The Changes of the REST API v2 in SAP Identity Management SP06 at a glance
The new Service Pack 6 from SAP Identity Management (IDM) 8.0 was released in February 2018. Many changes affect the SAP Identity Management REST interface version 2 (REST API v2). This blog lists and explains all changes to REST v2 SP06. In addition, we provide information on how to use these changes in Fiori Applications, using examples from our SAP Fiori Xiting Starter Pack for Identity Management.
The biggest change is that the opensource odata4j library has been replaced by the Apache Olingo library in theOData 2.0 Java library. It uses Open Data Protocol (OData) v2 and supports both XML-based and JavaScript Object Notation (JSON) formats.
By default, access to REST API v2 is limited to HTTPS. For security reasons, it is recommended to use HTTPS for communication with the REST v2. However, HTTP access to the REST v2 can be enabled by setting the Java system property v2.AllowHttp to true for the restapi-ear application:
The previous version of REST API v2 supported the &selectSetSVAttributes keyword to filter out empty return values. This option is no longer supported by the new version. Instead, the Java system property v2.ReturnNullValuesInResponse for the restapi-ear application must be set to false:
Compared to the previous version of the REST API v2, the new REST API v2 provides stronger and more meaningful error handling. You will receive a clear error message, as in this example of our SAP Fiori XitingStarter Pack for IDM when creating and modifying users. In this case, a manager loop was detected:
Other new features of the new REST API v2 include creating new identities, listing identity types, and invoking assignment histories and referenced hierarchies. Everything is described in detail in the following SAP documentation:
- Creating new identities
- List identity types
- Identity history of references
- Identity hierarchy of references
The functions for creating new users, displaying the assignment history of business roles and privleges, and the hierarchy of business roles have been implemented in our SAP Fiori Xiting Starter Pack. In our previous blog about our SAP Fiori Xiting Starter Pack, we have already explained the individual apps in detail. Here is a screenshot of the app forcreating a new user:
In this app, a user can be created with the general information such as display name, first and last name, validity, salutation and user type, with reference values such as manager and company address, business roles and
privileges.
The entered data is sent via the HTTPS post request to the endpoint /idmrestapi/v2/service/ET_MX_PERSON. This HTTPS Postal Request contains an HTTPS header “X-HTTPS-METHOD: MERGE”and looks like this:
After the new user’s creation, the Display User app will be called automatically:
In this app the enduser has access to the history of the assignments, e.g. who requested the authorization and who approved it:
In addition, the hierarchies of business roles are displayed:
The new REST API v2 provides meaningful new features, such as creating new identities, viewing reference histories and hierarchies, and listing all the entrytypes of an IDM system. With these new features, your Fiori apps can be enhanced to work better with your IDM system and to replace the old Web DynPro UI.
Our Experts
[starbox id=cchen]
[starbox id=fhonervogt]
