Create an application connection to an SMP server without any dependencies on a native (iOS, Android, JS, etc.), third-party client.
Why not use MAF?
Because most REST service providers lack experience in native platforms, the client SDKs they offer are often underdeveloped and consist of little more than a wrapper around network calls and a few convenience methods for interacting with data from the service. In addition, their SDKs often do not follow platform conventions and are therefore prone to bugs, memory leaks, and other problems.
- SMP 3.0 SP04+ Runtime
- Eclipse Kepler with SAP Mobile Platform Tools installed
- Application configured with proper backend, authentication, and proxy settings
Gather required information. You’ll need to know the following:
device_type- Device you’re registering with (Android, Blackberry, iOS, iPad, iPhone, iPod, Windows, Windows 8, WinPhone8)
smp_server_id- SMP Server Id
smp_server_password- SMP Server Password
smp_server_url- URL for SMP Server
smp_server_port- Port used on SMP Server
smp_application_id- Your SMP Application Id
authorization_code- HTTP Basic Authorization header (Base64 encoded string of
Create Application Connection
To create a connection to your application, you’ll need to send an HTTP POST:
http://<smp_server_url>: <smp_server_port>/odata/applications/v2/\< smp_application_id>/Connections? $expand=FeatureVectorPolicy
Content-Type: application/atom+xml Accept: application/json X-SMP-APPCID: Authorization: Basic <authorization_code>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"> <content type="application/xml"> <m:properties> <d:DeviceType><device_type></d:DeviceType> </m:properties> </content> </entry>
If everything went well, you’ll receive a
201 response code. You’ll want to capture the
ApplicationConnectionId from the JSON response payload to be used as the
X-SMP-APPCID header, which will identify the application connection for future requests. The
ApplicationConnectionId is keyed under
Making Non-Modifying Requests (GET, HEAD, etc.) with an Application Connection
After successfully creating an application connection, you may use the resulting
ApplicationConnectionId to make requests which don’t modify data by including the
ApplicationConnectionId as an HTTP Header.
... X-SMP-APPCID: <ApplicationConnectionId> Authorization: Basic <authorization_code> ...
Making Modifying Requests (POST, PUT, etc.) with an Application Connection
To make requests which modify data you must include the
X-CSRF-Token header. This token prevents Cross-Site Request Forgery (CSRF). The token does expire after a short period of time, so it must be refreshed periodically. To fetch or refresh the token, add the following header to a non-modifying request:
... X-SMP-APPCID: Authorization: Basic X-CSRF-Token: FETCH ...
The token will be returned to you in the response headers.
... X-CSRF-Token: <token_value> ...
token_value in future requests the same way you fetched it, but replacing
FETCH with the value.
... X-CSRF-Token: <token_value> ...
If the server responds with a
403, you’ll know it’s time to refresh the token.
Now you’re ready to make authenticated requests using your newly created application connection independent from third-party code! This is the first step to building applications with the SCM. Stay tuned for an upcoming post on the next step: how to interact with your server using the OData protocol.
The documentation used to develop this workflow can be found here.