Create API

In this lesson you will manage an API for product data using the API Management capability. This API can then be used by application developers to create various applications such as smartphone apps, kiosk applications, web pages, etc. This API can also be used by integration experts to configure process integration use cases.

Try it out!

Access the API Management service

API Management is a capability of SAP Integration Suite and leverages reusable artifacts to ease the overall developer experience and increase efficiency.

We will begin by creating an API Provider using the MSO_API_TEMPLATE template that provides a partially pre-configured API, including components such as the Policies, API Proxy URL and Resource endpoint.

Note

you will suffix many artifacts with your Technical Academy user ID to identify your work. This is required because we are creating similar artifacts as other users in the same environment. In real-life projects this is not necessary.

Configure the API Provider

If not already open, select the following link to access the Lobby service.
Navigate to the Configure section of Integration Suite using the left-hand menu and click on APIs.
Find the MSO_API_TEMPLATE under API Proxies and copy the template as shown in the below image.

Note

The

Copy the the required text values below to the corresponding fields:
1. Name: {placeholder|userid}_MSO_API
2. Title: {placeholder|userid}_MSO_API
3. API Base Path: /{placeholder|userid}
4. Select Copy to complete the configuration and open the API property page.

The API contains the following attributes that are key to its configuration:

Name	Description
API Proxy	Is a discrete representation of an API entity that abstracts the actual proxy end point properties at one end and the actual target endpoint (the endpoint that is relevant for the end user to invoke) at the other end. It also includes other properties that describe the policies that need to be invoked on the API, the attachments, and documents, and other artifacts that are relevant to the API.
Proxy Endpoint	Manages interactions with API consumers. Consumers of the API normally interact with the base path of the API and are attached to policy entities that operate to define quota, access limiters, and so on.
Target Endpoint	Manages interactions with the backend service endpoint on behalf of consumer applications. Backend endpoint forwards request messages to the proper backend service.
API Resource	Individual business entities that an API proxy contains. For example: BusinessPartnerCollection is an API resource that the API administrator would like to present via an API Proxy entity.
Operations	Is the object representation to specify if GET, POST, PUT, and DELETE calls are specified.
Policy	The runtime engine of SAP Integration Suite is policy driven. This means that policies are decoupled from the service definition. They can be dynamically linked to these APIs or services to enforce minimal or maximum levels of operation and Quality of Service.
API Documentation	Describes each API resource in a simple and concise manner.

Proxy EndPoint

The proxy endpoint defines the settings for the inbound connections for an API proxy. When you configure a proxy endpoint, you define how the client applications should invoke the API proxy. The main purpose of this configuration object is to manage interactions with consumers of the API. An API proxy must contain a proxy endpoint.

In SAP Integration Suite, API proxies use route rules to determine which target endpoint a client request should be forwarded to. These rules can be configured based on various criteria, allowing for dynamic routing to different backend services.

Route Rule

All requests are forwarded to the respective Target Endpoints by implementing certain rules on the route. The Route Rule is basically a conditional statement that determines the Target Endpoint. When more than one Target Endpoint is available, the Route Rule evaluates the condition and, if true, the request is forwarded to the named target endpoint.

Note

The

This configuration set will not be forwarded to any backend system (Target Endpoint = NONE). This is typically done to intercept and handle CORS preflight requests at the API proxy level without bothering the backend.

Target EndPoint

The Target endpoint defines the outbound connections for an API proxy. The main purpose of this object is to manage interactions to the actual backend service endpoint on behalf of consumer applications. An API proxy can contain zero or many target endpoints.

Note

Target EndPoints has

Resources

Save the API. The default GET request end point will be updated in the next section.

Update the Resources API EndPoint

Update the API endpoint by using OpenAPI specification. OpenAPI Specification (formerly Swagger Specification) is an API description format for REST APIs.

Available endpoints and operations on each endpoint (GET, POST), operation parameters Input and Output for each operation.

API specifications can be written in either YAML or JSON format.

Edit the Resource API endpoint by selecting Edit -> Edit in API Designer:
Select all of the configuration in the right-hand code window pane and delete it.
Replace the OpenAPI YAML content with the following API configuration and select Save:

Code Snippet

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
openapi: 3.0.0
info:
  title: {placeholder|userid}_MSO_API_1
  version: 1.0.0
  description: <p></p>
  x-targetEndpoint: >-
   {placeholder|target_endpoint}
paths:
  /{placeholder|userid}_MSO_iFlow_1:
    get:
      summary: Get Maintenance Orders
      responses:
        '200':
          description: A list of maintenance orders
          content:
            application/json:
              schema:
                type: object
                properties:
                  service_contract_id:
                    type: string
                    example: '7'
                  service_start_date:
                    type: string
                    example: 01.01.2025
                  service_end_date:
                    type: string
                    example: 31.12.2025
                  service_level:
                    type: string
                    example: premium
                  service_quantity:
                    type: string
                    example: '1'
                  service_price:
                    type: string
                    example: $30.00
                  service_currency:
                    type: string
                    example: USD
                  s4_order_id:
                    type: string
                    example: '478635'
                  s4_customer_id:
                    type: string
                    example: '17100004'
                  s4_customer_name:
                    type: string
                    example: HighTech Sports Inc
                  s4_product_id:
                    type: string
                    example: MZ-TG-ZAD02
                  s4_product_description:
                    type: string
                    example: Office Monitor
                  s4_quantity:
                    type: string
                    example: '1'
                  s4_currency:
                    type: string
                    example: USD
      description: ''
servers:
  - url: >-
     {placeholder|host_alias}:443/{placeholder|userid}
x-servers:
  - url: >-
      https://api-btp-is-std.test.apimanagement.eu10.hana.ondemand.com:443/ACXXXXXX_Maintenance_Sales_Order_read_SC4
definitions: {}
tags: []
components:
  schemas: {}

Note

The

Inspect and update inherited SpikeArrest policy

Inspect and update the SpikeArrest policy once the base configuration is complete. This policy was pre-configured in the MSO_API_TEMPLATE and throttles the number of requests processed by an API Proxy protecting against performance lags and downtime.

The initial Rate value was set to 5pm</>:

Code Snippet

123456789
<!-- This policy throttles the number of requests processed by an API Proxy protecting against performance lags and downtime -->
  <SpikeArrest async="true" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
    <!-- can be used to uniquely identify an application or a client -->
    <Identifier ref="request.header.some-header-name"/>
    <!-- used to modify the impact of a single request on the calculation of spike arrest limit. If the weight is 5 and the spike limit is 10 per minute then only 2 requests are permitted to this proxy in one minute -->
    <MessageWeight ref="request.header.weight"/>
    <Rate>5pm</Rate>
    <UseEffectiveCount>true</UseEffectiveCount>
  </SpikeArrest>

Open the _MSO_API to edit your API.
Select the Policies configuration
Select ProxyEndpoint -> PreFlow

Notice the SpikeArrest policy
Update the policy Rate from 5 requests per minute to 8 requests per minute

Copy the the required text values below to complete the configuration:
1. Select ReFlow policy: SpikeArrest1
2. Edit policy
3. Update Range to: <Rate>8pm</Rate>
Before:
Code Snippet
```
1
<Rate>5pm</Rate>
```
After:
Code Snippet
```
1
<Rate>8pm</Rate>
```
Update and save the policy change

The API configuration is now complete and ready for deployment.

Deploy the _MSO_API_1 API

Continue the steps and deploy the _MSO_API

Deploy the _MSO_API API

Saving the API configuration will land you back on the API develop home page. Select the newly created _MSO_API API and Deploy action.

Test the _MSO_API_1 API

Navigate to the Test/APIs interface and find deployed _MSO_API API.

Copy the the required text values below to complete the configuration:
1. Test APIs
2. Find API: {placeholder|userid}_MSO_API
3. Select Headers
4. Header Name: Authorization
5. Header value:
Code Snippet
```
1
{placeholder|auth_id}
```
1. Send request
The initial result set:

Invoke Spike Arrest error

Repeatedly click the Send button until the Spike Arrest policy is triggered:

Code Snippet

123456789101112
{
"fault":{
    "faultstring":"Spike arrest violation. Allowed rate : MessageRate{
        messagesPerPeriod=8,
         periodInMicroseconds=180000000,
         maxBurstMessageCount=1.0
    }",
    "detail":{
        "errorcode":"policies.ratelimit.SpikeArrestViolation"
    }
 }
}

Congratulations! You are now ready for the next lesson!

Next lesson