Solved: Trigger SCP from ABAP program

sankar_bhatta · ‎08-23-2018

Hello Experts,

I am triggering a SCP workflow from ABAP system. Below is my code. I am able to get the CSRF token value successfully. But the actual instance creation is not happening I am getting 403 Forbidden error

Note: i am able trigger the instance using postman. so the workflow itself is working fine.

this is my code

*&---------------------------------------------------------------------*
*& Report Z_TRIGGER_SCP_WORFKLOW
*&---------------------------------------------------------------------*
*&
*&---------------------------------------------------------------------*
REPORT Z_TRIGGER_SCP_WORFKLOW.
DATA: lo_http_client TYPE REF TO if_http_client.
DATA: response TYPE string.
"create HTTP client by url
"API endpoint for API sandbox
CALL METHOD cl_http_client=>create_by_url
 EXPORTING
 url = 'https://bpmworkflowruntimeXXXXXea-XXXXX.hana.ondemand.com/workflow-service/rest/v1/xsrf-token'
 IMPORTING
 client = lo_http_client
 EXCEPTIONS
 argument_not_found = 1
 plugin_not_active = 2
 internal_error = 3
 OTHERS = 4.
IF sy-subrc <> 0.
 "error handling
ENDIF.
"setting request method
lo_http_client->request->set_method('GET').
"adding headers
lo_http_client->request->set_header_field( name = 'X-CSRF-Token' value = 'Fetch' ).
lo_http_client->request->set_header_field( name = 'Content-Type' value = 'application/json' ).
lo_http_client->request->set_header_field( name = 'Accept' value = 'application/json' ).
lo_http_client->request->set_header_field( name = 'Authorization' value = 'Basic XXXXXXXXXXXXXXXXXXXXX' ).
"API Key for API Sandbox
*lo_http_client->request->set_header_field( name = 'APIKey' value = 'Vw0jBxyASfBvXXXXXXXFbEpcTKxizWKr' ).
"Available Security Schemes for productive API Endpoints
"Basic Authentication, OAuth 2.0
"Basic Auth : provide username:password in Base64 encoded in Authorization header
"lo_http_client->request->set_header_field( name = 'Authorization' value = 'Basic <Base64 encoded value>' ).
CALL METHOD lo_http_client->send
 EXCEPTIONS
 http_communication_failure = 1
 http_invalid_state = 2
 http_processing_failed = 3
 http_invalid_timeout = 4
 OTHERS = 5.
IF sy-subrc = 0.
 CALL METHOD lo_http_client->receive
 EXCEPTIONS
 http_communication_failure = 1
 http_invalid_state = 2
 http_processing_failed = 3
 OTHERS = 5.
ENDIF.
IF sy-subrc <> 0.
 "error handling
ENDIF.
data: lt_fields type TIHTTPNVP.
data(lo_response) = lo_http_client->response.
lo_response->IF_HTTP_ENTITY~GET_HEADER_FIELDS( CHANGING fields = lt_fields ).
*cl_demo_output=>display( lt_fields ).
data(ls_fields) = lt_fields[ name = 'x-csrf-token' ].
data(lv_csrf) = ls_fields-value.
CALL METHOD cl_http_client=>create_by_url
 EXPORTING
 url = 'https://bpmworkflowruntimeaXXXXXX-XXXXX.hana.ondemand.com/workflow-service/rest/v1/workflow-instances'
 IMPORTING
 client = lo_http_client
 EXCEPTIONS
 argument_not_found = 1
 plugin_not_active = 2
 internal_error = 3
 OTHERS = 4.
IF sy-subrc <> 0.
 "error handling
ENDIF.
"setting request method
lo_http_client->request->set_method('POST').
"adding headers
lo_http_client->request->set_header_field( name = 'X-CSRF-Token' value = lv_csrf ).
lo_http_client->request->set_header_field( name = 'Content-Type' value = 'application/json' ).
lo_http_client->request->set_header_field( name = 'Accept' value = 'application/json' ).
lo_http_client->request->set_header_field( name = 'Authorization' value = 'Basic XXXXXXXXXXXXXXXXXXXXX' ).
CONCATENATE '{"definitionId": "myworkflowtest",'
 '"context": { "PreqItem": "00010", "Material": "000000000000000011",'
 '"Plant": 5000, "DelivDate": 25082018,"PrNumber": " " }}' into data(lv_json).
CALL METHOD lo_http_client->request->set_cdata
 EXPORTING
 data = lv_json.
CALL METHOD lo_http_client->send
 EXCEPTIONS
 http_communication_failure = 1
 http_invalid_state = 2
 http_processing_failed = 3
 http_invalid_timeout = 4
 OTHERS = 5.
IF sy-subrc = 0.
 CALL METHOD lo_http_client->receive
 EXCEPTIONS
 http_communication_failure = 1
 http_invalid_state = 2
 http_processing_failed = 3
 OTHERS = 5.
ENDIF.
IF sy-subrc <> 0.
 "error handling
ENDIF.
response = lo_http_client->response->get_cdata( ).
cl_demo_output=>display( response ).

qmacro · ‎08-23-2018

It looks like you're not passing any cookies between the calls. Cookies contextualise the token that's fetched. Without them, you'll get a 403. See this Q&A for more details. https://answers.sap.com/questions/563171/why-the-business-rules-invoke-rule-service-need-co.html Cheers!

PS you also had your userid and password more or less in plain sight - in the Basic Authentication header, encoded with Base64 (which is simple to decode). So I replaced some of the characters with Xs to obscure it for you.

Sesh_Sreenivas · ‎08-24-2018

Hi Sankara,

Like DJ mentioned, you need to use the cookies while calling the API to create workflow instance. You can refer to the following links for the source code and explanation:

https://archive.sap.com/discussions/thread/3786067

https://blogs.sap.com/2017/08/04/regarding-cookie-manipulation-in-cl_http_client-to-avoid-csrf-token...

Regards,

Sesh

vamsixk · ‎03-27-2019

with SM 59 you can safely store your User ID and password . if you use URL, you have to pass the user id and password as indicated earlier by DJ Adams.

so the best practice would be to use the SM59 approach.

Kind Regards,

Vamsi

Trigger SCP from ABAP program

Accepted Solutions (1)

Accepted Solutions (1)

Answers (2)

Answers (2)

Connectivity guaranteed with Cloud Integration ver...

CRM WEB UI - Custom Date Field - search date range...

route message from SAP PI to SAP CPI

SAC Story: How to derive a dimension value from th...

Connecting to an SAP Analytics Cloud tenant to SAP...