cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization issue while consuming cp workflow at cloud abap

0 Kudos

Hi ,

I have created workflow in cloud trail account, try to consume at Abap environment (RAP ). I have tested in SAP BUSINESS API environment working fine.

But while consuming from cloud abap getting authorization error like full authorization required.

Please help me to resolve this.

Thanks in advance.

gregorw
Active Contributor
0 Kudos

As we don't have crystal balls to see what you have done you should provide much more details to get any help.

0 Kudos

Hi Gregor,

i have created simple workflow for form approval user task using business application studio. i have tested using workflow monitor flp, working fine. i have tested through "https://api.sap.com/api/SAP_CP_Workflow_CF/resource", here also am getting results.


so i have implemented code in eclipse cloud environment , here am getting error.

error":"unauthorized","error_description":"Full authentication is required to access this resource."

Code:


METHOD if_oo_adt_classrun~main.
TRY.
DATA(lo_http_destination) =
cl_http_destination_provider=>create_by_url( 'https://api.workflow-sap.cfapps.eu10.hana.ondemand.com/workflow-service/rest/v1/workflow-instances' ).


"create HTTP client by destination
DATA(lo_web_http_client) = cl_web_http_client_manager=>create_by_http_destination( lo_http_destination ) .

"adding headers with API Key for API Sandbox
DATA(lo_web_http_request) = lo_web_http_client->get_http_request( ).
lo_web_http_request->set_header_fields( VALUE #(
( name = 'Content-Type' value = 'application/json' )
( name = 'Accept' value = 'application/json' )
( name = 'APIKey' value = 'Xu7mYff7y7CZNfzwkhkp7Dpjn8KG0hJ7' )
) ).

"Available Security Schemes for productive API Endpoints
"OAuth 2.0, OAuth 2.0
lo_web_http_request->set_text('{"definitionId":"workflow","context":{"objtyp":"CLSS","obj_name":"Clssxxx","method":"Methodxxx","description":"Shorttext"}}').

"set request method and execute request
DATA(lo_web_http_response) = lo_web_http_client->execute( if_web_http_client=>post ).
DATA(lv_response) = lo_web_http_response->get_text( ).

CATCH cx_http_dest_provider_error cx_web_http_client_error cx_web_message_error.
"error handling
ENDTRY.

EndMethod.

Accepted Solutions (0)

Answers (2)

Answers (2)

gregorw
Active Contributor
0 Kudos

I think you need to check out Proxy API for SAP Cloud Platform Workflow

0 Kudos

Hi Gregor,

my issue got resolved after using Bearer Token for authentication. Thanks for your inputs.

Step1:

Collect the oauth token

TRY.

DATA(lo_http_destination) =

cl_http_destination_provider=>create_by_url('https:// domain.authentication.eu10.hana.ondemand.com/oauth/token' ).

"create HTTP client by destination

DATA(lo_web_http_client) = cl_web_http_client_manager=>create_by_http_destination( lo_http_destination ) .

"adding headers with API Key for API Sandbox

DATA(lo_web_http_request) = lo_web_http_client->get_http_request( ).

lo_web_http_request->set_header_fields( VALUE #(

(name = 'Content-Type'value = 'application/x-www-form-urlencoded' )

(name = 'Accept'value = 'application/json' )

) ).

lo_web_http_request->set_form_field( i_name ='grant_type'i_value = 'client_credentials' ).

lo_web_http_request->set_form_field( i_name = 'client_id'i_value = <client id value >' ).

lo_web_http_request->set_form_field( i_name = 'client_secret'i_value = <client secret value>' ).

"set request method and execute request

DATA(lo_web_http_response) = lo_web_http_client->execute(i_method = if_web_http_client=>post ).

DATA(lv_oauth) = lo_web_http_response->get_text( ).

CATCH cx_http_dest_provider_errorcx_web_http_client_errorcx_web_message_error.

"error handling

Step2:

Next actual service POST call

TRY.

DATA(lo_http_destination1) =

cl_http_destination_provider=>create_by_url( 'https://api.workflow-sap.cfapps.eu10.hana.ondemand.com/workflow-service/rest/v1/workflow-instances' ).

DATA: rest type string,token_res type string.

“Collect the auth token value from lv_oauth

SPLIT lv_oauth at '"access_token":"' into restlv_oauth.

SPLIT lv_oauth at '"' into token_reslv_oauth.

“token_res have the token data

"create HTTP client by destination

DATA(lo_web_http_client1) = cl_web_http_client_manager=>create_by_http_destination( lo_http_destination1 ) .

"adding headers with API Key for API Sandbox

DATA(lo_web_http_request1) = lo_web_http_client1->get_http_request( ).

lo_web_http_request1->set_header_fields( VALUE #(

(name = 'Content-Type'value = 'application/json' )

(name = 'Accept'value = 'application/json' )

(name = 'Authorization'value = |bearer { token_res }|)

) ).

"Available Security Schemes for productive API Endpoints

"OAuth 2.0, OAuth 2.0

lo_web_http_request1->set_text('{"definitionId":"workflow definition","context{ <context data> }}').

"set request method and execute request

DATA(lo_web_http_response1) = lo_web_http_client1->execute( if_web_http_client=>POST ).

DATA(lv_response) = lo_web_http_response1->get_text( ).“ POST response data in lv_res[ponce

CATCH cx_http_dest_provider_errorcx_web_http_client_errorcx_web_message_error.

"error handling

ENDTRY.


gregorw
Active Contributor
0 Kudos

Hi karimulla8,

great that you've got it solved. I hope that you use that approach only for a PoC the trial environment. But please don't use it in production as you store secrets in your code.

Best regards
Gregor

gregorw
Active Contributor
0 Kudos

Your request works when you run it against the API Business Hub Sanbox:

CLASS ygw_workflow_read_instances DEFINITION
  PUBLIC
  FINAL
  CREATE PUBLIC .


  PUBLIC SECTION.
    INTERFACES if_oo_adt_classrun.
  PROTECTED SECTION.
  PRIVATE SECTION.
ENDCLASS.


CLASS ygw_workflow_read_instances IMPLEMENTATION.
  METHOD if_oo_adt_classrun~main.
    TRY.
        out->write( 'Get http destination' ).
        DATA(lo_http_destination) =
        cl_http_destination_provider=>create_by_url( 'https://sandbox.api.sap.com/workflow-service/rest/v1/workflow-instances?%24orderby=startedAt%20desc&%24skip=5&%24top=100&%24inlinecount=none' ).


        "create HTTP client by destination
        out->write( 'Get http client' ).
        DATA(lo_web_http_client) = cl_web_http_client_manager=>create_by_http_destination( lo_http_destination ) .


        "adding headers with API Key for API Sandbox
        DATA(lo_web_http_request) = lo_web_http_client->get_http_request( ).
        lo_web_http_request->set_header_fields( VALUE #(
                ( name = 'Content-Type' value = 'application/json' )
                ( name = 'Accept' value = 'application/json' )
                ( name = 'APIKey' value = 'Xu7mYff7y7CZNfzwkhkp7Dpjn8KG0hJ7' )
            )
        ).

        "set request method and execute request
        DATA(lo_web_http_response) = lo_web_http_client->execute( if_web_http_client=>get ).
        DATA(lv_response) = lo_web_http_response->get_text( ).
        out->write( lv_response ).


      CATCH cx_web_message_error INTO DATA(lx_web_message).
        out->write( 'Web Message Exception' ).
        out->write( lx_web_message->get_text( ) ).
      CATCH cx_http_dest_provider_error INTO DATA(lx_dest).
        out->write( 'destination creation exception' ).
      CATCH /iwbep/cx_cp_remote INTO DATA(lx_remote).
        out->write( 'remote exception' ).
        out->write( lx_remote->get_text( ) ).
        " It contains details about the problems of your http(s) connection
    ENDTRY.
  ENDMETHOD.
ENDCLASS.

But if you want to call your Workflow Service instance you don't need a APIKey, you need an JWT Bearer Token for authentication. I would suggest you learn the basics about authentication by following this blogpost and the linked video: Annotated links: Episode 57 of Hands-on SAP dev with qmacro. I would think the connection should be possible by using a Destination that you configure in the CF Subaccount.