Browse the Book - Cloud Object Storage · SAP Cloud Platform Mobile Services API Product Manager...

Browse the BookIn this chapter excerpt, you’ll explore the complete API lifecycle. You’ll walk through the key SAP API Management components that support each phase, including the API designer, the API portal, the developer portal, and the API gateway.

Carsten Bönnen, Harsh Jegadeesan, Divya Mary, Shilpa Vij

SAP API Management365 Pages, 2020, $79.95 ISBN 978-1-4932-1861-5

www.sap-press.com/4928

First-hand knowledge.

“Managing the End-to-End Lifecycle of APIs”

Contents

Index

The Authors

https://www.sap-press.com/sap-api-management_4928/?utm_source=AWS&utm_medium=readingsample&utm_campaign=Browse%20the%20Book&utm_content=1860

63

3

Chapter 3

Managing the End-to-End Lifecycle of APIs

In this chapter, we look at the end-to-end lifecycle of application pro-

gramming interfaces (APIs). After a short general discussion of API life-

cycles, we’ll take a closer look at how SAP API Management supports

that lifecycle. We’ll then run through a simple example that allows

you to experience the different steps hands-on.

After reading the first chapters of this book, you should now have a good understand-

ing of APIs as the building blocks of digital businesses and how they fit into the SAP

strategy of an intelligent enterprise. In addition to this, you’ve read about how and

why SAP API Management was implemented and how you can install and run it on

your own instance of SAP Cloud Platform. In this chapter, we’ll take a closer look at

the end-to-end lifecycle of APIs and at the tools SAP API Management offers to you in

the lifecycle.

3.1 Overview of the API Lifecycle

Figure 3.1 shows the lifecycle of an API. As mentioned, APIs are used to create your

digital business through apps and other channels.

Starting with channels in Figure 3.1, you see that several entities are mentioned, such

as apps and business networks; however, this list isn’t complete as channels can also

include social media and dedicated devices, among other things. In all cases, how-

ever, the APIs are the building blocks that allow you to address those channels.

APIs are well-defined interfaces that—in an ideal world—come with detailed docu-

mentation that allows every developer (right side of Figure 3.1) to build apps that sup-

port basically every channel. The developer doesn’t need to know anything about the

backend or how the API is eventually implemented; with the information from the

API, he or she can start developing right away.

3 Managing the End-to-End Lifecycle of APIs

64

And, as you can see from Figure 3.1, the data an API exposes can come from a lot of dif-

ferent API backends when you’re using SAP API Management—not only SAP back-

ends but third-party backends too, as long as they support Representational State

Transfer (REST)/OData or Simple Object Access Protocol (SOAP).

Figure 3.1 Lifecycle of an API

Now let’s take a closer look at the five phases of the lifecycle:

� Design

In this phase, you design an API on the “coding” level.

� Develop

In this phase, you implement your API using additional services and maybe even

other APIs.

� Manage

In this phase, you implement security and traffic management for your API. This

is one of the most essential phases.

� Meter and monetize

In this phase, you can meter your API and analyze its behavior, which will allow

you to monetize it as well.

Content

Design Develop Manage Engage

API Designer API Portal (Security | Traffic Management | Mediation)App Services

Developer Portal

SAP APIBusiness Hub

API Gateway (Cloud | Hybrid)

API Developer

AppDevelopers

SAP Web IDE

CloudConnector API Backends

AppsBusinessNetworks

PartnersCustomers

DevelopmentTeam/Developer

API Team

Channels

Personas

Meter andMonetize

SAP CloudPlatform

Mobile Services

API ProductManager

SAP Apps, SAP HANA,and Middleware

Third-Party APIProviders

SAP Cloud PlatformMicroservices

IntegrationService

PersistenceServices

MessagingService

On-PremiseMiddleware

65

3.1 Overview of the API Lifecycle

3

� Engage

In this phase, you provide your API to the developers; the phase includes onboard-

ing developers.

The aforementioned phases can be found in basically every API lifecycle. Sometimes,

the phases may have different names, or there may be additional or extended steps,

but, in general, the lifecycle will always look similar.

The following sections provide a closer look at what you can expect of the different

phases in SAP API Management.

3.1.1 Design

The design phase actually may happen outside of SAP API Management. Given that

you already have an existing API or suitable service somewhere in your backend, you

can skip directly to the develop phase.

However, if you want to model your own API or maybe start with an existing API and

make some changes to it on the specification level, this is the phase in which to do so.

SAP API Management provides the API designer tool supporting OpenAPI Specifica-

tion (formerly known as Swagger) and RESTful API Modeling Language (RAML). In

this phase, you can describe your own APIs, work on existing APIs, and eventually

create your own API proxy in SAP API Management.

3.1.2 Develop

This phase is all about developing your own API. As with the next two phases, SAP API

Management has you covered with the API portal. The API portal consists of various

tools that you can use to build your own APIs.

In contrast to the design phase, you develop APIs on this level by working on existing

APIs and/or services. You can easily build your own API proxies that rely on other

APIs or on services. In the easiest implementation, your API will just reflect a service

or API in the backend. In more complex scenarios, your API proxy can be based on

several APIs and/or services as well as make calls out from within the policy editor,

allowing you to include services in a complex configuration and implementation of

your own API.


66

3.1.3 Manage

Managing an API is mainly about three things:

� Security

� Traffic management

� Mediation

Most likely, you’ll spend the bigger part of this phase in the policy editor, which

allows you to apply policies to your APIs. With SAP API Management, you’ll get a set

of predefined policies dealing with security, traffic management, and mediation. In

addition, the editor will allow you to customize those policies, define your own poli-

cies, and even bundle them in templates.

3.1.4 Meter and Monetize

There are a many reasons to check on your APIs and keep an eye on the traffic they

generate and how they behave in general. Among the most prominent ones are

these:

� Performance

� Security

� Monetization

If an API isn’t performing correctly, you may want to fix it, or if it isn’t really used, you

probably want to remove it completely. In terms of security, you may want to check

for any suspicious behavior in your system and analyze it. And, finally, you may want

to know who is using your APIs and charge them for the usage.

All of these features are integrated into the API portal, where you can run analytics on

your APIs and define rate plans to charge users of your APIs for the usage based on

different criteria.

3.1.5 Engage

The last phase in the lifecycle should not be underestimated. Engaging with whom-

ever is using your APIs is essential to the success of your APIs. This is not only true

when your users are outside your company, but maybe even more so when they are

inside your company.

67

3.2 Components of SAP API Management

3

Onboarding for developers, that is, users of your APIs, has to be as easy as possible.

This is why SAP API Management offers a dedicated portal for this phase called the

developer portal.

Developers can easily find all exposed APIs in the developer portal, including the doc-

umentation and all relevant information. In addition, the developer portal allows

you to control who gets access to which APIs and to evaluate developers and APIs.


By now, you should have a good understanding of what goes on in the different

phases. In this section, we’ll look closer at the components mentioned earlier and

what you can do with them.

Best practice is to get your SAP Cloud Platform trial account (see Chapter 2, Section

2.3.1) up and running and follow the explanations in your own instance. Please note

that because we’re talking about a cloud implementation, you might find minor

changes in the user interface (UI).

3.2.1 API Designer

The API designer is part of the SAP API Management service. After opening your SAP

Cloud Platform cockpit, you can find the tool by clicking on Services and then Inte-

gration or by searching for it and clicking on API Management. After performing the

steps in Chapter 2, your SAP API Management should already be enabled and look

like the tile in Figure 3.2.

Figure 3.2 Enabled API Management Tile in the SAP Cloud Platform Cockpit


68

After clicking on API Management, your screen should now look like Figure 3.3.

Figure 3.3 API Management with the Access API Designer Link

On this overview page, you can find links to all the relevant tools, including the API

designer. As you can see, the overview page also lets you know in which regions SAP

API Management is available.

Let’s explore the API designer, beginning with the different options to access it and

following with the key menus.

Access

After clicking on Access API Designer, the API designer will open as shown in Figure

3.4. At startup, the API designer opens with some skeleton coding that shows the

basic entities to be expected in an OpenAPI description. With that said, don’t be con-

cerned about the errors it shows on the right side, as the description is by no means

complete. However, this is only one way to open the API designer; in your everyday

work, you may prefer one of the others we’ll discuss next.

69


3

Figure 3.4 API Designer at Startup

Another even more convenient way to open the API designer in real life scenarios is

by clicking on Access API Portal and then choosing Develop from the navigation pane

in the API portal (see Figure 3.5).

Figure 3.5 Accessing the API Designer from the API Portal

A screen with a list of all existing APIs will open. From this screen, you can open the

API designer by clicking on Create in API Designer (see Figure 3.6).


70

Figure 3.6 Opening the API Designer from the API Portal

Note

Sometimes, you’ll find blank entries on the screenshots in this book because we’re

striving to give you a realistic view of the systems and use real systems to do so. The

drawback of this approach is that we sometimes have to mask certain entries for

legal reasons.

Depending on your role (see Chapter 1, Section 1.4.2), you may spend most of your

time in the API portal, so this method of opening the API designer might be more use-

ful for some roles.

The last method to open the API designer is for situations in which you already have

an existing API. In this case, you open your API and choose Edit � Edit in API Designer

(see Figure 3.7).

Figure 3.7 Editing an Existing API in API Designer

In contrast to the first two options for opening the API designer, it will open with the

coding for your specific API.

Let’s quickly run through the menus of the API designer so that you have a good

understanding of what you can do here.

71


3

File

The File menu (see Figure 3.8) is probably the menu you’ll use the most. It allows you

to generate new files (New) that will look exactly like the one you’ll see when you

open an empty API designer.

Figure 3.8 The File Menu in the API Designer

The next three entries starting with Paste allow you to paste JavaScript Object Nota-

tion (JSON), RAML, and OData metadata into your file. By clicking on one of these

entries, a small editor window will open. Figure 3.9 shows the editor for JSON. Note

that the editor checks the coding for validity.

Figure 3.9 Pasting JSON Coding into Your File


72

In addition to pasting coding into your file, you can import complete files by clicking

the Import File menu item. Accepted files include YAML and JSON formats.

By clicking Save, you can create or update your API in SAP API Management. If you

create an API from scratch, the API designer will ask you to provide a name. This new

API will then show up in your list of APIs in the API portal.

Finally, you export your APIs in YAML or JSON format by clicking on Download YAML

and Download JSON, respectively.

Preferences

The Preferences menu allows you to change the look and feel of the API designer

according to your personal needs and preferences. In addition to setting the font size

(Font Size) and going back to the default setting (Reset Editor Settings), you can make

very specific changes through Editor Settings (see Figure 3.10). When clicking on Edi-

tor Settings, the possible settings (shown in Figure 3.11) will open on the right side of

your API designer screen. As you can see, there are a lot of settings possible.

It would go a bit too far to explain them all here, but most are self-explanatory. Feel

free to play around with those settings until you find the user experience matching

your needs.

The last menu item in Preferences allows you to modify the behavior of the API

designer even further. As you can see from Figure 3.12, you can mainly change the

“live” behavior of the editor here. This may be helpful if you encounter specific issues

with live rendering or auto complete.

Usually, the preset settings will do just fine, but for more complex specifications, the

features may be bothersome, and you probably want to turn Live Rendering and/or

Auto-complete off. The first might make rendering the code slower, while the second

might be tricky if you use coding with a lot of nonstandard expressions.

Figure 3.10 Creating a Convenient Development Environment through Preferences

73


3

Figure 3.11 Editor Settings for the API Designer

Figure 3.12 Editor Preferences for the API Designer


74

Generate Server

The Generate Server menu, shown in Figure 3.13, allows you to easily generate server

stubs. You can choose between JAX-RS, Node.js, and Spring. With this feature, the API

designer supports the complete lifecycle of an API.

Figure 3.13 Generating Server Stubs in API Designer

Figure 3.14 shows an example dialog for a Node.js server stub generation. After chang-

ing the default entry of Artifact (recommended), you can now create your own server

stub by clicking on Generate Project. A nodejs-server.zip will be created and down-

loaded or offered for download by your browser.

This file now represents your application that you can upload and use in other envi-

ronments such as Cloud Foundry in SAP Cloud Platform.

Figure 3.14 Generating a Node.js server Stub from the API Designer

Help

The Help menu (see Figure 3.15) provides a link to the Open API Initiative (OAI) and

allows you to go directly to the OpenAPI Specification GitHub by choosing Open API

Specs.

75


3

Figure 3.15 Help in API Designer

The Show Introduction Help option provides you with an overlay that is pretty basic

but is intended to help you get the lay of the land when it comes to getting started

with the API designer (see Figure 3.16).

Figure 3.16 Help with First Steps in API Designer

3.2.2 API Portal

While the API designer is all about specifications and coding, the API portal takes a

different approach and provides you with an interface that allows you to create, con-

figure, and manage your APIs. Figure 3.17 shows the landing page of the API portal

with an expanded “hamburger” menu. As you can see, the landing page provides you

with an overview of what is happening with your APIs at a glance.


76

Figure 3.17 API Portal Landing Page

You can reach the most relevant actions directly from the landing page (Quick

Actions) and see your API Traffic, how many errors happened (API Errors), how many

of your APIs are already deployed (APIs), and much more, including the performance

of the APIs, applications, products, and rate plans used for the monetization of your

APIs.

We’ll go through the different tools in more detail in Section 3.3, so we’ll focus on the

main menu options of the API portal here.

Discover

As the building blocks of your digital business, APIs can in many cases be taken quite

literally. In other words, you build APIs in many scenarios that are based on already

existing APIs and combine them in a way that works for you. Or you just consume an

API, connect it to your backend, and then expose it through SAP API Management.

Unfortunately, in the real world, more often than not, you don’t know if a functional-

ity or service is already implemented somewhere else or if there is an existing API

that you could reuse.

77


3

SAP helps you with this problem by providing a central repository for SAP, partner

services, and APIs called the SAP API Business Hub. You can reach this repository

through https://api.sap.com.

However, just providing a URL isn’t a very integrated approach if you already offer an

SAP API Management solution. This is where the Discover page comes in to provide a

direct connection to the SAP API Business Hub repository from within the API portal

(see Figure 3.18).

Figure 3.18 Integration with SAP API Business Hub

While the landing page provides you with the highlights of SAP API Business Hub,

you can access all available resources by clicking on All. Figure 3.19 shows the list of

available resources. As you can see, it can become confusing or overcrowded very

quickly. Therefore, in addition to offering a search functionality, you can filter the

entries by Lines Of Business (LoBs), Vendor, and so on.

After choosing a specific service, you’ll get detailed information for that service and

can easily find out if it fits your needs. Figure 3.20 shows an example for SAP Leon-

ardo Machine Learning Foundation. Note that you can go directly to the SAP API Busi-

ness Hub from here by clicking on the View in API Business Hub link in the upper-

right corner.


78

Figure 3.19 All Resources from SAP API Business Hub with Filtering Functionality

Figure 3.20 SAP Leonardo Machine Learning Foundation—Functional Services from within

the API Portal

While additional information, such as documents with product information or links

to further resources, might be found by clicking on Documents, you’ll likely investi-

gate Artifacts most of the time. Through Artifacts, you can access the services that are

offered as shown in Figure 3.21. As you can see, there is a button under Actions that

you can click to open a context menu that allows you to copy the API (in this case, a

REST API) directly into your SAP API Management instance.

79


3

Figure 3.21 Copying an API into your SAP API Management Instance

Figure 3.22 shows the dialog that will open if you copy the API into your SAP API Man-

agement instance. Change the Name if it’s too technical, and click on OK.

Figure 3.22 Dialog to Copy an API into Your SAP API Management Instance


80

After clicking on OK, your list of APIs will open and show you a new entry (see Figure

3.23). You’ve now copied the API into your SAP API Management instance and can use

it as any other API in your list.

Figure 3.23 Copied API in Your List of APIs

Develop

The Develop page, shown in Figure 3.24, is where you’ll spend a good deal of your time

as an API product manager/developer.

Figure 3.24 Managing your APIs, Products, Applications, and Policy Templates in the API

Portal

Under Develop, you can create and manage the following:

� APIs

API proxies represent APIs in SAP API Management.

� Products

Allow you to expose your APIs to developers.

� Applications

Apps that are built on the developer portal.

� Policy Templates

Allow the bundling and reuse of policies for several APIs.

81


3

Through the Develop page, you can create your own APIs from scratch, import APIs

from a file, or create them in the API designer. Then you can create products that usu-

ally are based on APIs. Applications are built in the developer portal, so you can’t cre-

ate them here, but you can have a look at them, see who developed them, and get

additional details on the app. Policy templates aren’t created here either; you can

only import them from here. If you want to create a policy template, you have to do

that in the policy editor.

Let’s take a closer look at the API itself. As you can see from Figure 3.25, the Overview

page for an API gives you all the relevant information on an API. However, on this

screen, you can also find some of the most relevant tools when dealing with your

APIs.

Figure 3.25 Opened API in SAP API Management

While Proxy EndPoint and Target EndPoint give you more information on the API

that you can use, the Resources tab gives an overview on the methods you can invoke

on your APIs. As you can see from Figure 3.26, you not only get the method name but

also what kind of method it is (Post), and you can try it out (choose Try out).


82

Figure 3.26 Collapsed Method under Resources

By clicking on the method, you can now expand it, get even more information on the

method, and even set parameters before you try it out (see Figure 3.27).

Figure 3.27 Expanded Method under Resources

You may have noticed that you can only try out your API here but can’t make any

changes. To change your API, and especially the resources, you can open the sub-

menu of Edit in the upper-right corner of your screen (see Figure 3.28).

83


3

As mentioned in Section 3.2.1, you can switch to the API designer here and directly

change your API on the specification level. However, in many cases, this is neither

necessary nor convenient. By clicking on Edit, you make changes directly in the API

portal and modify your API.

Figure 3.28 Editing Your API

After clicking on Edit, the Resources page will show you some new icons that allow

you to make changes to the API (see Figure 3.29).

Figure 3.29 New Icons after Clicking on Edit in Your API

The most important is the pencil icon, which will open an additional dialog when

clicked. Figure 3.30 show the Edit Resources dialog that will open with an opened sub-

menu. As you can see, you can change the name, the Path Prefix (basically the relative

location of the resource in your SAP API Management instance), and even the Opera-

tions and the type (i.e., you can add and remove operations depending on your needs

and what you want to allow a developer to do with your API).

In addition, you can add extensive documentation for your API and methods/opera-

tions here. As you can see, the dialog comes with an editor that allows you to create

your own documentation, including different font styles, formatting, links, and so

on.


84

Figure 3.30 Edit Resources Dialog

While in Edit mode, the upper-right corner will offer different links/buttons, as

shown in Figure 3.31. Here you can Save your changes or Cancel them, and all changes

are void.

Figure 3.31 Upper-Right Corner in Edit Mode

Warning

Even though you’ll get a warning, when trying to leave the page without saving, your

changes will only be saved after clicking on Save. If you leave the page in an unex-

pected way (e.g., by closing the browser), your work will be lost.

After saving your changes, you can then return to the original links, including the

aforementioned Policies, Copy, and Edit in the upper-right corner. While Copy simply

allows you to copy your API (see Figure 3.32), which, in many cases, means just giving

it a new name and then working on the copy, Policies is a much more interesting

option as it opens the policy editor (see Figure 3.33).

85


3

Figure 3.32 Copy API Dialog

Figure 3.33 Policy Editor


86

The policy editor allows you to apply predefined policies on your APIs and even cre-

ate your own policies to manage the behavior of your APIs. To use it, you first must

click on Edit (see Figure 3.33).

As the policy editor will be explained in detail in Chapter 5, let’s just have a look at the

UI and what it offers. Starting on the right, you see a set of policies you can use:

� Security Policies

� Traffic Management Policies

� Mediation Policies

� Extension Policies

The first three are predefined policies deal with a specific topic (e.g., Security), and you

can configure them to your specific needs. The last one (Extension Policies) allows

you to build your own policies.

If you already clicked on Edit, you’ll realize that the plus sign on the right side is still

gray (i.e., inactive); this is because you haven’t yet decided to which flow you want to

add the policy. The flow defines when a policy is executed. For example, click on Pre-

Flow beneath ProxyEndpoint on the right (see Figure 3.34).

Figure 3.34 Choosing a Flow

The plus icon is now available, so you can add policies to the flow. Figure 3.35 shows

an added policy (BasicAuthentication).

Figure 3.35 also shows what the work area looks like after a policy is chosen. While the

upper half of the screen shows the policies and their flow, the lower part shows the

coding/configuration behind the policy. Here, you can make sophisticated changes

87


3

to your policy and even define a condition string that allows you to decide under

which circumstances the policy is to be applied. As before, after changing anything in

the policy editor make sure to click Save before you move on. For further details on

the policy editor, please refer to Chapter 5.

Figure 3.35 Added Policy in the Policy Editor

You may have noticed the three points in the Edit menu of your API that weren’t

mentioned yet. Figure 3.36 shows them expanded. Under this menu entry, you can

find the following:

� Debug

Allows you to access the debug functionality discussed under Test.

� Deploy

Deploys an API after it’s thoroughly tested.

� Export

Allows you to export your API to a file.

� Delete

Deletes your API.


88

Figure 3.36 Additional Options for your API

Because dealing with APIs is so essential, we’ve taken the time to have a closer look.

However, the functionality for products and applications is pretty simple and will be

discussed in Section 3.3. Policy templates will be discussed in Chapter 5 when we take

a deep dive into the policy editor. Now, let’s switch to the Configure page.

Configure

The Configure page (see Figure 3.37) allows you to deal with three entities:

� API Providers

Allows you access to predefined API providers such as backend systems (e.g., an

SAP Gateway system).

� Certificates

Allows you to create/upload security certificates into SAP API Management.

� Key Value Maps

Allows you to store (encrypted) key value maps.

Figure 3.37 Configure Page in the API Portal

API Providers (see Figure 3.37) are basically a representation of any kind of API pro-

vider, which means that you can create a representation here that is pointing to a back-

end system (e.g., an SAP Gateway system) or a specific service (OData/REST, SOAP).

89


3

For backend systems, it usually makes sense to create an API provider and later use

this provider in the API creation; however, for services from a certain point of view, it

only makes sense if you plan to use the service in more than one API as you can point

to a specific service directly when creating an API.

Note

We recommend implementing specific rules for the API product manager and devel-

oper that ensure a certain consistency in your SAP API Management instance. One

rule could be that you have to create an API provider for every service and backend

that you’re using in an API, after checking that there is no duplicate in your list of API

providers.

Certificates also play an important role in securing your APIs. More specifically, they

allow you to use the Secure Sockets Layer (SSL) to establish an encrypted connection

between a web server and a web client. In other words, it allows you to use HTTPS

instead of simple and unsecure HTTP.

As certificates and security in general are a rather complex topic, you can find the

details on this topic in Chapter 8. Figure 3.38 shows the dialog you can use to create

certificates (after clicking on Configure � Certificates � Create). As you can see, you can

choose between Trust Store and Key Store certificates (for details, see Chapter 8).

Figure 3.38 Creating Certificates in the API Portal


90

Key Value Maps allow you to create a set of key/value pairs, which come in handy

when you need access to data during runtime and you don’t want this data to show

up in your API proxy logic (i.e., any kind of coding).

One scenario is that you connect through SAP API Management to other systems

that may not support the single sign-on (SSO) mechanisms of SAP API Management

or that you want to connect to a backend system using a service user. In such a sce-

nario, you can create a key value map that stores, for example, the user credentials for

the service user. When configuring your API proxy logic, you can now access this

information and use it as part of your coding. For example, you can allow or deny a

user access to the backend system based on the information that user already pro-

vided to SAP API Management.

To access the dialog you can use to create key value maps (see Figure 3.39), choose

Configure � Key Value Maps � Create (see Chapter 7, Section 7.5 for further details).

Figure 3.39 Creating Key Value Maps in the API Portal

Monetize

The Monetize page (see Figure 3.40) gives you access to the following:

� Rate Plans

A rate plan allows you to charge the usage of your APIs by attaching a rate plan to

a product.

� Bills

The bills and billing details for specific users (usually developers) in a specific month

are provided.

91


3

Figure 3.40 API Portal Access to the Relevant Monetization Tools

The Rate Plans tab allows you to charge for the usage of your APIs. As you can see in

Figure 3.41, the rate plan has an associated product; that is, a rate plan is always

attached to a product.

Figure 3.41 Creating a Rate Plan in the API Portal


92

You can add a basic charge for the usage and/or charge by API call. In addition, you

can define different costs depending on the overall usage (e.g., give a discount if a cer-

tain number is reached). For more details, see Chapter 9.

Bills (see Figure 3.42) are generated automatically per user (i.e., developer) using your

APIs. Access to your APIs is always established through the products you created, and

you can define your own rate plan for every product. Based on those rate plans, SAP

API Management automatically calculates the costs for specific developers (see Fig-

ure 3.42) and generates a bill. You can access those bills for any given month. For

more information on monetization and bills, see Chapter 9.

Figure 3.42 Example for a Bill in the API Portal

93


3

Analyze

The Analyze page (see Figure 3.43) allows you to run analytics on your APIs. By

default, you’ll already see the most relevant information such as API Response Time,

Total API Calls, or Total API Errors. While some of the information is available as sim-

ple numbers, other information is displayed as a graphic.

Figure 3.43 Analyze: Analytics for Your APIs in the API Portal

To make things easier, you can access this information for predefined time periods:

Last 6 Months, Last 30 Days, Week, Day, and Hour. However, if you want to look into

a different time period, you can define it through the Custom option. For detailed

information on how to use analytics on your APIs, see Chapter 11.

Test

The Test page (see Figure 3.44) provides a test console for your APIs. As you can see,

you can choose your API on the left and then test it. Through the test console, you can


94

not only call the API but also define the method type to be invoked and provide head-

ers and URL parameters to be used when calling your API. For example, if an API key

is required in the header information, you can provide it here. In addition, you can

provide authentication information during the call using the Authentication: None

link.

Figure 3.44 Testing Your APIs in the SAP API Portal

Note

Although most developers prefer their own tools to test their APIs, using the API URL

in other tools, such as Postman, is supported and is an alternative or addition to the

test console in the API portal.

Through the Test page, you can also start the debugger for your APIs (Debug button).

Figure 3.45 shows a running—yet empty—debugger. In a live system with relevant

usage, you would directly see any traffic on the API and the debug information. If you

use a test system, use another tab or any app to call your API to see what is happening

in the debugger. Because debugging is expensive in terms of resources, the debug-

ging will automatically stop after 10 minutes.

95


3

Figure 3.45 A Started—Yet Empty—Debugger in the API Portal

3.2.3 Developer Portal

The developer portal (see Figure 3.46) is specifically designed for the onboarding of

your developers, that is, the people you expect to use your APIs. While the developer

portal can be used internally, it’s also designed to be used externally as an entry point

for external developers and partners. So, if you want to expose your APIs to the out-

side world, for example, through api.yourcompanyname.com, this web address might

point to the developer portal.

Note

We show the developer portal in the predefined SAP design. Customizing the devel-

oper portal to fit your needs and corporate identity is possible though, as mentioned

in Chapter 2, Section 2.1.


96

Figure 3.46 Developer Portal for SAP API Management

Let’s look closer at Figure 3.46. Basically, there are four main links, which we’ll explore

further in the following sections:

� Home

This link takes you back to the landing page.

� Manage

Depending on your role, you may or may not see this link as it allows you to man-

age your developer portal.

� My Workspace

This is where the developer finds an overview of all his applications and—if appli-

cable—any involved costs.

� Test Console

This link allows you to access the SAP API Management test console in a similar

fashion as in the API portal.

Home

The Home page (refer to Figure 3.46) is the landing page for your developer portal and

displays, by default, the APIs (i.e., products in SAP API Management terminology)

97


3

available to a developer. As you can see on the upper right, the developer has to be

logged in, hence the greeting and the Logout option. The API developer/manager/

administrator can decide which APIs a developer will see based on the user and the

assigned roles.

Note

Assuming that our readers have a keen eye, we don’t want to hide the Classic Design

link on the screenshot. At the time of writing (fall 2019), the link would have taken

you to the classic design of the developer portal. However, by the time you read this

book, the link should be gone.

The Home page not only allows a developer to display existing APIs/products but also

allows a developer to view the details directly and, more importantly, subscribe to a

product (see Figure 3.47).

Figure 3.47 Example of a Product in the Developer Portal


98

Clicking on Subscribe in Figure 3.47 will open a popup that allows you to choose

between Create New Application and Add to Existing Application. Note that this

means that your applications can be based on more than one product.

Manage

The Manage page (see Figure 3.48) helps you manage your users, that is, developers.

You can use the following capabilities:

� E-mail Configuration

Enter an email address that will get information on all incoming and pending user

requests.

� Pending Requests

View all pending user requests, including some additional information and rele-

vant actions for the administrator.

� Registered Users

View all already registered users, including some additional information and all

relevant actions for administrators to deal with users.

Figure 3.48 Managing Your Users in the Developer Portal

99


3

All links will take you to a central page on which you can directly deal with the config-

uration and the pending and registered users.

Note

Probably the most common way to set up your developer portal is with a self-registration

option. This means when a user not yet known to the system navigates to your devel-

oper portal, he will get a link to get registered. This will generate a request and—if

configured correctly—your administrator will get an email that there is a pending

request to be dealt with. In addition, note that we recommend using a generic email

handle for the administrator email instead of a specific person (e.g., administrator

@yourapidevportal.com).

My Workspace

The My Workspace page (see Figure 3.49) gives you an overview of all existing appli-

cations and allows you to deal with applications in general. The most common action

is probably available through the plus icon, which allows you to create a new applica-

tion based on existing products. If you don’t need an application anymore, you can

use the little trash can icon to delete the application.

Figure 3.49 Managing Your Applications in the Developer Portal: My Workspace


100

Note

Creating new applications or adding a product to an application can be done directly

on the landing page too. By clicking on any product on the landing page, you can add

that product to an existing application or create a new application based on that

product.

Through My Workspace, you can also access information on how your applications

are performing (Performance Analytics) and determine whether there are any errors

(Error Analytics). Assuming that everything is running smoothly, the most interest-

ing option for most developers will be the costs (Cost). Figure 3.50 shows an example

of what the cost report could look like.

Figure 3.50 Costs Generated by Your Applications over Time

101


3

If you think that this can’t be all, you’re right. In addition to the development itself,

which isn’t considered in this chapter (see Chapter 10 for details on that), developers

will spend some time in the application screen itself. By simply clicking on an appli-

cation, you can access the application itself.

Figure 3.51 shows the application screen for the Procurement Application. As you can

see, you get an overview of the general Application Info, any Products the application is

based on, and application-specific Analytics. One of the most relevant pieces of infor-

mation, the Application Key, is stored in the Application Info. This key, sometimes

referred to as the API key, is a necessary prerequisite to access most APIs/products.

Figure 3.51 Application in the Developer Portal

Test Console

The Test Console page (see Figure 3.52) provides the test console for your APIs from

within the developer portal. As you can see, it looks a bit different from the one in the


102

API portal; however, it basically offers the same options to test your APIs minus the

debugging capability.

Figure 3.52 Test Console Page in the Developer Portal

3.2.4 API Gateway

The API gateway underlies all lifecycle steps from manage to engage. In short, the API

gateway (yes, the name might be a bit misleading), is the runtime component for SAP

103

3.3 Lifecycle of APIs

3

API Management. Then again, the component supports the implementation of all the

features of SAP API Management from security through traffic management to mon-

etization. So, in the end, it kind of is the API gateway.

We’ll take a closer look at what you can do with it in the next section.

3.3 Lifecycle of APIs

Let’s now close the circle by diving into the lifecycle of an API by running through the

complete process in the system using some example data.

We’ll walk through a simple API creation starting with an SAP Gateway system as an

API provider.

3.3.1 Create an API Provider

As mentioned before, it isn’t necessary to create an API provider in every instance.

We do, however, recommend it in many cases because it’s cleaner and helps other

users understand existing APIs easier. This is especially true if there is the need or

possibility to reuse the API provider.

For our example, we’ll use the ES5 demo system that is available to everyone and

gives you access to a SAP Gateway system for testing and developing (which you’ll

remember from Chapter 2, Section 2.3).

Note

In Chapter 4, Section 4.3, we’ll discuss API providers in more detail. We’ll walk

through an on-premise backend example and take a look at further options.

Given that you have a user in the ES5 system, you can now focus on creating an API

provider. To create an API provider, you can either follow the path Configure � API

Provider � Create or simply click on API Provider on the home screen of your API por-

tal (in Quick Actions).

Either way, the resulting screen will be as shown in Figure 3.53. On the Overview tab

of the Add API Provider screen, you can provide a name for your API provider and a

description. In this case, use “ES5” as the Name and enter whatever you feel is appro-

priate for the Description.

7

Contents

Foreword ................................................................................................................................................ 15

Preface ..................................................................................................................................................... 17

Acknowledgments .............................................................................................................................. 19

PART I Getting Started

1 Introduction 23

1.1 Trends in Digital Business ................................................................................................ 24

1.1.1 Emergence of the Intelligent Enterprise ....................................................... 25

1.1.2 The Experience Economy ................................................................................... 25

1.1.3 Business Networks, Digital Ecosystems, and Collaboration .................. 26

1.1.4 Outcome-Based Business Models ................................................................... 27

1.2 APIs as Digital Building Blocks ....................................................................................... 28

1.2.1 Accelerate Innovative Digital Apps ................................................................. 29

1.2.2 Real-Time Interactions with Business Networks ....................................... 30

1.2.3 Omni-Channel Access and Single Source of Truth .................................... 31

1.2.4 Business Model Innovations and Monetization ........................................ 31

1.3 Why Manage APIs? ............................................................................................................. 33

1.3.1 Harmonized, Secure, and Simplified Access ................................................ 33

1.3.2 Traffic Management ............................................................................................ 35

1.3.3 Governance and Reuse ....................................................................................... 36

1.3.4 Usage Analytics and Monitoring ..................................................................... 38

1.3.5 Metering and Monetization .............................................................................. 39

1.4 SAP API Management: A Full-Lifecycle API Management Platform ............. 39

1.4.1 End-to-End API Lifecycle ..................................................................................... 40

1.4.2 API Lifecycle Personas ......................................................................................... 41

1.5 Related and Complementary Products ...................................................................... 42

1.6 Summary ................................................................................................................................. 43

Contents

8

2 SAP API Management at a Glance 45

2.1 Architecture ........................................................................................................................... 45

2.2 Introduction to the Real-World Scenario ................................................................. 48

2.2.1 Retail ........................................................................................................................ 48

2.2.2 Food Services ......................................................................................................... 49

2.2.3 Health Care ............................................................................................................ 50

2.2.4 Utilities .................................................................................................................... 50

2.2.5 High-Tech ............................................................................................................... 51

2.2.6 Pharmaceuticals ................................................................................................... 52

2.3 Deploying and Running Your First API Proxy ......................................................... 52

2.3.1 Prerequisites .......................................................................................................... 53

2.3.2 Set Up the Landscape and the Technical Conditions ............................... 53

2.3.3 Create the API Proxy ............................................................................................ 54

2.3.4 Manage the API Proxy with Policies ............................................................... 58

2.3.5 Deploy ...................................................................................................................... 61

2.4 Summary ................................................................................................................................. 62

3 Managing the End-to-End Lifecycle of APIs 63

3.1 Overview of the API Lifecycle ........................................................................................ 63

3.1.1 Design ...................................................................................................................... 65

3.1.2 Develop .................................................................................................................... 65

3.1.3 Manage ................................................................................................................... 66

3.1.4 Meter and Monetize ........................................................................................... 66

3.1.5 Engage ..................................................................................................................... 66

3.2 Components of SAP API Management ...................................................................... 67

3.2.1 API Designer ........................................................................................................... 67

3.2.2 API Portal ................................................................................................................. 75

3.2.3 Developer Portal ................................................................................................... 95

3.2.4 API Gateway ........................................................................................................... 102

3.3 Lifecycle of APIs .................................................................................................................... 103

3.3.1 Create an API Provider ........................................................................................ 103

3.3.2 Create an API Proxy ............................................................................................. 106

9

Contents

3.3.3 Secure and Manage Your APIs .......................................................................... 109

3.3.4 Create an API Product ......................................................................................... 113

3.3.5 Monitor and Analyze Your APIs ....................................................................... 116

3.3.6 Meter and Monetize Your APIs ........................................................................ 118

3.4 Summary ................................................................................................................................. 119

PART II Designing, Developing, and Managing Enterprise APIs

4 Developing APIs 123

4.1 API Development Methodology ................................................................................... 123

4.2 Access the API Designer .................................................................................................... 125

4.3 API Providers .......................................................................................................................... 126

4.3.1 Create ....................................................................................................................... 127

4.3.2 Import ....................................................................................................................... 134

4.4 Develop New APIs ............................................................................................................... 135

4.4.1 Microservices ......................................................................................................... 136

4.4.2 Software Development Kit ................................................................................ 148

4.4.3 SAP Cloud Application Programming Model ............................................... 150

4.5 Add Resilience to Your APIs ............................................................................................. 150

4.6 Summary ................................................................................................................................. 152

5 Managing Enterprise APIs 153

5.1 Policy Editor Basics .............................................................................................................. 153

5.2 Using Policies ......................................................................................................................... 156

5.3 Traffic Management .......................................................................................................... 158

5.4 Mediation ................................................................................................................................ 160

5.5 Security ..................................................................................................................................... 162

Contents

10

5.6 Extension ................................................................................................................................ 164

5.7 Summary ................................................................................................................................. 166

6 Traffic Management 167

6.1 Access Control ....................................................................................................................... 168

6.2 Concurrent Rate Limit ....................................................................................................... 170

6.3 Quotas ...................................................................................................................................... 177

6.4 Response Cache ................................................................................................................... 181

6.5 Spike Arrest ............................................................................................................................ 184

6.6 Summary ................................................................................................................................. 186

7 Mediation 187

7.1 Assign Message .................................................................................................................... 188

7.2 Extract Variables ................................................................................................................. 195

7.3 JSON to XML .......................................................................................................................... 200

7.4 XML to JSON .......................................................................................................................... 205

7.5 Key Value Map Operations ............................................................................................. 208

7.6 Raise Fault .............................................................................................................................. 212

7.7 Service Callout ...................................................................................................................... 214

7.8 Summary ................................................................................................................................. 217

8 Security 219

8.1 Authentication ..................................................................................................................... 220

8.1.1 Verify API Key ......................................................................................................... 220

8.1.2 OAuth ....................................................................................................................... 222

11

Contents

8.1.3 Basic Authentication ........................................................................................... 229

8.1.4 SAML ......................................................................................................................... 232

8.2 API Security Threats ............................................................................................................ 241

8.2.1 XML Threat Protection ........................................................................................ 241

8.2.2 JSON Threat Protection ...................................................................................... 246

8.3 Summary ................................................................................................................................. 248

9 Monetizing APIs with API Products 251

9.1 Create API Products and Rate Plans ............................................................................ 252

9.1.1 API Products ............................................................................................................ 252

9.1.2 Create a Rate Plan ................................................................................................ 257

9.1.3 Subscribe to API Products .................................................................................. 261

9.2 View Bills ................................................................................................................................. 263

9.3 Summary ................................................................................................................................. 265

PART III Consuming APIs and API Analytics

10 Consuming APIs 269

10.1 Building SAP Fiori Applications with SAP Web IDE ............................................... 270

10.1.1 Prerequisites ........................................................................................................... 270

10.1.2 Develop Your API ................................................................................................... 271

10.1.3 Build Your Application ........................................................................................ 277

10.2 Building Native Applications with SAP Cloud Platform Mobile Services ... 290

10.2.1 Prerequisites ........................................................................................................... 290

10.2.2 Develop Your API ................................................................................................... 291

10.2.3 Build Your Application ........................................................................................ 295

10.3 Generating Integration Flows from APIs in SAP Cloud Platform

Integration .............................................................................................................................. 305

10.4 Summary ................................................................................................................................. 309

Contents

12

11 API Analytics 311

11.1 Analyzing API Consumption ........................................................................................... 312

11.1.1 Performance Analysis ......................................................................................... 312

11.1.2 Error Analysis ......................................................................................................... 313

11.2 Developing Custom Charts ............................................................................................. 315

11.3 Statistics Collector Policy ................................................................................................. 317

11.4 Analytics on Cloud Foundry ............................................................................................ 320

11.5 Summary ................................................................................................................................. 323

PART IV Next Steps

12 API Program 327

12.1 Why an API Program? ........................................................................................................ 328

12.1.1 Govern the API Sprawl ........................................................................................ 328

12.1.2 Build the Right API through Business Alignment ...................................... 329

12.1.3 Developer Ecosystem Engagement ............................................................... 329

12.2 Best Practices for Setting Up an API Program ........................................................ 330

12.2.1 Develop an API Program .................................................................................... 330

12.2.2 Use an API Platform ............................................................................................ 332

12.3 API Products and the API Product Manager ............................................................ 333

12.3.1 API Products ........................................................................................................... 334

12.3.2 Role of the API Product Manager .................................................................... 335

12.4 SAP’s API Program: A Case Study ................................................................................. 336

12.4.1 API Portfolio Management ............................................................................... 337

12.4.2 The API Makers Community ............................................................................. 337

12.4.3 SAP API Business Hub ......................................................................................... 338

12.4.4 Best Practices and Accelerators ....................................................................... 338

12.5 SAP API Business Hub ........................................................................................................ 339

12.5.1 API Catalog ............................................................................................................. 340

12.5.2 API Sandbox ........................................................................................................... 341

13

Contents

12.5.3 Integration Accelerators ..................................................................................... 342

12.5.4 Tools Integration for App Developers ............................................................ 343

12.6 Summary ................................................................................................................................. 344

13 Recent and Future Developments 345

13.1 Recent Innovations ............................................................................................................. 345

13.1.1 Customize the Developer Portal for Developer Engagement ................ 346

13.1.2 API Health and Advanced Analytics ............................................................... 347

13.1.3 Manage Third-Party APIs with Open Connectors ...................................... 348

13.1.4 Custom Attributes for Dynamic Policy Enforcement ............................... 349

13.1.5 Native Support for JSON Web Tokens ........................................................... 350

13.2 Future Roadmap ................................................................................................................... 351

13.2.1 Multicloud API Management ........................................................................... 351

13.2.2 Support for Hybrid Deployment ...................................................................... 352

13.2.3 Continuous Improvement in API Lifecycle Management ....................... 352

13.3 Summary ................................................................................................................................. 354

The Authors ........................................................................................................................................... 355

Index ........................................................................................................................................................ 357

357

Index

A

Access control ........................................................ 158

configure ............................................................. 169

policy example .................................................. 169

predefined coding ............................................ 158

Access entity ........................................................... 161

Admins ......................................................................... 41

Amazon Web Services (AWS) ................. 311, 321

Analytics ... 35, 41, 47, 66, 93, 116, 311, 332, 339

advanced ................................................... 320, 347

charts .................................................................... 315

Cloud Foundry ................................................... 320

consumption ...................................................... 312

dashboard ........................................................... 312

errors ..................................................................... 313

my workspace .................................................... 100

statistics collector ............................................ 317

usage ........................................................................ 38

API catalog .............................................. 37, 339, 340

API designer ...... 36, 40, 47, 65, 67, 124, 136, 332

access ............................................................. 68, 125

best practices ..................................................... 338

edit existing API ................................................... 70

file menu ................................................................. 71

generate server menu ........................................ 74

help menu .............................................................. 74

JSON editor ............................................................ 71

preferences menu ................................................ 72

settings .................................................................... 73

API gateway ................................... 48, 102, 332, 352

API Makers Community .................................... 337

API packages ........................................................... 341

API platforms ......................................................... 332

API portal ..................................... 46, 65, 66, 75, 131

access ....................................................................... 54

access API designer ............................................ 69

advanced analytics ......................................... 321

analytics ....................................................... 38, 312

analyze page ......................................................... 93

API products ....................................................... 252

bills ......................................................................... 264

API packages (Cont.)

configure page ..................................................... 88

custom view ....................................................... 316

develop page ......................................................... 80

discover ................................................................ 348

discover page ........................................................ 76

edit ............................................................................ 83

error view ............................................................ 314

import ................................................................... 134

key value maps ................................................. 208

monetize page ...................................................... 90

performance view ............................................ 312

resources page ..................................................... 83


test page ................................................................. 93

API products ............................................. 39, 80, 251

add rate plan ..................................................... 260

API program ...................................................... 333

assign custom role .......................................... 256

characteristics ................................................... 334

create ........................................................... 113, 252

custom attributes ............................................ 254

lifecycle phases ................................................. 335

permissions ........................................................ 256

publish ......................................................... 115, 261

subscribe .............................................................. 261

API programs ................................................... 24, 327

analytics .............................................................. 312

benefits ................................................................. 328

best practices ............................................ 330, 338

case study ........................................................... 336

checklist ............................................................... 331

collaboration ..................................................... 330

components ....................................................... 336

develop ................................................................. 330

governance function ...................................... 329

manager .............................................................. 331

personas ................................................................. 41

SAP ......................................................................... 336

API providers ................................................... 47, 126

access ....................................................................... 88

authentication .................................................. 105

Index

358

API providers (Cont.)

catalog service settings ........................ 105, 132

create ........................................ 103, 127, 131, 271

discover ................................................................ 134

ES5 ............................................................................. 56

find services .......................................................... 57

import .................................................................. 134

internet connection ........................................ 104

on-premise .......................................................... 127

open connector ................................................. 348

service callout ................................................... 216

test connection ................................................. 106

types ...................................................................... 127

API proxies ................................................... 46, 52, 65

add to product .................................................. 115

apply policy ........................................................... 59

create ............................................................. 54, 106

deploy ...................................................................... 61

export .......................................................... 135, 172

import .................................................................. 134

issue tokens ........................................................ 222

logic .......................................................................... 90

manage ................................................................... 58

overview .............................................................. 108

prerequisites ......................................................... 53

resources ............................................................. 108

setup ........................................................................ 53

ZIP bundles ......................................................... 175

API sandbox ......................................... 338, 339, 341

test ......................................................................... 292

API-first approach ................................................... 40

Application developers ......................................... 42

Application key ..................................................... 222

Application programming interfaces (APIs)

access schemes .................................................... 33

add resilience ..................................................... 150

admins .................................................................... 41

analytics ....................................................... 35, 311

basics ....................................................................... 23

composite .............................................................. 34

consumption ............................................ 269, 312

copy ....................................................................... 273

definition ................................................................ 24

develop ..................................... 123, 135, 271, 291

developer ................................................................ 41

digital building blocks ...................................... 28

Application programming interfaces (APIs) (Cont.)

expose ..................................................................... 95

external .................................................................. 33

food industry ........................................................ 49

governance ........................................................... 36

harmonize ........................................................... 329

health ......................................... 38, 116, 321, 347

health care ............................................................ 50

high-tech ................................................................ 51

internal ................................................................... 33

key .......................................................................... 110

layer .................................................................. 29, 33

lifecycle ................................................... 39, 63, 103

manage ......................................................... 33, 153

monetization ....................................................... 32

monetize .............................................................. 251

overview ................................................................. 81

pharmaceuticals ................................................. 52

product managers .............................................. 42

real-time interaction ......................................... 30

retail ........................................................................ 49

security ................................................................... 34

single source of truth ........................................ 31

sprawl ............................................................. 36, 328

third-party ........................................................... 348

traffic ....................................................................... 35

try out ..................................................................... 82

usage .............................................................. 38, 322

usage policy ........................................................ 331

use case .............................................. 29, 30, 31, 32

utilities .................................................................... 51

Applications .............................................................. 80

analytics ............................................................... 100

build ............................................................. 277, 295

create ..................................................................... 262

design .................................................................... 283

generate project ................................................ 279

manage .................................................................. 99

native .................................................................... 290

run .......................................................................... 288

Architecture .............................................................. 45

Array handling ....................................................... 204

Artifacts ....................................................................... 78

Artificial intelligence (AI) ................................... 353

Assign message ............................................ 161, 188

add values ........................................................... 194

apply ...................................................................... 293

359

Index

Assign message (Cont.)

assign variables ................................................ 194

code editor .......................................................... 293

configure ............................................................. 189

copy ....................................................................... 191

remove ........................................................ 189, 190

service callout .................................................... 215

set values ............................................................. 192

Authentication ...................................................... 220

Auto scaling ............................................................... 35

Auto-complete .......................................................... 72

B

Base64 ............................................................. 163, 229

Basic authentication ......................... 163, 228, 229

connect to server .............................................. 231

parse ...................................................................... 230

user name and password .............................. 232

Bills ............................................................... 90, 92, 263

view data ............................................................. 264

Bi-modal IT .............................................................. 327

Blacklisting .................................................... 168, 169

Bounded queue ..................................................... 152

Business alignment ............................................. 329

Business collaborations ........................................ 30

Business partners ................................................. 288

Business-to-business (B2B) ........................... 27, 30

C

Caching ..................................................................... 159

Certificates ........................................................... 88, 89

create ....................................................................... 89

Circuit breaker ....................................................... 151

Client secret ............................................................ 227

Cloud connector ................................... 43, 128, 295

Cloud Foundry ............................. 40, 143, 144, 311

analytics .............................................................. 320

route service ....................................................... 147

service brokers ............................................ 41, 147

Coaches ........................................................... 332, 333

Code editor ................................................................. 60

Command line interface (CLI) .......................... 353

Command line tool .............................................. 147

Commodities ............................................................. 26

Company dashboard ........................................... 323

Composite API .......................................................... 34

Concurrent rate limit .......................... 35, 159, 170

add ......................................................................... 172

flows ...................................................................... 171

policy example .................................................. 170

view ....................................................................... 176

Condition string .................................................... 155

Consumption ...................................... 125, 269, 312

Continuous delivery (CD) .................................. 353

Continuous integration (CI) ............................. 353

Copy .............................................................................. 84

Custom attributes ............................. 225, 254, 349

create .................................................................... 254

Custom charts ........................................................ 315

create .................................................................... 315

measures and dimensions ........................... 317

Custom request ..................................................... 191

Customer 360-degree view .................................. 31

Customer developers .......................................... 338

D

Debugging ........................................ 87, 94, 117, 255

Deletion ....................................................................... 87

Deployment ..................................................... 87, 113

Deprecation policy .................................................. 37

Design ....................................................................... 123

Design phase ............................................... 40, 64, 65

Design thinking ..................................................... 331

Destinations

add ......................................................................... 297

additional properties ..................................... 296

create .................................................................... 295

developer portal ............................................... 282

import ................................................................... 277

Detail.controller.js file ........................................ 285

Detail.View.xml file ............................................. 284

details.xml file ....................................................... 285

DetailsView.xml file ............................................ 287

Develop phase ............................................. 40, 64, 65

Developer engagement ...................................... 346

Developer portal ................................. 34, 41, 67, 95

access ....................................................................... 54

applications ....................................................... 101

customize ............................................................ 346

Index

360

Developer portal (Cont.)

destination ......................................................... 282

home page ............................................................. 96

manage page ........................................................ 98

my workspace page ........................................... 99

published products .......................................... 277

self-registration ................................................... 99

subscribe to a product ............................ 97, 261

test console page ............................................. 101

view bills .............................................................. 263

Developers .......................................................... 41, 95

ecosystem engagement ................................. 329

types ...................................................................... 338

Development ................................................ 123, 135

methodology ..................................................... 123

Digital apps ................................................................ 29

Digital businesses ...................................... 24, 27, 33

Digital enterprise ..................................................... 23

Discovery ............................................ 37, 56, 76, 353

business partner resource ............................ 275

copy ....................................................................... 273

HERE Maps ......................................................... 271

sales order ........................................................... 292

Documentation ....................................... 58, 83, 334

Dynamic policy enforcement ......................... 349

E

eCommerce ................................................................ 32

Edge caching .............................................................. 36

Electronic data interchange (EDI) ..................... 30

Email configuration ............................................... 98

Engage phase ............................................... 41, 65, 66

Enterprise API layer ................................................ 33

Environments ........................................................ 342

Error analysis ...................................... 100, 263, 313

information ........................................................ 314

Errors ......................................................................... 116

Experience data ........................................................ 26

Experience economy ............................................. 25

Exporting .................................................................... 87

Extensible Stylesheet Language

Transformations (XSLT) ................................ 162

Extension ................................................................. 164

Extract variables .......................................... 162, 195

configure .............................................................. 196

headers ................................................................. 196

JSON payload ..................................................... 198

query parameters ............................................. 197

URI .......................................................................... 197

XML payload ...................................................... 199

F

FaultRule flow ......................................................... 172

Flow variables ......................................................... 194

Flows ................................................ 86, 110, 153, 154

Food services ............................................................. 49

G

Governance ............................................................... 36

API programs ..................................................... 328

H

Health ................................................................. 38, 321

Health care ................................................................. 50

HERE Maps ............................................................... 271

Heterogenous IT landscapes .............................. 28

High-tech .................................................................... 51

Hybrid deployment .............................................. 352

Hybrid IT landscapes ............................................. 28

I

Implementation .................................................... 124

index.html file ........................................................ 283

index.js file ............................................................... 143

Innovations ............................................................. 345

Integration accelerators ........................... 339, 342

Integration flows ................................................... 305

details .................................................................... 307

generate ..................................................... 305, 306

view ........................................................................ 309

Intelligent enterprise ............................................. 25

Internal application developers ...................... 338

Invalidate cache ..................................................... 160

361

Index

J

JAR files ..................................................................... 236

create .................................................................... 237

Java ............................................................................. 148

JavaScript ................................................................. 165

JavaScript Object Notation (JSON)

array ...................................................................... 204

convert to XML .................................................. 200

files ............................................................................ 72

read ........................................................................ 198

threat protection ........................... 163, 246, 247

vulnerabilities .................................................... 246

JSON to XML ...................... 162, 200, 201, 203, 204

options ................................................................. 202

JSON Web Tokens (JWTs) .................................... 350

K

Key store ................................................................... 239

Key value map operations ............. 208, 209, 231

update and delete ............................................ 211

Key value maps .............................. 88, 90, 162, 208

backend credentials ........................................ 210

configure ............................................................. 208

create .................................................................... 208

Key verification ........................................... 109, 110

L

Lifecycle management ......................... 39, 63, 103

improvements ................................................... 352

personas ................................................................. 41

phases ..................................................... 40, 64, 123

Live rendering ........................................................... 72

Lookup cache .......................................................... 160

M

Machine learning .................................................. 353

Manage phase ............................................ 40, 64, 66

Managed file transfer (MFT) ................................ 30

manifest.yaml file ................................................. 144

Match rules .............................................................. 169

Mediation ................................................................ 187

overview .............................................................. 160

Message logging .................................................... 165

Message validation ........................... 165, 241, 242

Meter and monetize phase ... 39, 41, 64, 66, 118

Methods ...................................................................... 82

Microservices ......................................... 47, 136, 150

bind ........................................................................ 147

create .................................................................... 136

create an instance ........................................... 145

create binding ................................................... 144

deploy application .......................................... 143

extend generated code .................................. 143

generate project ............................................... 142

generate server ................................................. 142

Microsoft Excel ...................................................... 311

Mobile apps ............................................................. 290

create .................................................................... 296

emulate ................................................................ 304

Mobile cards ........................................................... 296

configure ............................................................. 298

create .................................................................... 297

data mapping .................................................... 303

editor .................................................................... 299

emulator .............................................................. 304

register ........................................................ 297, 304

templates ................................................... 299, 302

Monetization ..................... 31, 39, 41, 90, 118, 251

Monitoring .............................................................. 116

Multicloud management .................................. 351

N

Namespace handling .......................................... 203

Native applications .............................................. 290

build ...................................................................... 295

Neo ...................................................................... 52, 144

connect ................................................................ 147

O

OAuth ............................................................... 163, 222

attributes ............................................................ 225

call token ............................................................. 214

client ID ................................................................ 227

Index

362

OAuth (Cont.)

client secret ........................................................ 227

deploy token issuer ......................................... 225

enforce ................................................................. 227

external token issuer ...................................... 225

generate access token ........................... 222, 223

get access token ............................................... 227

read access token ............................................. 196

remove access token ....................................... 189

SAML ..................................................................... 241

verify access token .......................................... 226

OData ......................................................................... 181

discover service .................................................... 56

OData APIs ....................................................... 43, 126

Omni-channel experience ................................... 31

Open connectors .................................................. 348

OpenAPI editor ............................................. 124, 137

OpenAPI Specification ................. 40, 47, 124, 136

3.0 .......................................................................... 353

GitHub ..................................................................... 74

Operational data ...................................................... 26

Operations .................................................................. 83

Outcome-based business model ....................... 27

Overview page .......................................................... 81

P

Partner ecosystem developers ........................ 338

Path prefix .................................................................. 83

Pending requests ..................................................... 98

Performance analysis ...................... 100, 263, 312

information ........................................................ 312

Permissions ............................................................ 256

Pharmaceuticals ...................................................... 52

Plan phase ........................................................ 40, 124

Policies ....................... 46, 58, 84, 86, 153, 154, 293

assign message ................................................. 188

basic authentication ...................................... 229

concurrent rate limit ...................................... 170

extension .................................................... 165, 318

extract variables .............................................. 195

import .................................................................. 275

JSON threat protection .................................. 246

JSON to XML ...................................................... 200

key value map operations ............................ 208

mediation .................................................. 161, 187

Policies (Cont.)

message validation ......................................... 241

OAuth .................................................................... 222

predefined ............................................................ 110

process .................................................................. 156

quota ....................................................... 59, 60, 177

raise fault ............................................................. 212

response cache .................................................. 181

SAML ...................................................................... 232

security ....................................................... 163, 219

service callout .................................................... 214

spike arrest .......................................................... 184


threats ................................................................... 241

traffic management .............................. 158, 167

verify API key ............................................ 110, 220

XML threat protection .................................... 244

XML to JSON ....................................................... 205

Policy designer ......................................... 46, 58, 176

Policy editor ....................................... 65, 66, 86, 109

access control ..................................................... 168

assign message .................................................. 293

auto-complete ................................................... 113

basics ..................................................................... 153

components ........................................................ 154

mediation ............................................................ 188

navigate ................................................................. 59

OAuth .................................................................... 224

security ................................................................. 219

security threats .................................................. 242

Policy templates ............................................. 80, 154

apply ............................................................ 157, 276

copy ........................................................................ 275

create ..................................................................... 156

Populate cache ....................................................... 160

Portfolio management ....................................... 337

Postflow ............................................................. 58, 154

Postman ...................................................................... 94

Preflow ........................................ 58, 60, 86, 110, 154

Privacy-enhanced mail (PEM) .......................... 236

Product managers ...................... 42, 333, 335, 347

responsibilities ................................................... 332

Product-centric thinking ................................... 333

Program managers ..................................... 333, 335

Proxy endpoint ......................... 46, 60, 81, 86, 153

segment request .................................................. 58

363

Index

Proxy endpoint (Cont.)

segment response ............................................... 59

spike arrest ......................................................... 160

Python script .......................................................... 165

Q

QR codes ................................................................... 305

Quotas ............................................... 35, 59, 160, 177

configure ............................................................. 178

dynamic settings .............................................. 180

fixed duration .................................................... 178

per application developer ............................. 179

per client application ..................................... 178

restrict access ....................................................... 61

R

Raise fault ............................................. 162, 212, 213

Rate plans ..................................................... 66, 90, 92

create .......................................................... 257, 258

parameters ......................................................... 258

tiered ..................................................................... 259

types ...................................................................... 257

Real-time interactions ........................................... 30

Real-world scenarios .............................................. 48

Registered users ....................................................... 98

Regular expression protection ........................ 164

Representational State Transfer (REST) ....... 340

convert ................................................................. 193

Request and response cycle ................................. 58

Resilience ................................................................. 150

Resources ................................................... 81, 83, 108

add ......................................................................... 130

edit ............................................................................ 83

Response cache ............................................ 159, 181

configure ............................................................. 182

fixed duration .................................................... 182

invalidation of data ........................................ 183

specific time ....................................................... 183

RESTful API Modeling Language (RAML) ...... 40,

65

Retail ............................................................................. 48

Retry ........................................................................... 151

Roadmap .................................................................. 351

Roles .................................................................. 333, 335

custom ................................................................. 256

responsibilities .................................................. 331

user ........................................................................ 256

Runtime ....................................................................... 48

S

Sales order ............................................................... 272

discover ................................................................ 292

mobile apps ........................................................ 304

Sales Order—Create, Read, Update, Delete

(A2X) ..................................................................... 291

Sample applications ............................................ 334

SAP Analytics Cloud ............................................ 311

SAP API Business Hub ....... 46, 77, 148, 271, 292,

338, 339

analytics .............................................................. 339

catalog ................................................................. 340

code snippets ..................................................... 343

components ....................................................... 339

discover ................................................................ 272

integration ......................................................... 306

integration packages ..................................... 342

SAP API Management ........................... 33, 45, 332

access ....................................................................... 33

analytics ....................................................... 38, 311

components .......................................................... 67

definition ................................................................ 24

enable ...................................................................... 54

governance ............................................................ 36

innovations ........................................................ 345

integration ......................................................... 269

landscape integration ....................................... 42

lifecycle ................................................................... 39

monetization ........................................................ 39

traffic management .......................................... 35

SAP Cloud Application Programming

Model .................................................................... 150

SAP Cloud Platform ................... 24, 29, 40, 46, 52,

125, 352

trial account ........................................ 53, 67, 128

SAP Cloud Platform API Management ............ 24

SAP Cloud Platform Connectivity ......... 127, 129

SAP Cloud Platform Integration ........... 127, 305,

340, 343

use cases .............................................................. 306

Index

364

SAP Cloud Platform Mobile Services .... 46, 290,

296, 298, 340

enable ................................................................... 290

SDK ........................................................................ 343

SAP Cloud Platform Open Connectors ........... 43

SAP Enterprise Architecture Designer ............ 40

SAP Fiori apps ........................................................ 270

build ............................................................. 270, 277

design ................................................................... 283

run ......................................................................... 288

SAP Gateway ................... 43, 53, 58, 105, 130, 275

SAP HANA ............................................................ 38, 43

SAP Leonardo Machine Learning

Foundation ............................................................ 77

SAP Mobile Cards ............................... 296, 297, 298

SAP S/4HANA ................................................ 127, 150

SAP S/4HANA Cloud ............................................ 291

package ............................................................... 292

SAP Subscription Billing ....................................... 39

SAP Web IDE ........................ 46, 270, 277, 340, 343

enable ................................................................... 270

open ...................................................................... 280

project .................................................................. 281

Scenario-driven API design

methodology ............................................ 329, 335

Schema repository .................................................. 36

Scripts ............................................................... 154, 155

Secure Sockets Layer (SSL) ................................... 89

Security ..................................................... 34, 109, 219

overview .............................................................. 162

threats .................................................................. 241

Security Assertion Markup Language

(SAML) ......................................................... 164, 232

audience .............................................................. 241

generate assertion .................................. 236, 238

validate assertion ................................... 232, 234

Server stubs ............................................................... 74

Node.js ..................................................................... 74

Service callout ............................ 166, 195, 214, 215

API local target connection ......................... 216

API providers ..................................................... 216

Service-level agreements (SLAs) ..................... 321

Services economy ................................................... 26

Shed load .................................................................. 151

Simple Object Access Protocol (SOAP) ......... 125

create request .................................................... 197

request message ............................................... 193

Single source of truth ............................................ 31

Software development kits (SDKs) ...... 148, 334,

353

download ............................................................. 149

generate ............................................................... 148

SourceAddress mask ............................................ 159

Spike arrest ............................................. 35, 160, 184

configure .............................................................. 185

per minute ........................................................... 185

per second ........................................................... 186

Statistics collector ....................................... 166, 317

code editor .......................................................... 319

create ..................................................................... 318

Style guidelines ........................................................ 36

Subscription .................................................. 261, 334

Subscription-based model .................................. 31

Swagger .............................................................. 65, 124

swagger.yaml file ................................................... 143

T

Target endpoint ....................................... 46, 81, 171

response ............................................................... 171

segment request .................................................. 58

segment response ............................................... 59

spike arrest .......................................................... 160

Template customization .................................... 282

Test ................................................................................ 93

Test console ........................... 93, 96, 101, 125, 264

Testing ............................................................. 124, 274

Third-party APIs ..................................................... 348

Throttling ................................................................... 35

Tiered rate plans .......................................... 257, 259

Tools integration ................................................... 343

Traffic management ..................................... 35, 167

overview ............................................................... 158

Trust store ............................................ 132, 234, 235

Twilio ............................................................................ 32

U

Unit isolation .......................................................... 151

Usage .......................................................................... 322

Utilities ........................................................................ 50

365

Index

V

Variable string substitution ............................. 192

Verification key ..................................................... 253

Verify API key ............................ 164, 179, 220, 257

enforce .................................................................. 221

VerifyJWT policy .................................................... 350

Versioning .................................................................. 37

Virtual hosts .............................................................. 33

W

Whitelisting ................................................... 168, 169

X

X509 certificates .......................................... 232, 236

private keys ........................................................ 236

upload .................................................................. 233

XML

convert to JSON ................................................ 205

namespaces ........................................................ 202

read ....................................................................... 199

threat protection ........................... 241, 244, 245

transform ............................................................ 162

vulnerabilities ................................................... 241

XML schema definition (XSD) ......................... 241

configure ............................................................. 242

import ................................................................... 242

XML threat protection ........................................ 164

XML to JSON ........................................ 162, 205, 206

options ................................................................. 207

Y

YAML files ......................................................... 72, 137

First-hand knowledge.

Carsten Bönnen, Harsh Jegadeesan, Divya Mary, Shilpa Vij

SAP API Management365 Pages, 2020, $79.95 ISBN 978-1-4932-1860-8

www.sap-press.com/4928

We hope you have enjoyed this reading sample. You may recommend or pass it on to others, but only in its entirety, including all pages. This reading sample and all its parts are protected by copyright law. All usa-ge and exploitation rights are reserved by the author and the publisher.

Carsten Bönnen works for SAP SE within the strategic product management for SAP Cloud Platform. He received his MA in com-puter linguistics and artificial intelligence in Germany in 2001 and started working at SAP that same year. Initially a Java developer and trainer, he soon became a consultant and led strategic pro-

jects in the then-new field of enterprise portals. Since 2002, he has worked as a product manager for SAP NetWeaver Portal, SAP NetWeaver Visual Compo-ser, SAP Gateway, and SAP API Management. For another four years, he has worked as director for technology strategy for the Strategic Alliance Manage-ment at Microsoft.

Shilpa Vij is a product manager for SAP’s integration platform. She started her professional journey at Tata Consultancy Services Pvt Ltd as a C++ developer. She received her bachelor’s degree in electronics and communication engineering in 2007, and then worked towards being a business analyst, pursuing her passion

for client interfacing and consultancy roles. Shilpa has spent almost a decade at SAP Labs India, where she has been a seasoned cloud engineering expert, program lead, product expert, and now works as a product manager.

Harsh Jegadeesan i s the vice president and head of product management for SAP´s integration and API platform. Harsh helps enterprises craft and execute their digital strategies by accelera-ting integration and opening up to real-time digital interactions

with APIs. Harsh was instrumental in establishing SAP´s own global API pro-gram and the SAP API Business Hub—a marketplace for enterprise APIs.

Divya Mary works for SAP SE within the product management team for SAP Cloud Platform Integration. She has worked at SAP for more than 14 years. Before starting at SAP, Divya received her bachelor’s in technology in electronics and telecommunications in India.

https://www.sap-press.com/sap-api-management_4928/?utm_source=AWS&utm_medium=readingsample&utm_campaign=Browse%20the%20Book&utm_content=1860

Browse the Book - Cloud Object Storage · SAP Cloud Platform Mobile Services API Product Manager...

Documents

Transcript of Browse the Book - Cloud Object Storage · SAP Cloud Platform Mobile Services API Product Manager...