Introduction

The Edge Integration Cell (EIC) is a hybrid solution that is offered with the SAP Integration Suite to enable API-led integration. The hybrid model supports control plane in the BTP while providing the flexibility to the customer to have the runtime deployed on customer’s private cloud / on-premise. The control plane on BTP enables user to design, configure and monitor APIs and Integration Flows. The Edge Integration significantly enhances the API lead Integration capability by providing API management functionalities such as security, traffic management, along with mediation features. Additionally, a new artefact ‘API’ is introduced that can be deployed on EIC runtime and later on the cloud as well 🙂 .

Prerequisites

To enable the API artifact in SAP Integration Suite, there are a few prerequisites that need to be met. The user should subscribe to the Integration Suite application and enable the following:

• Cloud Integration capability
• API Management capability
• Edge Integration cell runtime

After meeting all the prerequisites mentioned above, you will have option to create API artifact. The following section will outline the detailed steps on how to create and deploy an API artifact on Edge Integration Cell.

Creating and deploying your first API Artifact on Edge Integration Cell

Step-by-step Process:

1. Now let’s login to Integration Suite tenant and navigate to Integrations and APIs under Design to create a Content package.

    2. Once the package is created, an API option shall be enabled in the list if all the prerequisites listed in the prerequisites section are met.

      3. There are multiple methods to create an API artifact of type REST, OData, or SOAP. Here are the three supported methods:

• Using a URL or HTTP endpoint: In this method, you can create an API artifact by providing  a URL or HTTP endpoint.
• Importing an API Specification (Open API Specification): Another way to create an API artifact is by importing an API Specification,  such as the OpenAPI Specification (formerly known as    Swagger). The API Specification describes the structure, endpoints, and behavior of the API. By importing this specification, the API platform can generate the corresponding API artifact. You can also import an API artifact zip bundle.
• Handcrafting the API using an API Specification editor: If you prefer more control and customization, you can manually create the API artifact using an API Specification editor. This method allows you to define the API structure, endpoints, request/response formats, and other details according to your specific requirements.

       These methods provide flexibility and options for creating API artifacts based on different sources and preferences.

For this blog, we will choose the URL method. Let’s provide all the mandatory fields and click on Create. If you have multiple Edge Integration Cell Runtime profiles, kindly choose the one where you want your API to be deployed. The setting can be changed later as well in next screen.

Once an API is created, you can typically view the API artifact details in multiple well-organized tabs or sections. These tabs provide various information and functionalities related to the API.

 4. Now let’s add a resource and provide the required inputs, you can follow these steps:

• Identify the resource you want to add. For example, let’s say you want to add a resource called “products” Define the path for the resource. The path is the URL endpoint that clients can use to interact with the resource. For example, the path for the “products” resource could be “/products”.
• Determine the operations that are supported for the resource. Common operations include GET (retrieve), POST (create), PUT (update), and DELETE (delete). You can also include additional operations specific to your application’s needs.
• Optionally, you can add tags and descriptions for each operation to provide additional information. Tags can be used to categorize operations, and descriptions can provide more details about what each operation does. For example, you might add a tag “Users” and a description “Retrieve a list of users” for the GET operation to retrieve a list of users.

    5.  The ‘Switch to API Specification’ button on the top right of the interface allows you to switch to the OpenAPI Specification editor. This editor provides a more detailed view of your API and allows you to visualize and edit the API using the OpenAPI Specification editor.Once you switch to the API Specification editor, you can take advantage of various tools like   Import, Download, Generate Server to enhance your API definition:

• Import: You can import an existing OpenAPI Specification file. This allows you to work with existing API definitions.
• Download: You can download the API specification as a file in the OpenAPI Specification format.
• Generate Server Stub: This feature allows you to generate server code stubs based on your API  specification. It can automatically generate code in various programming languages, which can help accelerate the development process.

These tools provide additional functionality and flexibility when working with your API definition, allowing you to customize and extend your API as needed.

6. Now let’s’ bring API led integration capabilities by adding few policies and mediation steps to this API endpoint. API artifact on Edge Integration Cell supports following Security and Traffic management policies along with other well-known integration policies like Mapping, Routing, Transformation etc.:

Traffic Management

• IP Filter
• Quota
• Surge Protection

Security

• Authentication
• Authorization
• JSON Threat Protection

These  policies can be only applied to the request flow of API artifact.

 7. Authentication policy is a default policy that is applied to all or any the API artifact. This is the first policy step in the request flow and its sequence cannot be altered. So, any change in sequence would lead to error during save / deploy. Authentication policy ensures the valid identity of the caller against the configured IDP.

Let’s edit the property of the authentication policy. By default, only Client Certificate and OAuth are selected. I will select the ‘Basic’ option as well.

8. Now let’s add another policy step called Quota policy step for traffic management. Quota policy provides multiple modes to work with and end user can leverage them based on her need. For this article, I will apply Calendar mode and set the configuration to allow 4 calls per minute. Kindly note that the Start time is in UTC format.

Now let’s save and deploy our first API artifact.

After successful deployment, let’s invoke the endpoint with any REST client. Initially, I will invoke the endpoint without providing any credentials.

This has resulted in an authentication error (401) due to the authentication policy in place. On providing the valid credential, which in this case is of simple basic type, I can invoke the end point successfully. On productive scenarios, one can use either of the other two options like Client Certificate or OAuth type.

9.  As we have configured a Quota policy step also which allows only 4 calls per minute. Once the quota is breached, the call to API endpoint fails with appropriate error details.

10. Let’s include an integration step for the mediation purpose to the API. As you have noticed the response of endpoint is in XML format, let me add an XML to JSON convertor step for JSON response.

Upon successful save and deploy, the endpoint call would result the response in JSON format.

Monitor an API Artifact

The API artifact can be monitored under Monitor section similar to Integration Flow. Let’s navigate to Integrations and APIs under Monitor on left sub-navigation and choose the desired Runtime.

With the Manage Integration Content tile, one can monitor the status of the API status and perform actions like those available for an Integration flow, such as Undeploy, Download, Navigate, etc.

For traceability, let’s set the Log level to Debug and monitor the debug logs by means of Monitor Message Processing.

Invoke the endpoint again and click on Debug in the logs section which will provide the details of all the steps executed during the e2e call.

You can find the details of the steps executed during flow like Authentication policy being the first step executed followed by Quota policy and at the end mediation step XML to JSON executed for converting the output from XML to JSON.

So, in this blog we have learnt to successfully Create, Manage, Deploy, Execute and Monitor an API artifact on the Edge Integration Cell. In the upcoming blogs of this series, we would see more detailed explanation on each policy available with Edge integration cell.