SAP API Management

Technical Presentation
Sven Huberti, Senior Solution Specialist

INTERNAL
Agenda

Topic Slide
Overview 3
Personas 6
Features and Functions 9
Components 19
Architecture 29
Additional Information 38

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 2

Public
Overview
SAP Cloud Platform
API Management
SAP Cloud Platform API management provides simple, scalable and secure access to digital assets through application
programming interfaces (APIs) and enables developer communities to consume these.

Key capabilities
Ÿ Unified standards-based API access of REST/OData or SOAP
services
Ÿ Enterprise Grade Security for the APIs against attacks like DoS,
CSRF, XSS etc. and robust traffic management
Ÿ Real-time insights & analytics on the APIs traffic, usage, error
reporting and monitoring
Ÿ Developer services to enable developers to try, subscribe, use
and manage API consumption

Benefits
Ÿ Platform for engaging with and enabling employees and
developers - internal and external

Read more: SAP Cloud Platform API management

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 4

Public
 SAP API Management
Typical use cases

Partners Customers

1. Enterprise-wide governance and

security for REST APIs
API Management
2. Omni-channel experience for
customers and employees

3. Low-touch Open Integrations with

partners, suppliers and
marketplaces Backends

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 5

Public
 Highlights

§ Best of breed engine with streamlined admin and

developer experience in SAP Cloud Platform
§ Increased productivity with to OData
§ Agnostic REST/OData or SOAP services management
§ Enterprise Grade Security for the APIs against attacks
like DoS, CSRF, XSS etc. and robust traffic management
§ Secure connection to on-premise systems with Cloud
connector
§ Integration with SAP Cloud Platform services such as
SAP API Business Hub, mobile service, WebIDE,
Leonardo IoT etc.
§ Platform for engaging with, and enabling employees and
developers – internal and external
§ Real-time insights & analytics on the APIs traffic, usage,
error reporting and monitoring
Read more: SAP Cloud Platform, API management

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 6

Public
Personas and interactions
Personas and interactions

SAP API
Management
Cloud Service
Consume API Gateway

Apps ( Mobile, Web,

Devices…)

Engage Developer Portal

Application Developer
SOAP/REST/OData APIs,
Microservices, Database
Data Integration,
Manage, Meter, Monetize API Portal

API Admin, Owner

Design, Implement API Designer

API Developer Backend

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 8

Public
Full lifecycle API Management with SAP
Apps and digital interactions
powered by APIs
Mobile apps Marketplaces Partners Devices and Things

APIs as digital
App building blocks
Marketplace for enterprise APIs API Business Hub WebIDE
Developers Mobile
App Search, discover, test and subscribe to the right APIs Developer Portal
Developers Services
Analyze and
Design Implement Manage Engage
Monetize

API Designer App Services API Portal

Design easy to Integration

use APIs Service API Gateway
API Product
API Manager Persistence Secure, govern, document and publish APIs
Content
Services
Team Publishers
Analyze and gain insights
Messaging
Service
On-premises
Implement highly scalable APIs and
middleware
microservices using platform services
Cloud
API Developer Connector

Backends On-premises | SaaS apps | PaaS

Data Devices and Things Processes
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 9
Public
Features and functions
API Portal: API Designer

Design-first approach

- OpenAPI support

- Import your APIs from:

- RAML
- Odata

- Generate Server Stubs

- NodeJS
- JAX-RS
- Spring

- Generate API in API Management

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 11

Public
API Portal: Proxies

Hide internal information and add specific behavior

SAP API
Backend
Management

Mobile apps

API Implementation API Proxy

Host: myserver Host: mydomain.com

Port: 443 Port: 80
URL: /myTechnicalAPI URL: /v1/myAPIs/ Marketplaces

GET/PUT/POST/DEL GET/PUT

Partners

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 12

Public
API Portal: configure the runtime of the API

Security API mediation

Traffic
Management Coding

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 13

Public
API Portal: re-use configurations through templates

Package and reuse existing policy sets

Policy Templates API Proxy

Custom Template
Customer Tenant Policy 1 Policy 2 Policy 3

Template
Policy 1 Policy 2 Policy 3 Policy 4
System Template
Policy 1 Policy 2 Policy 3
Copy

API Business Hub

Functional Template
Policy 1 Policy 2 Policy 3

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 14

Public
API Portal: Security on all levels

Threat protection

Authentication
and authorization

Role-based
access control

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 15

Public
 API Portal – Developer Portal: publish APIs

Developer Documentation API Subscription

self-registration and testing

Secure Self-register
Bundle Browse
Publish Test
Subscribe Developer
API Owner

Developer Portal

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 16

Public
API Portal – Developer Portal: integrated API key

Track developer and application API usage through the API Key

Aggregate and present

4 analytical data
API Product
Manager
API Portal

API Product
Admin

Systems 3rd party

backend

Developer
Web API Gateway
Portal SAP
Apps

Application
Developer Mobile
Devices Cloud

API Key Application API Key Verification

1 Generation 2 Deployment
3
Application and Developer Identification

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 17

Public
API Portal: Analytics

Technical Analysis API Program Analysis Custom Dashboards

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 18

Public
API Management: Monetize

Create flexible rate plans Provide billing to API users

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 19

Public
Additional features

1. Custom Templates
Re-use enterprise-wide API patterns: centralize governance.

2. Pre-defined Policy Templates

Typical operations such as data filtering, CORS, SQL Threat
Protection, URL Masking, error handling, quota, … are available out-
of-the-box from SAP: speed-up configuration.

3. Interpretation of OData metadata

OData metadata interpreted in SAP API Management (Resources,
Documentation, …): speed-up documentation and reduce errors.

4. SAP API Management APIs

Access artifacts and analytical information of SAP API Management
through APIs: automate operations and integration into
monitoring tools.

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 20

Public
A platform approach: integration into SCP
1. SAP Gateway Hub support
Through the „Discovery“ feature: automatic creation of APIs including
documentation and resources for SAP backend integration: reduce
implementation time and errors.

2. OpenAPI (fka. Swagger) support

All SAP APIs are available in the API Business Hub as OpenAPI
artifacts and API proxies can be created from OpenAPI defintion files:
re-use your assets to speed up your API project.

3. CloudFoundry support
Automatic binding of Cloud Foundry applications to API management,
generation of stubs from the API Designer to be deployed directly in
CF: centrally manage your APIs from any platform

4. WebIDE support
Discovery and usage of APIs from the Developer Portal in WebIDE:
simplify your Developer‘s work.

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 21

Public
Components
API Management: Personas and Components

Explores and subscribes to APIs

Builds Applications
Application Developer Portal
Application
Developers

Subscribe

Groups APIs into Products

Analyses usage
API Product API Product
API Product
Bundle
Manager API Portal
Defines abstraction of APIs
Defines API behavior
API Proxy API Proxy API Proxy

API Product
Admin Defines connectivity to Target system
API Providers

Designs, Implements and Deploys APIs SAP Cloud Platform SAP Backend /
Microservices API
Third Party API
Gateway API
API Designer

API
Developer

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 23

Public
 SAP API Management Platform – API Portal

SAP API Management Portal is the main entry-

point for the API Builder / API Owner. From here the
API Owner can:

Ø Create and manage API Providers

Ø Create and manage API Proxies

Ø Create and manage Products

Ø Analyze the usage of APIs

Ø Create and manage rate plans

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 24

Public
 SAP API Management Platform – API Portal – API Provider

System
- Logical representation of a backend

- Not mandatory

- Simplifies management (eg. transport)

- Simplifies discovery

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 25

Public
 SAP API Management Platform – API Portal – API Proxies

Proxy
API
System
- Facade of an existing REST API or SOAP

Proxy
service

API
- API Proxy allows for:
- Hiding internal implementation information
- Versioning
- Security, Traffic Management, Transformation
- Documentation
- Usage analytics
- Technical analytics

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 26

Public
 SAP API Management Platform – API Portal – API Proxies - Policies

Proxy
Policy

API
System
Policy

- Pre-defined, configurable behavior

Proxy
Policy

API
Policy

- Used in the Policy Editor, and positioned on

the request or response

- Preconfigured for:
- Security
- Traffic Management
- Message transformation
- Caching

- Coding can be added through Java Script

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 27

Public
SAP API Management Platform – API Portal – Policy Templates

Proxy
API
System
- Bundle of policies that can be re-used Policy

Policy

Proxy
API
- Can be created and managed individually

- Can be re-used from the SAP API

Business Hub

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 28

Public
 SAP API Management Platform – API Portal – Product

Proxy
Policy

API
System
Policy

- Logical bundle of APIs API Product

Proxy
Policy

API
Policy

- Can be configured with Quota:

- Premium Product with ilimited use
- Standard Product with 1000 API Calls/Month

- Developers subscribe to API Products in the

Developer Portal

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 29

Public
 SAP API Management Platform – API Portal – Rate Plan

Proxy
Policy

API
System
Policy

- Defines charging of API usage API Product Rate Plan

API Product Rate Plan

Proxy
Policy

API
- Basic: Basic charge + X€ per API Call Policy

- Tiered: Basic charge + X€ per Y API Calls

- Is attached to one ore more API products

- API Admin and Developers can see their bills

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 30

Public
API Portal: Monetize

Subscribes to the Rate Plan and Product

Sees billing information Developer Portal
Application Application
Application
Developers

Creates Rate Plans for Monetization

Rate Plans
Views API Usage Analytics
API Product
Manager
API Portal
API Product API Product

API
Views Performance/Error Analytics Analytics
API Product API Proxy API Proxy API Proxy
Admin

API Providers

SAP Cloud Platform SAP Backend /

Microservices API Third Party API Gateway API API Designer

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 31

Public
 SAP API Management Platform – Developer Portal

- main entry-point for the application developer

- Developers self-register and can:

- Discover available products and the API Proxies
which are included,
- Test APIs online,
- Subscribe to an API product by creating an
Application (a represenation of the „real“
application which he will develop),
- Manage his API keys.

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 32

Public
 SAP API Management Platform – Developer Portal – Application

Application
Proxy
Policy

API
System
Policy

- Applications represent an API consumer API Product

Proxy
Policy

API
Policy

- Applications can be Apps, Web applications, …:

it is not relevant.

- Upon subscription, an API key is created

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 33

Public
 SAP API Management Platform – Developer Portal – App Key

Application
Proxy
Policy

API
System
Policy

- Each Application is tied to a Developer through API Product

Proxy
Policy

an API Key: the API key identifies the

API
Policy

Application, and is used primarily for analytics

- It is a best-practice to use API keys

- API keys are managed by the Application

Developers

- API Key is not a security feature!

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 34

Public
Concepts of API Platform for SAP API Management

SAP API
1
Management
1 1
Account
* *
*
User Developer

1 1

* * 1 *
1 * *1 * *
API Provider API Proxy Product Rate Plan Application

1 1
1

App Key
1

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 35

Public
Architecture
SAP API Management – High-Level Architecture

Mobile apps Marketplaces Partners App Developers

API Developer
Gateway Portal API MANAGEMENT
“API CONSUMPTION”
Traffic Developer
Security Mediation Caching Analytics Monetize
Management Engagement

API API API WebService

SOA
Services

SOA
Adapter
“API EXPOSURE”
(EG. SAP PO – SAP CP INTEGRATION)

Backend Backend Backend Backend

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 37

Public
 High-Level Architecture in an SAP Ecosystem
Partner Systems / Web Applications / Apps

REST APIs
API Management

SAP CP Security Traffic Mediation Caching Analytics Developer Monetize

Management Engagement
Odata
HTTP/RFC Provisioning

SAP Cloud Connector

WS/APIs APIs
SOA SAP Gateway Hub

Custom Custom

Adapter WS/API APIs IWBEP IWBEP IWBEP

Backend – no Backend – no Third-party

SAP SAP
On-Premises WS/API WS/API with WS/API
Hana DB SAP

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 38

Public
Fiori apps with SAP API Management and Gateway – Web IDE Integrations

INTERNET Firewall ON-PREMISE

or Business Suite
Discover APIs

Application SAP Web IDE

Developer
Build SAP
Gateway

Secure tunnel

End user Fiori Apps

API Management Cloud Connector

Corporate Identity Provider

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 39

Public
SAP API Management and On Premise connectivity

INTERNET Firewall ON-PREMISE

3rd Party Data

or Business Suite sources

SAP SAP Process

Gateway Integration

Mobile

3rd Party
Secure tunnel Web
Desktop Services
End user
API Management Cloud Connector

Fiori

Corporate Identity Provider

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 40

Public
Additional information
One Platform for Process Integration and API Management
Both covered in SAP Cloud Platform Integration

Functions Process Integration API Management

Data Mapping Complex data mapping Limited
Process Orchestration Exhaustive features, support for EAI Request-Reply pattern, Mash-Up
patterns, persistence capabilities
Adapters and Connectors Exhaustive list SOAP and APIs over HTTP
Scalability Good Built from ground up for high
throughput and low latency
Authentication SAML, Certificates SAML, OAuth
Security WS-Security, Encryption, Decryption, JSON and XML threat-protection,
Signature RegEx threat protection
Message formats Exhaustive list No specific message type, focus on
XML and JSON
Developer Portal No Self-service Portal with API catalog
capabilities
Traffic Management No Exhaustive features

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 47

Public
 Integration? Integration Solution Advisor - Methodology

Integration Domains

Integration Styles and Patterns

Technology Mapping

https://blogs.sap.com/2016/03/04/int203-integration-solution-advisor-methodology-isa-m-sap-teched-lecture-of-the-week/
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 48
Public
CIO Guide
SAP’s Vision for Integrating SAP Applications in Cloud & Hybrid Environments

§ Outlines SAP’s long-term integration strategy

§ Focus on scenarios in the cloud and in hybrid

environments

§ Technology Recommendations
§ Process Integration
§ Data Integration

§ Outlook & future strategy including application

design and integration technology
Published at SAPPHIRE (May 2017)

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 49

Public
More information…

Try it out on SAP Cloud Platform Trial!

https://blogs.sap.com/2016/02/10/how-to-use-sap-api-management-on-hcp-trial/

Enterprise Architecture Explorer:

https://eaexplorer.hana.ondemand.com/_item.html?id=11470#!/overview

Sap.com:
https://www.sap.com/germany/product/technology-platform/api-management.html

Blogs:
https://blogs.sap.com/tags/67838200100800006828/

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 50

Public
Jump Start Service Package for SAP API Management

FAST
3 days hands-on, onsite training workshop to kick-off

RELEVANT
Get a comprensive overview over API Management

PRACTICIAL
Actively work on customer use cases and APIs hands-on

Service Category Description Amount Price per Day SUM

G3 Design Service, Education Service 6 1.625,40 EUR 9.752,40 EUR

© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 51

Public
Thank you!
Sven Huberti
[email protected]