-complicate the interface by introducing full blown WSS4J support by means 3rd party libraries, REST adapter shall ideally suit these needs.

      Regards,

      Vadim

  • avatar image
    Former Member
    Jan 27, 2016 at 10:30 AM

    Hi Larry

    You have to generate the signature using java code in UDF in message mapping.

    Create an inbound structure like below

    <Record>

       <timestamp>

       <key>

       <signature>

    In message mapping generate the values for this these fields. Then finally create the rest adapter url like below

    Thanks,

    Indrajit

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 28, 2016 at 09:48 PM

    Thanks for all your input. I took time to check with the provider to see if they offer any alternatives for authentication and unfortunately they done. So I have to go with implementing the UDF to code the signature as dynamic attribute and use it in the URL pattern as Indrajit suggested. Their authentication is done at the URL when the API call is made with the payload as the request query as JSON.

    Will update once I have this implemented successfully.

    Thanks again for all the input.

    Larry.

    Add comment
    10|10000 characters needed characters exceeded