Consuming the Connectivity Service

Connect your Cloud Foundry application to an on-premise system via HTTP.


Using the Connectivity service, you can connect your Cloud Foundry application to an on-premise system through the Cloud Connector. To achieve this, you must provide the required information about the target system (destination), and set up an HTTP proxy that lets your application access the on-premise system.

Back to Tasks


  • You must be a Global Account member to connect through the Connectivity service with the Cloud Connector. See Add Members to Your Global Account.

    Also Security Administrators (which must be either Global Account members or Cloud Foundry Organization/Space members) can do it. See Managing Security Administrators in Your Subaccount [Feature Set A].
  • You have installed and configured a Cloud Connector in your on-premise landscape for to the scenario you want to use. See Installation and Configuration.
  • You have deployed an application in a landscape of the Cloud Foundry environment that complies with the Business Application Pattern.
  • Your application is secured as described in .
  • The Connectivity service is a regular service in the Cloud Foundry environment. Therefore, to consume the Connectivity service from an application, you must create a service instance and bind it to the application. See Create and Bind a Connectivity Service Instance.
  • To get the required authorization for making on-premise calls through the connected Cloud Connector, the application must be bound to an instance of the xsuaa service using the service plan 'application'. The xsuaa service instance acts as an OAuth 2.0 client and grants user access to the bound application. Make sure you set the xsappname property to the name of the application when creating the instance. Find a detailed guide for this procedure in section 3. Creation of the Authorization & Trust Management Instance (aka XSUAA) of the SCN blog How to use SAP BTP Connectivity and Cloud Connector in the Cloud Foundry environmentInformation published on SAP site.

Back to Tasks

Basic Steps

To consume the Connectivity service from your Cloud Foundry application, perform the following basic steps:

Back to Tasks

Read Credentials from the Environment Variables

Consuming the Connectivity service requires credentials from the xsuaa and Connectivity service instances which are bound to the application. By binding the application to service instances of the xsuaa and Connectivity service as described in the prerequisites, these credentials become part of the environment variables of the application. You can access them as follows:

This code stores a JSON object in the credentials variable. Additional parsing is required to extract the value for a specific key.

Back to Tasks

Provide the Destination Information

To consume the Connectivity service, you must provide some information about your on-premise system and the system mappings for it in the Cloud Connector. You require the following:

We recommend that you use the Destination service (see Consuming the Destination Service) to procure this information. However, using the Destination service is optional. You can also provide (look up) this information in another appropriate way.

Back to Tasks

Set up the HTTP Proxy for On-Premise Connectivity

Proxy Setup

The Connectivity service provides a standard HTTP proxy for on-premise connectivity that is accessible by any application. Proxy host and port are available as the environment variables <onpremise_proxy_host> and <onpremise_proxy_http_port>. You can set up the on-premise HTTP proxy like this:


To make calls to on-premise services configured in the Cloud Connector through the HTTP proxy, you must authorize at the HTTP proxy. For this, the OAuth Client Credentials flow is used: applications must create an OAuth access token using using the parameters clientid and clientsecret that are provided by the Connectivity service in the environment, as shown in the example code below. When the application has retrieved the access token, it must pass the token to the connectivity proxy using the Proxy-Authorization header.

The sample code below uses the following Maven artifacts:


Back to Tasks

Authentication against the On-Premise System

Depending on the required authentication type for the desired on-premise resource, you may have to set an additional header in your request. This header provides the required information for the authentication process against the on-premise resource. See Authentication to the On-Premise System.

Back to Tasks

Specify a Cloud Connector Location ID

As of Cloud Connector 2.9.0, you can connect multiple Cloud Connectors to a subaccount if their location ID is different. Using the header SAP-Connectivity-SCC-Location_ID you can specify the Cloud Connector over which the connection should be opened. If this header is not specified, the connection is opened to the Cloud Connector that is connected without any location ID. This also applies for all Cloud Connector versions prior to 2.9.0. For example:

Back to Tasks

Multitenancy in the Connectivity Service

To consume the Connectivity service from an SaaS application in a multitenant way, the only requirement is that the SaaS application returns the Connectivity service as a dependent service in its dependencies list.

For more information about the subscription flow, see Develop the Multitenant Business Application.

Back to Tasks