Skip to Content
0

Need help on REST API call using HTTPS

Oct 24, 2016 at 08:44 AM

99

avatar image

Hello Experts,


We are planning to fetch data from the website using REST API. Programming is in webdynpro ABAP.


To fetch data, We need to call API using HTTPS protocol. To create HTTP request, We have created RFC destination under 'HTTP Connections to External Server'. By default it takes HTTP and to make it HTTPS, we need to select SSL flag under 'Logon & security' tab. Problem starts here, after selecting SSL flag we were not able to connect to external website. Then we did some search and found that we will have to import certificate for external website under STRUST. We did that and it worked.

We are looking for the solution in which, we can avoid importing certificate. Because as discussed with one of the security colleague, he told us that it is not good practice. It is kind of hard coding of certificate. Can any one of you help us to connect using HTTPS to external website to fetch data.

I think this is very common use case and many would have worked on this. Please let me know if you need more information.

Best Regards,

Ronak

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Przemyslaw Gapinski Oct 27, 2016 at 08:33 AM
0

Hi

Idea of using HTTPS is to connect to trusted (by client) site and establish encrypted pipe.

Your client must know something (certificate) to do this securely.

Your security colleague have probably in mind that standard practice is to import CA certificate used to sign external website certificate.

Regards

Przemek

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi,


Thanks for your reply.

Yes, I did the same. From the certificate path we can get the root. For an example for this website - https://answers.sap.com has root 'VeriSign'. So, I need to import the 'VeriSign' certificate? Did you mean that?

Is that correct way to connect using HTTPS ? Because my colleague asked me not to import any certificate and to find out other way for HTTPS connections. But I am not sure that is possible without certificate.

Your reply will be helpful.

Best Regards,

Ronak

0
Przemyslaw Gapinski Nov 03, 2016 at 12:25 PM
0

Ask him about "other ways".

If he is a Windows person, his system is trusting many CAs out of the box.

Share
10 |10000 characters needed characters left characters exceeded