Authentication¶
You can configure your mobile application to access SAP Cloud Platform Mobile Services using the following authentication methods:
API Key Only (Anonymous Access)¶
Applications can be configured so that no authentication challenges are sent, and all application requests are processed anonymously. This is accomplished using the API Key Only authentication mechanism.
Prerequisite¶
The security configuration of the Mobile Services app must be set to API Key Only. This generates a default API Key, which can be used in the client application.
See Configuring App Security in CF for more information.
Using API Key in the Client Application¶
Using SAP Foundation Framework¶
Use APIKeyAuthenticationObserver
from SAPFoundation
to attach the API Key to all your application requests.
let apiKeyAuthenticationConfig: APIKeyAuthenticationConfig? = getAPIKeyAuthenticationConfig()
let apiKeyObserver = APIKeyAuthenticationObserver(apikeyCredentialDiscovery: DefaultAPIKeyCredentialDiscovery(using: apiKeyAuthenicationConfig), isAPIKeyAccessOnly: true)
let session = SAPURLSession()
session.register(apiKeyObserver)
//Start request to Resource URL
let request = URLRequest(url: <#resourceURL#>)
let dataTask = session.dataTask(with: request) { data, response, error in
// Handle the error and the response
}
dataTask.resume()
When you use API keys in your applications, ensure that they are kept secure during both storage and transmission. To help keep your API keys secure, use the obfuscate
and deobfuscate
functions in the Obfuscator
module, as shown here.
func getAPIKeyAuthenticationConfig() -> APIKeyAuthenticationConfig? {
let keyBytes = obfuscator.obfuscate(<API Key retrieved from Mobile Services>)
let obfuscator: Obfuscating = Obfuscator()
let key = obfuscator.deobfuscate([<Obfuscated byte array>])
return APIKeyAuthenticationConfig(apikeys: [key], isAPIKeyAccessOnly: true, allowAnonymousAccessFlag: false)
}
Note
If you are using SAPFioriFlows
in your application, you can use the APIKeyAuthenticationStep
directly to achieve Anonymous Access through API Key.
Using SAP Fiori Flows Framework¶
You can use the APIKeyAuthenticationStep
from SAPFioriFlows
, to attach the API Key to all your application requests.
public var onboardingSteps: [OnboardingStep] {
return [
self.configuredWelcomeScreenStep(),
CompositeStep(steps: SAPcpmsDefaultSteps.configuration),
APIKeyAuthenticationStep(config: self.getAPIKeyAuthenticationConfig()),
CompositeStep(steps: SAPcpmsDefaultSteps.settingsDownload),
CompositeStep(steps: SAPcpmsDefaultSteps.applyDuringOnboard),
...
]
}
public var restoringSteps: [OnboardingStep] {
return [
self.configuredStoreManagerStep(),
self.configuredWelcomeScreenStep(),
CompositeStep(steps: SAPcpmsDefaultSteps.configuration),
APIKeyAuthenticationStep(config: self.getAPIKeyAuthenticationConfig()),
CompositeStep(steps: SAPcpmsDefaultSteps.settingsDownload),
CompositeStep(steps: SAPcpmsDefaultSteps.applyDuringRestore),
...
]
}
func getAPIKeyAuthenticationConfig() -> APIKeyAuthenticationConfig? {
let obfuscator: Obfuscating = Obfuscator()
let key = obfuscator.deobfuscate([<Obfuscated byte array>])
return APIKeyAuthenticationConfig(apikeys: [key], isAPIKeyAccessOnly: true, allowAnonymousAccessFlag: false)
}
Note
If you use the SAP Cloud Platform SDK for iOS Assistant to create your application, then the necessary code is automatically generated. Choose API Key Only as the authentication mechanism during app creation.