Creating a Service Key
Service keys provide access to a service instance. You need the service key to get an access token for the SAP E-Mobility APIs.
Prerequisites
You've created a service instance in your subaccount space.
Context
Mutual Transport Layer Security (mTLS) is considered more secure than the combination of the client ID and the client secret. Unlike retrieving the access token using the client ID and client secret, no secret is shared between the calling application and the service instance for SAP Authorization and Trust Management Service.
This configuration enables your application to retrieve or exchange access tokens from an instance of the SAP Authorization and Trust Management Service with mTLS. Using the access token, your application can communicate with other services, applications, and devices using the standard OAuth protocols.
When you create a service key, an X.509 certificate is generated by default for the SAP E-Mobility service in the Cloud Foundry environment.
Alternatively, you can generate service keys with a combination of the client ID and the client secret.
Procedure
-
Using Cloud Foundry in SAP BTP Cockpit
For more information about service keys, see https://docs.cloudfoundry.org/devguide/services/service-keys.html .
mTLS scenario
By default, the X.509 service key certificate has a validity of 7 days. To change the validity period, modify the validity and the validity-type parameters.
Example for a validity period of 30 days:
Additional details can be found here: Parameters for X.509 Certificates
Non-mTLS scenario
You can generate service keys with the combination of the client ID and the client secret. To ensure a high level of security and flexibility in rotating secrets, SAP E-Mobility uses binding secrets. Using this method means that all service keys have unique credentials.
Next Step
Follow the steps explained in Generating an Access Token.