Skip to Content

How to Store and Retrieve OAUTH Tokens in SAP PO ?

Hello Experts,

Here is the scenario wherein I may please require your valuable inputs/ suggestions:

" From WS client the new access token and refresh token is sent, SAP PO polls every 20 mins using Sender REST Polling (token expires every 30 mins) an and the received tokens needs to be stored

Polling output look alike:


"access_token": "w05ssdc5-f441-492b-978f-82db88a21ccb2",

"refresh_token": "115s3dc5-f441-492b-978f-82db88a21ccb2",

"scope": "givenName mail nonce openid profile sn uid",

"token_type": "Bearer",

"expires_in": 1799


Now vitally I wanted to store the tokens in SAP PO and then retrieve it to call for actual business Interfaces.

This will help me to avoid doing multiple API authentication calls(there is a API Limit as well) to do the actual business interfaces run and Instead simply retrieve the tokens from lookup table or some property or brm or any.

Achieved through value mapping and NWA application property but seems to have limitations in terms of security and delta cache issues. There is no ECC or any database systems to even do a look ups.

Looking forward for a Better solution. Many Thanks!


Rajesh PS

Add a comment
10|10000 characters needed characters exceeded

Related questions

6 Answers

  • Best Answer
    Posted on Mar 04, 2020 at 03:39 PM

    Worked out successfully saving tokens in file server, value mapping, Message ID mapper custom module solution.

    Finally ended up with an OAuth standard solution which works as expected and good indeed . This is implemented in SAP PO 7.4 SPS16 Patch 15.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 11, 2019 at 01:10 PM

    Hello Rajesh,

    While i understand the concern that you really want to limit the number of API calls and which sounds reasonable as well, AFAIK oauth token calls are not metered by any API provider but yes they are a overhead if you can get away with a refresh token.

    SAP PO doesn’t have any storage mechanisms . It’s a shame but thats how it has always been.

    Your options here are limited while i have never explored use of refresh token specifically in PO rest adapter this would have been a cakewalk in SAP CPI.

    There are java based tables which you can create and modify in sap po but i doubt system admin will allow you access to modify java stack database. It’s highly critical.

    In the end if it is really not a deal breaker i would suggest that you get a fresh token every time or let the channel manage it.

    Again, I am not an expert here that’s why didnt pitch in earlier but there would be some better answers than mine that would be able to help you.

    Try tagging michael or eng swee.




    Vinay Mittal

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 11, 2019 at 02:06 PM


    It doesn't seem to be the best way, but you could save your token to PI server file system in the form of text/xml file and read it using UDF in your message mapping.

    Regards, Evgeniy.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 15, 2019 at 08:28 AM

    Hi Rajesh,

    As discussed in

    try using Value Mapping to save the tokens.

    Do you need both access token & refresh token for your scenario? If you are using Rest Pooling then you can have a fresh access token every 20-25 min.



    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 15, 2019 at 09:55 AM


    Refresh token sadly not possible. I find Evgeniy Kolmakov solution suitable enough.

    Sad, but not many optimized solutions available here.



    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 16, 2019 at 08:34 AM

    Hi Rajesh,

    This is a good question. I actually thought that the REST Receiver adapter caches the token by itself (there is a checkbox for it). Are you not using this adapter or does it not fulfill your requirement?

    I had a similar requirement but for a SOAP API where I had to pass the token in the SOAP Header. I wrote a UDF which fetched the token in the first request and stores it in the value mapping cache together with a timestamp. In the subsequent requests it loads and compares the timestamp with the current time and only fetches a new token in case the cached token has expired (validity in minutes can be configured as module parameter). I didn't deem the VM store a security risk since access to the VM cache monitor is restricted to PO admins and the scenario does not contain confidential data. But maybe one could also consider encrypting the stored token?

    Anyway, you are looking for another approach. So maybe this helps in case you don't know it yet: I recently came across a very interesting article about this topic that seems to use an internal PO class called MessageIDMapper which was so far unknown to me. The solution makes use of these methods to store the token to PO internal tables. Maybe that helps.


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.