As many of the organizations uses SharePoint for the document management, Integrating SharePoint with SAP CPI brings several benefits. Below are some of the key benefits:
Automated Document ManagementSeamless Data ExchangeImproved Workflow AutomationEnhanced CollaborationCentralized Data RepositoryBetter Compliance and SecurityCost EfficiencyReal-Time Notifications and ReportingDifferent ways to Integrate SharePoint with CPI
There are different ways for the seamless integration of Microsoft SharePoint with CPI.
1.1 Settings to be completed at SharePoint site
When we need to integrate Microsoft SharePoint with CPI we need to complete the below set of tasks at SharePoint site.
Determine redirect URI
Use the BTP Integration Suite tenant <host name> to construct the following redirect URI:
https://<host name>/itspaces/odata/api/v1/OAuthTokenFromCode
Register a new Application in Azure Active Directory
Log in to the Azure portal and go to Azure Active Directory. Navigate to App registrations and select “New registration”.
Name: Enter a descriptive name, such as “SAP_CPI_SharePoint_Integration”.Supported account types: Choose based on your organization’s requirements. Redirect URI : Determined in the prerequisite section above.
After registering, make a note of the Application (client) ID and Directory (tenant) ID—you’ll use these later in CPI.
Choose “Certificates & secrets” in the menu on the left and create a new Client Secret with your preferred expiry period.
Go back to the “Overview” view of the app and select the “Endpoints” tab. Copy the “OAuth 2.0 authorization endpoint (v2)” and the “OAuth 2.0 token endpoint (v2)” to your local desktop. You need these values later for the creation of the OAuth2 credential in Cloud Integration.
2. Integrating via HTTP adapter
2.1 Settings at SharePoint Site
Grant Permissions to add in
Once the application is registered in the Active directory as mentioned in the above section. We need to set the permissions for that application to access the SharePoint data.
Navigate to https://<siteURL>/_layouts/15/appinv.aspx to access the grant permissions page
Do a lookup with the client ID, and it will fetch the details such as Title, App Domain and redirect URL.
We can use the below format to configure the permission
SHAREPOINT have 4 scope URI:
http://sharepoint/content/tenant : Client ID take full permission for all sites in this tenanthttp://sharepoint/content/sitecollectionhttp://sharepoint/content/sitecollection/webhttp://sharepoint/content/sitecollection/web/list
SHAREPOINT have 4 authorize
ReadWriteManageFull Control
We can grant permission at level tenant or level site.
Tenant : http://<domain-name>/_layout/15/appinv.aspxSites : https://<domain-name>/sites/<site-name>/_layouts/15/appinv.aspx
<AppPermissionRequests AllowAppOnlyPolicy=”true”>
<AppPermissionRequest Scope=”http://sharepoint/content/sitecollection/web” Right=”Write” />
</AppPermissionRequests>
Once we click create, it will redirect to a page where we can trust the add-in to read items from website
2.2 Configure Iflow in CPI
2.2.1 Upload file to SharePoint
HOST : htts://<domain-name>
RESOURCE: /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/files/Add(url='<file-name>’,overwrite=<true/false>)
METHOD : POST
ACCEPT : application/json;odata=verbose
CM – OauthRequest
Set token request in message body
Token request format:
grant_type=client_credentials&client_id=ClientID@TenantID&client_secret=ClientSecret&resource=resource/SiteDomain@TenantID
Fetch Tenant ID and resource from postman
URL: https://<siteURL>/_vti_bin/client.svc/
Method – Get
Token Bearer
The response returns a lot of headers but ends with unauthorized access. In response header, we will get WWW-Authenticate as one of the headers and that contains the necessary information required for the next step.
Realm value will be the tenant id and Client id will be the resource.
GetOAuth
Use Microsoft access control services URL to get the token:
https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2
Retrieve Access Token
Remove Body
Set Header
Convert Body to Output Stream
Upload to SharePoint
Target URL format:
2.2.2 Create folder in documents
HOST: htts://<domain-name>
RESOURCE : /sites/<site-name>/_api/web/folders
METHOD : POST
PAYLOAD :
Key : ServerRelativeUrlValue : Shared Documents/<Folder-Name>
Content-type : JSON
ACCEPT : application/json;odata=verbose
Eg:
{
serverRelativeUrl : “Shared Documents/TestFolder”
}
2.2.3 Get all folder in Shared Documents
HOST: htts://<domain-name>
RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents’)/Folders
METHOD : GET
ACCEPT : application/json;odata=verbose
2.2.4 DELETE folder
HOST: htts://<domain-name>
RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)
METHOD : DELETE
2.2.5 Get all files in folder
HOST: htts://<domain-name>
RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/Files
METHOD : GET
ACCEPT : application/json;odata=verbose
2.2.6 Get file with file name
HOST: htts://<domain-name>
RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/Files(‘<file-name-and-extension>’)/$value
METHOD : GET
ACCEPT : application/json;odata=verbose
2.2.3 Limitations of Integrating SharePoint using HTTP adapter
Observed some issues while uploading binary files (PPT, PDF, Word etc.) to the SharePoint. HTTP adapter is converting the type of request body to “inputStream” but it seems like there is some issue with the SAP CPI HTTP receiver adapter which is not able to pass byte streams correctly.
2.3 Integrating with SharePoint Adapter
Configure API Permissions
In the application’s settings, go to “API permissions” and remove the permission “User.Read” if it is there.
Click Add a permission > Microsoft Graph > Application permissions. Select Delegated Permissions and Under Sites, select “Sites.ReadWrite.All” to allow full access to SharePoint files. Confirm permissions by adding the permission to the application.
Create an OAuth2 Authorization Code Credential in SAP CPI Tenant
Log into your Cloud Integration tenant and select the “Security Materials” tile under “Monitor->Integrations and APIs” section. Select the “Create” button and choose “OAuth2 AuthorizationEnter Name and Other details that were captured earlier when the application was created. Please make sure to select provider as “Microsoft 365“Enter Application ID as “Client ID” , “Client Secret” , “Authorization URL” and “Token Service URL” captured in above steps from the Microsoft application . Enter the “User Name”. This is the e-mail address of the service user that exists in Microsoft Azure directory/tenant as a member and has the requisite permission in which the App was created ( Discussed in the prerequisite section ).
Also add the “Scope” as “https://graph.microsoft.com/.default offline_access”
On deploying the security materials , we can see the newly created “OAuth2 Authorization Code” credential in the list of Security Materials in status “Unauthorized”.
Select the three dots in the entry with the created credential and choose the “Authorize” option shown above. A confirmation dialog will come up. Select “Continue”:A Microsoft login appears , please enter the password for the service user created for the above integration. Once Authenticated , additional dialog requests further permission and shows the scope of the application created above. Please accept and proceed.
On successful confirmation below success message is displayed and the security material is now authorized.
2.3.1 Upload file to SharePoint
Creating an API to upload Files to Sharepoint
First, we’ll create an integration flow in CPI to handle file uploads. This flow will serve as the core of our API, receiving files from external systems and forwarding them to SharePoint.
Create a New Integration Flow, and configure HTTP sender adapterFurther steps as required
We can use content modifier to set the folder path and file names dynamically
Configure MicrosoftSharepoint as the receiver Local Integration flow to upload the fileSet Content-Type as “application/octet-stream” using a Content Modifier.
Set the message body
Sharepoint Adapter configuration
2.3.1.1 Other Operations
2.3.2 Pick files from sharepoint
We can refer : https://help.sap.com/docs/integration-suite/sap-integration-suite/configure-microsoft-sharepoint-sender-adapter to configure the adapter
As many of the organizations uses SharePoint for the document management, Integrating SharePoint with SAP CPI brings several benefits. Below are some of the key benefits:Automated Document ManagementSeamless Data ExchangeImproved Workflow AutomationEnhanced CollaborationCentralized Data RepositoryBetter Compliance and SecurityCost EfficiencyReal-Time Notifications and ReportingDifferent ways to Integrate SharePoint with CPIThere are different ways for the seamless integration of Microsoft SharePoint with CPI.1.1 Settings to be completed at SharePoint siteWhen we need to integrate Microsoft SharePoint with CPI we need to complete the below set of tasks at SharePoint site.Determine redirect URIUse the BTP Integration Suite tenant <host name> to construct the following redirect URI:https://<host name>/itspaces/odata/api/v1/OAuthTokenFromCodeRegister a new Application in Azure Active DirectoryLog in to the Azure portal and go to Azure Active Directory. Navigate to App registrations and select “New registration”.Name: Enter a descriptive name, such as “SAP_CPI_SharePoint_Integration”.Supported account types: Choose based on your organization’s requirements. Redirect URI : Determined in the prerequisite section above.After registering, make a note of the Application (client) ID and Directory (tenant) ID—you’ll use these later in CPI.Choose “Certificates & secrets” in the menu on the left and create a new Client Secret with your preferred expiry period. Go back to the “Overview” view of the app and select the “Endpoints” tab. Copy the “OAuth 2.0 authorization endpoint (v2)” and the “OAuth 2.0 token endpoint (v2)” to your local desktop. You need these values later for the creation of the OAuth2 credential in Cloud Integration.2. Integrating via HTTP adapter2.1 Settings at SharePoint SiteGrant Permissions to add inOnce the application is registered in the Active directory as mentioned in the above section. We need to set the permissions for that application to access the SharePoint data.Navigate to https://<siteURL>/_layouts/15/appinv.aspx to access the grant permissions pageDo a lookup with the client ID, and it will fetch the details such as Title, App Domain and redirect URL.We can use the below format to configure the permissionSHAREPOINT have 4 scope URI:http://sharepoint/content/tenant : Client ID take full permission for all sites in this tenanthttp://sharepoint/content/sitecollectionhttp://sharepoint/content/sitecollection/webhttp://sharepoint/content/sitecollection/web/listSHAREPOINT have 4 authorizeReadWriteManageFull ControlWe can grant permission at level tenant or level site.Tenant : http://<domain-name>/_layout/15/appinv.aspxSites : https://<domain-name>/sites/<site-name>/_layouts/15/appinv.aspx<AppPermissionRequests AllowAppOnlyPolicy=”true”> <AppPermissionRequest Scope=”http://sharepoint/content/sitecollection/web” Right=”Write” /></AppPermissionRequests>Once we click create, it will redirect to a page where we can trust the add-in to read items from website2.2 Configure Iflow in CPI2.2.1 Upload file to SharePointHOST : htts://<domain-name>RESOURCE: /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/files/Add(url='<file-name>’,overwrite=<true/false>)METHOD : POSTACCEPT : application/json;odata=verboseCM – OauthRequestSet token request in message bodyToken request format:grant_type=client_credentials&client_id=ClientID@TenantID&client_secret=ClientSecret&resource=resource/SiteDomain@TenantIDFetch Tenant ID and resource from postmanURL: https://<siteURL>/_vti_bin/client.svc/Method – GetToken BearerThe response returns a lot of headers but ends with unauthorized access. In response header, we will get WWW-Authenticate as one of the headers and that contains the necessary information required for the next step.Realm value will be the tenant id and Client id will be the resource.GetOAuthUse Microsoft access control services URL to get the token:https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2Retrieve Access TokenRemove BodySet HeaderConvert Body to Output StreamUpload to SharePointTarget URL format:https://siteDomain/sites/Sitename/_api/web/GetFolderByServerRelativeUrl(‘/sites/TestFolder/Shared%20Documents/Integration’)/Files/add(url=’${property.fileName}’)2.2.2 Create folder in documentsHOST: htts://<domain-name>RESOURCE : /sites/<site-name>/_api/web/foldersMETHOD : POSTPAYLOAD :Key : ServerRelativeUrlValue : Shared Documents/<Folder-Name>Content-type : JSONACCEPT : application/json;odata=verboseEg:{serverRelativeUrl : “Shared Documents/TestFolder”}2.2.3 Get all folder in Shared DocumentsHOST: htts://<domain-name>RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents’)/FoldersMETHOD : GETACCEPT : application/json;odata=verbose2.2.4 DELETE folderHOST: htts://<domain-name>RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)METHOD : DELETE2.2.5 Get all files in folderHOST: htts://<domain-name>RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/FilesMETHOD : GETACCEPT : application/json;odata=verbose2.2.6 Get file with file nameHOST: htts://<domain-name>RESOURCE : /sites/<site-name>/_api/web/GetFolderByServerRelativeUrl(‘/sites/<site-name>/Shared Documents/<folder-name>’)/Files(‘<file-name-and-extension>’)/$valueMETHOD : GETACCEPT : application/json;odata=verbose2.2.3 Limitations of Integrating SharePoint using HTTP adapterObserved some issues while uploading binary files (PPT, PDF, Word etc.) to the SharePoint. HTTP adapter is converting the type of request body to “inputStream” but it seems like there is some issue with the SAP CPI HTTP receiver adapter which is not able to pass byte streams correctly. 2.3 Integrating with SharePoint AdapterConfigure API PermissionsIn the application’s settings, go to “API permissions” and remove the permission “User.Read” if it is there.Click Add a permission > Microsoft Graph > Application permissions. Select Delegated Permissions and Under Sites, select “Sites.ReadWrite.All” to allow full access to SharePoint files. Confirm permissions by adding the permission to the application. Create an OAuth2 Authorization Code Credential in SAP CPI TenantLog into your Cloud Integration tenant and select the “Security Materials” tile under “Monitor->Integrations and APIs” section. Select the “Create” button and choose “OAuth2 AuthorizationEnter Name and Other details that were captured earlier when the application was created. Please make sure to select provider as “Microsoft 365“Enter Application ID as “Client ID” , “Client Secret” , “Authorization URL” and “Token Service URL” captured in above steps from the Microsoft application . Enter the “User Name”. This is the e-mail address of the service user that exists in Microsoft Azure directory/tenant as a member and has the requisite permission in which the App was created ( Discussed in the prerequisite section ).Also add the “Scope” as “https://graph.microsoft.com/.default offline_access”On deploying the security materials , we can see the newly created “OAuth2 Authorization Code” credential in the list of Security Materials in status “Unauthorized”.Select the three dots in the entry with the created credential and choose the “Authorize” option shown above. A confirmation dialog will come up. Select “Continue”:A Microsoft login appears , please enter the password for the service user created for the above integration. Once Authenticated , additional dialog requests further permission and shows the scope of the application created above. Please accept and proceed. On successful confirmation below success message is displayed and the security material is now authorized. 2.3.1 Upload file to SharePointCreating an API to upload Files to SharepointFirst, we’ll create an integration flow in CPI to handle file uploads. This flow will serve as the core of our API, receiving files from external systems and forwarding them to SharePoint.Create a New Integration Flow, and configure HTTP sender adapterFurther steps as requiredWe can use content modifier to set the folder path and file names dynamicallyConfigure MicrosoftSharepoint as the receiver Local Integration flow to upload the fileSet Content-Type as “application/octet-stream” using a Content Modifier.Set the message bodySharepoint Adapter configuration2.3.1.1 Other OperationsRefer: https://help.sap.com/docs/integration-suite/sap-integration-suite/configure-microsoft-sharepoint-receiver-adapter2.3.2 Pick files from sharepointWe can refer : https://help.sap.com/docs/integration-suite/sap-integration-suite/configure-microsoft-sharepoint-sender-adapter to configure the adapter Read More Technology Blogs by Members articles
#SAP
#SAPTechnologyblog
