Since a few years SAP Commerce provides an integration API which is easily modifiable in the SAP Commerce backoffice. This easy-to-use backoffice UI is providing quick tools to expose/update data between SAP Commerce and other systems. In this blog we will dive into the setup and look at the pros/cons of this solution.
Getting started with the integration API is straight forward. Simply loading the `integrationbackoffice` extension is sufficient to get started. This extension loads all the necessary components as well as the backoffice interface. Admin users can directly start using the integration API components.
Authentication & Authorization
The integration API has built in features to setup authentication and authorization. It is possible to connect to the API via basic and oauth2 authentication. Authorization is given based on integration/usergroup/itemtype combination.
For example: user with group “employeegroup” may read and update a “product” for integrationobject “OutboundProduct”.
Modelling the actual data to be exposed via de API has been made very easy. A user can select the itemtype to be exposed along with the attributes that should be present in the integration.
For example: a user wants to expose the itemtype “Product” with the attributes “code” and “name”, this can be done with just a few clicks.
Objects can also be nested within the response.
For example: from the previous product we would also like to know the name of all related categories. The user selects “supercategories” within product and selects “name” within Category itemtype. This will show the product with a list of categories which in turn shows the name of that category.
Pros & Cons
Modelling via the integration API UI is very easy and extremely flexible when an attribute needs to be added or removed. The exposed data is an exact representation of how the data is present within the SAP Commerce system. There are a few limited options for transforming data, but this is limited to exposing data as a new attribute in a primitive type. The integration API is not a good choice when you need to do a lot of custom mappings.
One of my biggest concerns is that the integration API does not respect catalog- and search-restrictions out of the box. This means that a user who has access to a certain type can see information for all instances of that type. The system using the API should be fully trusted with the data available.
Although there are some limitations in configuring the integration API it is a great tool to use for simple integrations with trusted systems. It is really flexible in configuration and works out of the box.