Home
Configure OAuth 2.0 Authentication
Enable OAuth 2.0 authentication in SAP API Management so external consumers can securely obtain and use access tokens when calling iCWP APIs.
Test OAuth using Postman

Title and Copyright
Copyright and Terms of Use page for iMaintenance Installation.
Preface
Understand audience, know related documents and products and conventions followed in this document.
Introduction
The iMaintenance Deployment & Setup Guide gets iMaintenance running safely in your enterprise landscape.
Foundation Setup for iMaintenance Deployment
Before iMaintenance can connect to SAP and expose APIs, the core environment must be initialized. This setup includes seeding MongoDB with configuration data, enabling SAP inbound services, mapping dependencies, and starting the microservices that power the application.
Configure SAP iMaintenance Roles and Authorizations
Before iMaintenance can integrate with SAP, specific roles and authorizations must be configured. These roles control access to master data, transactional posting, and integration endpoints.
Secure API Access with IP Whitelisting
Secure connectivity for Innovapptive-hosted applications is enforced by restricting inbound traffic to trusted client IPs and permitting outbound traffic only to approved Innovapptive domains. This ensures that only authorized systems can exchange data with iMaintenance while preventing unauthorized access.
Install Supporting Systems and iCWP Integration Suite
Enable SAP NetWeaver Gateway and configure virus scan handling so iCWP OData services can run securely.
SAP BTP and On-Premise Integration via Cloud Connector
Set up secure connectivity between SAP BTP and your on-premise SAP systems with the SAP Cloud Connector. This enables iCWP OData services to be consumed on BTP without exposing inbound firewall ports.
Configure API Management in SAP BTP
Create an API Proxy in SAP BTP to expose iCWP OData services from your connected SAP system. The proxy uses the API Provider details from Cloud Connector and makes the service available for policy enforcement and external consumption.
Configure OAuth 2.0 Authentication
Enable OAuth 2.0 authentication in SAP API Management so external consumers can securely obtain and use access tokens when calling iCWP APIs.
- Create OAuth Token API Proxy
  Set up an OAuth Token API Proxy in SAP API Management. This proxy acts as the token endpoint, issuing access tokens that external consumers use to call protected iCWP APIs.
- Add OAuth v2.0 Policy to Verify Access Tokens
  Attach an OAuth v2.0 policy in VerifyAccessToken mode to the actual API Proxy. This ensures only requests with a valid token (issued by the token proxy) can access iCWP APIs.
- Apply OAuth 2.0 Policy Between External Consumer and BTP API Management
  Enable OAuth 2.0 authentication at the SAP BTP API Management layer to secure external access. Internally, API Management continues to call the SAP backend using Basic Authentication stored in Key Value Maps. To support this hybrid model, add a policy that removes the OAuth token from the request context after verification, ensuring clean forwarding to the backend.
- Test OAuth using Postman
Handle CSRF Tokens in API Management
Enable server-to-server authentication between SAP API Management and the backend system, so API consumers don’t need direct backend credentials.
Troubleshoot API Errors and Metadata Issues

Test OAuth using Postman

To test OAuth authentication using Postman:

Open Postman and set the Authorization Type to Bearer Token.
Provide the OAuth token (you can obtain this token from the previous steps explained in the document).
If the token is valid, you will receive a successful response with status code 200 OK.
If the token is invalid, the response code will be 401 Unauthorized.
If the token is expired, the response code will be 401 Unauthorized.