Skip to Content
1
Apr 30, 2021 at 11:54 AM

SAP API Management - Developer Portal and OpenAPI securitySchemes

177 Views Last edit Apr 30, 2021 at 02:06 PM 3 rev

We have documented and protected API Proxies in SAP API Management according to the official documentation. I added the corresponding security schemes (APIKey and oAuth2 flow) to the OpenAPI specification of the API Proxy:

security:
  - oAuth2: []
  - ApiKeyAuth: []
components:
  securitySchemes:
    oAuth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: >-
            https://xxx.authentication.eu20.hana.ondemand.com/oauth/token?grant_type=client_credentials
          scopes: []
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

My expectation would be, that this kind of information is also available in the Developer Portal, but sadly it is not.
When I hit the Try out button, there is no related info, on how to authenticate. I could manually add the APIKey header and an otherwise acquired Bearer token, but I need to document this somewhere else or in pure textual form in the API description.

When I look at the Code Snippets, then I get some hints about authentication:

But it's also not sufficient, because the oAuth2 documentation is completely missing (tokenUrl, etc.).

In the SAP API Business Hub, there is the possibility to add authentication information. Can this functionality also be enabled in SAP API Management or, if not, how can the information be published in the Developer Portal?

Attachments

screenshot.png (30.5 kB)
screenshot2.png (18.1 kB)