Now that SAP API Management is available you probably also have seen the fantastic blog from Bhanu Pratap Sharan about policies and how to use them. It explains what policies in SAP API Management are, which ones are available and how you can use them.
When following my first blog on How to use SAP API Management on HCP Trial you might have noticed that when calling the "proxified" URL to the ES4 system (e.g. https://trial.apim1.hanatrial.ondemand.com:443/<account>trial/GWSAMPLE_BASIC) yxou can still see URLs like https://sapes4.sapdevcenter.com/sap/opu/odata/iwbep/GWSAMPLE_BASIC/ in the response.
Obviously that doesn't make a lot of sense. So we have to tell the API proxy, that it should hide / "mask" the real URL. There are plenty of ways how this can be done. In this blog I want to show the power of one of the policies that we have: the JavaScript policy.
Although you can make this policy very generic, I will keep to the very basic and actually tell the script what the target server is and what the SAP API Management Proxy URL is.
Lets pick-up where we left in the How to use SAP API Management on HCP Trial
I had created a plain API proxy that would just connect to the ES4 system. Lets take another look at this API Proxy and go to the "Launch Policy Designer" in the API Artifacts section (for more details, take a look at the blog SAP API Management – Policy Management)
Once you launch the Policy Designer you can see an empty policy screen. In this screen, enable the Edit mode, by clicking on Edit and then add a script (by clicking on the "+" sign which will appear once you are in Edit mode)
Once you click on the "+" sign you can give the new script a name like "urlrewrite"
This will be the script that reads the actual URL and replaces it with the URL from our SAP API Management proxy. So once you click on Add in the pop-up above you can select the script name ("urlrewrite") that we just created and add the content:
var rc = context.getVariable("response.content");
var newstr = rc.replace(/SAPES4.SAPDEVCENTER.COM:443/gi, "trial.apim1.hanatrial.ondemand.com");
var newpath = newstr.replace(/\/sap\/opu\/odata\/iwbep/gi, "\/d044410trial");
context.setVariable("response.content", newpath);
In these four lines (of course it could have been less :-)) we retrieve the content from the response, replace the targetserverhost and targetserverport (in my case the SAP Developer System) with the information from the api proxy, changes the path and put this new information back in the context. Quite straight forward.
Now we only have to tell the flow that and when we want to call this script.
So on the left hand side, scroll down to TargetEndpoint and select the PostFlow (after all we want to replace the results from the server response). Then on the right hand side click on the "+" sign for the JavaScript policy
A new pop-up will open where we can specify the name of this policy. Enter something like "maskurlfromresponse" and make sure that you select "Outgoing Response" from Stream. Then click on Add
This policy now allows us to call / do whatever we want in JavaScript. In our case, we will just call the script that we had previously created: the urlrewrite script. In order to do that just replace/add the name of the script with the urlrewrite script so that the content looks like this:
(since we won't use a helper.js file, you can also remove the lines:
<!-- contains reference to any library scripts that help the main code file -->
<IncludeURL>jsc://helper.js</IncludeURL>
<!-- this policy allows us to execute java script code during execution of an API Proxy -->
<Javascript async="false" continueOnError="false" enabled="true" timeLimit="200" xmlns='http://www.sap.com/apimgmt'>
<!-- contains the name of the main code file -->
<ResourceURL>jsc://urlrewrite.js</ResourceURL>
</Javascript>
And that's it! Now you can click on Update
and then on Save
... from now on your API calls to a backend systems should really mask the URL.
I hope this small example not only showed you how you can mask the URL, but also gave you a glimpse of the power of these policies. With the JavaScript policy you can actually do whatever you want in your flow. You can filter traffic, redirect URLs, change content, check or validate content, ... The possibilities are endless.
In future blogs we will go in more detail and talk about some other things you can do with the JavaScript policy. We could for example make this script more dynamic so that it first retrieves the target URl and uses the API Proxy name -- so that you do not have to hardcode this information.
Feel free to add your comments & feedback.