Hello and welcome back to your ABAP Cloud with Microsoft integration journey. Part 0 of this series got you covered with the prerequisites to get your SAP dev environment with ABAP Development Tools (ADT) on Eclipse up and running.

#Kudos to Karl Kessler, Harish Bokkasam, Andre Fischer and team for the nudges in the right directions when it comes to ABAP Cloud

Today we approve a travel booking request issued to SAP from Microsoft Teams. The orchestration happens through the ABAP cloud compliant RAP enabled business object. Wow, that was a mouthful but no worries, there will be screenshots and more mumbo-jumbo to help you along. See below the architecture for the flow.

Generate the complete ABAP object tree on ADT

For this sample I ran through the SAP developer tutorial “How to Create RAP Business Events in an On-Premise system” till step 7 (skipping 5 and 6), which creates a Travel Booking app. It was the simplest one regarding the integration without any additional “shi-shi”.

Pay special attention to:

• Step 1 subsection 4: My S/4 HANA 2022 didn’t contain the SAP demo namespace “/dmo/” referenced by the tutorial. Replace them with internal types to continue (have a look at step 3 in this SAP tutorial for inspiration). Alternatively, you may consider loading the “/dmo/” objects via abapGit as SAP described here and here. See this community post for reference.
• Skip step 5-6
• Step 7 subsection 3: Use my implementation of the “lcl_event_handler” class instead

The last step of the tutorial introduces the custom behavior for the “Save” action. We are using it to send the approval request to Microsoft Teams to change the Travel Request state.

A deep dive into the integration options with Microsoft services for this scenario

There are multiple options to interact with Microsoft services like Microsoft Teams. Any compute that can perform the authentication flow and http request achieves the technical goal (check the security section at the end for more insights)

See below a list of integration options that I typically discuss with our joint SAP + Microsoft customers:

• SAP Integration Suite on Azure with Microsoft Connectors or custom http/OData adapter
• Azure Integration Services (AIS) with out-of-the-box Connectors using Microsoft Graph under the hood

Since Azure Logic Apps (serverless low code workflow engine in AIS) has a drag & drop experience with a couple of clicks to send an adaptive card to Teams I chose that path. See projects like SAP’s bridge framework to generate mentioned cards with SAP means in case you go down that route instead.

So, on to Azure…

For starters, deploy the provided Azure Logic App to your Azure Subscription using the “Deploy to” button on GitHub or this link from here. Once finished, navigate to the app, and authorize your Teams connection.

Open the Logic App and retrieve the generated endpoint URL from the http trigger. It contains an access signature. That is the simplest way to get started.

Secret hint: Fix Logic Apps Designer UI glitches ad-hoc by navigating to Code View saving from there.

Copy the URL and add to your ABAP code in line 8.

CLASS lcl_event_handler IMPLEMENTATION.
***** Make your changes below
  METHOD save_modified.
***** Act on booking create action. Use update, delete, etc. for alternate behavior.
    IF create IS NOT INITIAL.
***** Setup http request to Azure Logic Apps.
      DATA(dest) = cl_http_destination_provider=>create_by_url(
  'https://prod-78.eastus.logic.azure.com:443/workflows/your-id/triggers/manual/paths/invoke?api-version=2016-10-01&sp=your-access-signature' ).
      DATA(client) = cl_web_http_client_manager=>create_by_http_destination( dest ).
      DATA(req) = client->get_http_request(  ).
***** Create JSON payload from booking item properties
      DATA(lv_json) = /ui2/cl_json=>serialize( create-booking ).
      req->set_text( lv_json ).
      req->set_header_field( i_name = 'Content-Type' i_value = 'application/json; charset=UTF-8' ).
***** POST message to Azure Logic Apps
      DATA(create_response) = client->execute( if_web_http_client=>post )->get_text(  ).
      client->close(  ).
    ENDIF.
  ENDMETHOD.
ENDCLASS.

I am using the /ui2/cl_json class to generate the JSON payload for the POST request from the booking business object structure. Kudos to Stoyko Stoev and his blog post describing an ABAP Cloud option for REST calls.

With that we are ready for an integration test

Debugging with Fiori Preview and ADT

Put a break point on the save_modified method and open the Fiori preview of your Booking app.

Everything working as expected? Great, I had no doubts. Release your breakpoint and head over to your Azure Logic App to inspect the run.

Note the successful workflow steps generating the adaptive card with the details from your Fiori booking app including the buttons to approve/reject the request. Hit approve for the fun of it because the description field reads “much needed vacation”.

Using the OData service generated for the RAP enabled business object, we can send an efficient PATCH request and adjust its status from Open (“O”) to Approved (“A).

See tutorial step 3 “Generating the transactional UI services” for reference on the OData v4 service generation.

And that’s it. Only thing left to do, is marveling at the beauty of the approved booking request

Fully isolated Azure environments

Done marveling? Ok, then let’s get serious again and see what is needed to uplevel this integration scenario into production readiness. Fixed access signatures are nice and simple but not going to cut it also I know many of you love their private networks. Here you go

All involved components can be isolated in a private virtual network. In addition to that they can be restricted to accept requests only from your own internal Azure services or IP ranges. Furthermore, OAuth2 or OIDC flows may be employed for secure authentication. For the callback to the SAP RAP enabled OData service X509 certificates or the OAuth2SAMLBearer flow are desirable for production. See this blog post and this Azure APIM policy to learn more about the setup process.

Stay tuned for part 2 of the steampunk series for insights into the X509 setup for BTP ABAP environment.

What if I want pure ABAP without any integration services as negotiators?

Instead of using the Azure Integration Services you can make the call to Teams from ABAP without any intermediary if you wish. Get inspired from the code here to infuse your existing code. The ABAP classes speed up the integration with Microsoft Graph and Azure managed identities for instance.

However, compared to the “pure ABAP” way, using a workflow engine brings separation of concerns and the added value of managed connectors for the integration. In addition to that, the different developer personas (ABAP and Azure), that need to collaborate, also profit from this split as they can focus on their domain.

See the Microsoft Teams resources of the Microsoft Graph API. See the docs here and the online Graph explorer here.

The ABAP SDK for Azure requires abapGit to import the objects into your landscape.

For event-driven approaches using ABAP, see this blog post.

Final Words

That’s a wrap you saw today how you can enhance the SAP RAP logic from the S/4HANA Cloud ABAP environment (public or private doesn’t matter) to surface an SAP approval process directly in Microsoft Teams. We used adaptive cards exposing buttons to kick off the approval process. To conclude we shed some light on how to secure the scenario properly.

Find all the resources to replicate this setup on this GitHub repos. Stay tuned for the remaining parts of the steampunk series with Microsoft Integration Scenarios from my overview post.

Cheers

Martin