Now that the portal is functional, we can provide an onboarding experience for users who browse the API catalog and want to gain access. With SAP Build Process Automation, we'll receive an inbound API request from the low-code portal, and initiate an approval request for a portal administrator. Once access is granted, the developer will automatically be registered with the Business Hub Enterprise and assigned roles. It can be further extended to provision an application and API Key if desired.
-
Access the Application Development by selecting SAP Build Process Automation from your SAP BTP cockpit under Instances and Subscriptions.
-
Create a process and configure API trigger:
- Import the process from the provided mtar.
- Open the process and ensure that there are no errors or warnings in the designer.
- Update the Recipients property by typing your account email address into the Users field. Delete the btp-admin entry which is provided as part of a sample integration with SAP Cloud Identity Authentication Service for a future mission scope.
-
Implement the actions project and destination for outbound API calls:
- Create an SAP BTP destination from the provided template and ensure the correct properties are set. See: Manage Destinations.
- Add the destination in the Settings section of the SAP Build Process Automation lobby. See: Configure BTP Destinations in SAP Process Automation .
- Download and import the provided API Proxy and configure the Target EndPoint and Cloud Foundry policy to use the client credentials of your Developer Portal admin instance. Client credentials are maintained in the config.js script. This is a simplified version of the API Business Hub Enterprise - Registering Users scoped for the POST operation.
- You should secure this proxy and destination with similar BasicAuth and Verify API Key policies as in the previous example. They are omitted here for convenience.
-
Configure API proxies for action handling:
- Import the provided API proxy to your instance of SAP API Management.
- Update the Target EndPoint URL to match your environment.
- You can apply similar Basic Authentication and/or API Key verification to protect the endpoint but the provided policy does not contain them.
- Configure the Client ID, Client Secret (maintained in config.js like the previous step), and Token endpoint properties in the policy from the values in the SAP Build Process Automation service key you saved previously. Make sure the XSUAA URL contains the /oath/token suffix.
- If you added security to the Workflow Instance API, add the v1_workflow-instances method to the Guest Access API Product you created earlier. If you experience any problems, try recreating the system application from the previous step.
-
Release process and retrieve definition id
- Release and deploy the process, selecting the newly configured destination at deploy time.
- Retrieve the definition id of the newly released process for use in the developer portal. This can be done either through the SAP Build Process Automation lobby under Monitor > Manage > Processes and Workflows or through the Workflow definitions API.
