SAP Knowledge Base Article - Public

3407120 - Checkpoints for Multi Action API

Symptom

Failed to Trigger Multi Action via Multi Action API
Error may show up as:

  • HTTP 401 error
  • HTTP 403 error
  • HTTP 404 error
  • You do not have rights to access the connections of XXX
  • Defined URL forces users to login to the SAC tenant despite the Oauth client configured
     

Environment

SAP Analytic Cloud

Reproducing the Issue

  • Trigger Multi Action externally
  • Test URL in Postman 

Cause

Missing Configurations

Resolution

  1. Get a Valid CSRF Token for the Multi Action API 
    1. Create a blank collection in Postman: 
      3407120_1_1.png
       
    2. Add a Get request for CSRF, navigate to Authorization page: 
      3407120_1_2.png
       
    3. Fill in Authorization page
      1. Add a New OAuth Client if you need, SAC Tenant-> System -> Administration -> App Integration -> Add a New OAuth Client
      2. Copy content
        1. Select Type: "OAuth 2.0".
        2. Choose Grant type: "Authorization Code".
        3. Callback URL:
          1. If you've selected "Authorize using browser", Then you will need to fill in "Redirect URI" in OAuth Client with the fixed URL "https://oauth.pstmn.io/v1/callback".
          2. If you've not selected "Authorize using browser", Then you will need to fill in both "Callback URL" and "Redirect URI" with "https://www.getpostman.com/oauth2/callback".
          3. in case of SAP Support: select "Authorizat using Browser"
        4. Fill in Auth URL: copy from "Authorization URL".
        5. Fill in Access Token URL: copy from "Token URL".
        6. Fill in Client ID: copy from "OAuth Client ID".
        7. Fill in Client Secret: copy from "Secret".
        8. Click "Get New Access Token". The login page will appear. Please log in with your account 

          3407120_1_3.png 
           
    4. After login, Click “Use Token” to get the “Access Token”
      3407120_1_4.png
       
    5. Token is in use. Choose one of the following two authentication types:
      1. Oauth 2.0 Type: 
        3407120_1_5_1.png
         
      2. “Bearer Token” Type:
        3407120_1_5_2.png
         
    6. Fill in CSRF URL,  fill in header per Help Document: Get a Valid CSRF Token for the Multi Action API
      3407120_1_6.png
       
    7. Click “Send”, if request successfully, will get x-csrf-token in header of response: 
      3407120_1_7.png
       
       
  2. Trigger Multi Action API 
    1. Add a POST request “Trigger MA API”
      3407120_2_1.png
       
    2. Navigate to “Authorization”, select “OAuth2.0”, select “TokenSample” which created in step 1.4:

      3407120_2_2.png 
       
    3. Fill in API URL and Add header per Help Document:/multiActions/<multiActionID>/executions
      1. Open the Multi Action in SAC tenant, copy its id from the URL field
        3407120_2_3_1.png
         
      2. Fill the API URL with “Content-Type” using <application/json>  and “ x-csrf-token” using X-csrf-token’ s value comes from step 1.7
        3407120_2_3_2.png
         

    4. Fill Body per Help Document: /multiActions/<multiActionID>/executions (in this sample screen shot, the multi action does not have parameter)
      3407120_2_4.png
       
    5. click Send, if URL triggers successfully, get return value including “executionID”
      3407120_2_5.png
       
       
  3. Query the execution status of a triggered Multi Action
    1. Add a Get request for Querying status, navigate to “Authorization”, select “OAuth2.0”, select “TokenSample” which created in step 1.4:
      3407120_3_1.png
       
    2. Enter URL by copy “executionID” from step 2.5
      3407120_3_2.png
       
    3. Click Send, get the status
      3407120_3_3.png
       
  4. Must-Know
    1. Prerequisites: 
      1. The Multi Action Service supports two OAuth authentication flows:
        1. OAuth 2.0 Authorization Code Grant:
          Please note: One of the limitations of OAuth 2.0 Authorization Code Grant, is that it generally requires the end-user to input their account/password to log in to SAC explicitly as to get the authorization code and continue the authentication process.  
          Considering the scenario where the consumption of multi-actions public API is embedded in a fully automated process with no possible user interference, you may consider the OAuth2 SAML Bearer Assertion workflow as an alternative solution.
        2. OAuth 2.0 SAML Bearer Assertion
           
      2. the access token retrieved by the "client credential" grant type is not supported by the Multi Action API
         
      3. Multi Action API is supported since SAC Version: 2023.15 [To check your SAC version: Please go to SAC tenant - System - About]
         
      4. Please note: You need to flag "Allow External API Access" when create the Multi Action:
        [To check the flag: Please go to SAC tenant - Multi Action - Settings (button will be available once saved ) ]
        3407120_MustKnow1.png

See Also

Keywords

Multi Action API POSTMAN URL 401 403 OAuth 2.0 SAML Bearer Assertion OAuth 2.0 Authorization Code Grant OAuth2SAML Token URL request response code status 400 403 401 404 multi action multiaction sap analytics cloud, cloud analytics tools, analytics in the cloud, cloud analytics software, multiaction, multiactions Authorize code CSRF Token CPI cloud integration HttpResponseException failed fail unauthorized  Failed to get Response from Connectivity Service oauth/token oauth token adapter http api exception https api/v1/multiActions PaPM Cloud  [Multi-actions]  , KBA , LOD-ANA-PL-MA , Multi Actions , Problem

Product

SAP Analytics Cloud 1.0

Attachments

3407120_1_2.png