3455210 - Need for API User While Configuring Code Replication Iflows From SAP S4HANA To SAP Sales & Service Cloud V2

You are configuring one of the code replication related iflows from package "SAP Sales Cloud and SAP Service Cloud Version 2 Integration for Master Data with SAP S/4HANA or SAP S/4HANA Cloud" , there is a step "Get CNS Code" to do a GET call to the V2 system in case of Initial Load scenario.

SAP Sales & Service Cloud v2 Integration with SAP S4HANA

Below mentioned iflows does a GET call to v2 for Initial Load scenarios and user credentials are expected here. For this GET call, the communication user automatically generated in communication system cannot be used instead an API User with a dedicated Business Role with READ access to relevant business services is needed. 

List of Iflows and corresponding Business service names(as displayed in v2 within the business role creation screen) to be given access

1. Replicate Cash Discount Terms from SAP S4HANA - sap.crm.md.service.businessPartnerService 
2. Replicate Company Legal Form from SAP S4HANA - sap.crm.md.service.businessPartnerService 
3. Replicate Customer Group Form from SAP S4HANA - sap.crm.md.service.businessPartnerService
4. Replicate Customer Price List Type from SAP S4HANA - sap.crm.md.service.businessPartnerService
5. Replicate Delivery Blocking Reason from SAP S4HANA - sap.crm.md.service.businessPartnerService
6. Replicate Delivery Priority from SAP S4HANA - sap.crm.md.service.businessPartnerService 
7. Replicate Department from SAP S4HANA - sap.crm.md.service.businessPartnerRelationshipService
8. Replicate Distribution Channel from SAP S4HANA - sap.crm.md.service.organizationalUnitService 
9. Replicate Division from SAP S4HANA - sap.crm.md.service.organizationalUnitService 
10. Replicate Functional Title from SAP S4HANA - sap.crm.md.service.businessPartnerRelationshipService 
11. Replicate Incoterms Classification from SAP S4HANA - sap.crm.md.service.businessPartnerService 
12. Replicate Industrial Sector from SAP S4HANA - sap.crm.md.service.businessPartnerService 
13. Replicate Invoicing Blocking Reason from SAP S4HANA - sap.crm.md.service.businessPartnerService 
14. Replicate Price Specification Customer Group from SAP S4HANA - sap.crm.md.service.businessPartnerService
15. Replicate Region Codes from SAP S4HANA - sap.crm.service.i18nService

While configuring the iflow, there is an instruction "CNS-BUSINESS-USER" under the field "Credential Name" as a heads-up that explains the need to use a API user for the iflows. The corresponding business service names can be found in the service path in Address field.

Notes :

• Ensure only READ access is given to the above mentioned services and not WRITE access, I.e.. When creating a business role, add the above services and chose "UnRestricted" for "Read Access" and "Restricted" for "Write Access".
• Use this dedicated business role for the dedicated business user / api user created for S4 Integration purpose.
• Check this KBA "Error "Certificate Email is different from the User Email" While Uploading Certificate To Business User" to use certificate based authentication for business user
• The Client certificate issued by SAP CPI can be assigned to the API user and there is no need to get a dedicated certificate like in the case of business user mentioned above.
• If a communication user is used instead of a dedicated API user - messages in SAP CPI will fail with "403" error 

"Code List Replication" "Code Replication from S4 to V2" "org.apache.camel.component.ahc.AhcOperationFailedException: HTTP operation failed invoking https://******.us1.test.crm.cloud.sap/sap/c4c/api/v1/organizational-unit-service/divisions?$select=code with statusCode: 403" , KBA , CEC-CRM-INT , Integration for SAP Sales/Service Cloud , Problem

SAP Sales Cloud and SAP Service Cloud Version 2 1.0