Skip to Content

Pass the incoming payload using policies in SAP API Portal


I need to pass the incoming payload from mailchimp to SAP HCI using SAP API Management policies. Can anyone help with the policies which I can use here.


Aman Raj

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jan 26, 2018 at 09:32 AM

    Hello Aman,

    it really depends on what you want to do with the payload.

    Per default, API Management simply sends the payload "as-is" to the backend (and returns the response "as-is" as well).

    If you want to change the format of the request (and response) payload, you can use the XML to JSON and JSON to XML policies.

    If you want to modifiy the content of the incoming payload, you can do this using policies such as the Assign Message, the XSL Transform, the Java Script and the Extract Variables policies. For complex scenarios, it would be better to use SAP Cloud Platform Integration though.

    A best-practice is to use API Management to fight off attacks on your backends, on every layer. One of the layers is payload-related: there you can use the XML-Threat Protection, the JSON-Threat Protection or the regular expression policies to inspect and validate the payload.

    As you can see, you can do a lot with SAP API Management, but it really depends on your use case. One advice though: have a look at the SAP blog entries, since a lot of them are quite hands-on and explain how to work with the tool. Maybe the following one could be usefull to you to start with (even if they are more about adapting the response, rather than the request):



    Add comment
    10|10000 characters needed characters exceeded

    • Hello Aman,

      there may be a lot of possibilities in why this is not working so I won't be able to help in detail.
      But you may want to check the connection between CPI (fka. HCI) and APIM: are the credentials right? is the integration flow called correctly, ie. with the right payload? Do you see any error? Server-side/client-side?...

      This is a pretty common scenario, implemented by thousands of customers. I am using it for personal demos as well so technically speaking, it is working.