january 2025.

Now that we know how to authenticate to the SAP Datasphere API. We can now look at my example that I posted on LinkedIn last year. The goal is to get all the views that are exposed for consumption. If you set this flag, you can consume this view with a 3rd party tool such as PowerBi. 

So if a view is flagged as exposed for consumption, this could be a data leakage issue if there is no Data Access Control (DAC) in place. So I also want to see if a view is exposed and if so, if it has a Data Access Control assigned to it. This allows me to identify incorrectly exposed views and see if anyone has access to data without DACs.

All code examples are available on my GitHub repository. 

Every tool has the authentication part, so I moved it to a separate class. If you want to know how to build it, read the last blog post.

Now that we know how to get data from the SAP Datasphere API using Postman, I want to automate the steps using Python. In this post, I implement authentication via OAuth. I use the two existing libraries OAuth2Session and urllib.parse. 

To create the OAuth request we need the secret, the client ID, the authorization URL and the token URL. I stored all this information in a JSON file so I can read and process it. Where to get this information can be found in the earlier post. So we need to read the JSON file first to get all the parameters.

secrets_file = path_to_the_secret.json

f = open(secrets_file)
secrets = json.load(f)
print(secrets)

Next, we need to encode the client ID, as described by Jascha in this post. I use the urllib.parse.quote functionality for this..

Now that we know how to use Postman to send an API request to SAP Datasphere and receive data. We can now take a closer look at the API and what we can do with it. At api.sap.com we get different API endpoints, I want to focus on the consumption part. The API reference for the consumption part allows us to consume relational and analytical models. 

Let's start with the relational models and retrieve the data with Postman to see some results. The relational API endpoint can be accessed at this URL

https://xyz.eu10.hcs.cloud.sap/api/v1/dwc/consumption/relational/{space}/{asset}/{technical_object}

You can find the exact description in the API catalog. So I won't copy and paste the content here.  Now let's get the data with the above URL. My view is called DBV_BIKE_DELIVERY. If I now use my OAuth from the last post, I get the data directly in Postman.

This is the first in a series of articles about the SAP Datasphere API and what you can do with it. I will start by explaining how to configure the OAuth and start with the first request using Postman. Postman is a tool for creating requests to web services. 

So let's dive into it. If you want to consume the SAP Datasphere API, you need to find the right endpoints. A good place to start is api.sap.com. But how can we test and see if the request is correct? If we get the right result?

In this post, I will go through the configuration of Postman that allows you to send requests and also receive data from those requests. To do this, we use OAuth technology. I won't explain what OAuth is. If you are interested, take a look at Wikipedia.