Solved: How to Store API Tokens in SAP ABAP?

javier_alonso · 2 weeks ago

I am consuming a REST API directly in SAP. The API uses oAuth athorization, however, I cannot use the oAuth 2.0 Client AS ABAP because the API only supports password Grant Type, which is not supported by the oAuth Client as far as I know.

Due to that fact, I am implementing the API calls via HTTP Destinations (SM59) to securely store the Client ID and Client Secret. Now I would like to handle the token expiration time to avoid generating a new token for each API call.
I don't really know how to store the Bearer Token in a safely way. I was thinking about a Database Table with the token (encoded in some way) and the VALID FROM - VALID TO timestamps.

I would like to know if there is an standard or better approach.

thomas_mller13

That depeds on what you mean by safely. Endusers shouldn't have the possibility to access the DB. If that is safe enough, you can store the file in the DB. I am doing this with the MS Azure keys and I have seen that at SAP in that way too. Otherwise it is difficult or not possible, because every encryption needs a key. And the key has again to be stored somewhere.

How to Store API Tokens in SAP ABAP?

Report Center - Run a report on the users accessin...

Re: Hana express downloader Options not showing

Re: Read a JMS queue with a timer event

Re: Unable to list or upload data to SAP ObjectSto...

Re: Analytic Model ODATA