We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management. – Nicolas Gabetty
Coop Atlantique is a supermarket and hypermarket specialist who faced several challenges in integrating SAP with their service architecture while ensuring secure, scalable exposure of APIs. Coop Atlantique initially tested KrakenD’s community version to evaluate its capabilities. Once confirmed, they transitioned to the Enterprise License for enhanced features essential to their architecture. Coop Atlantique had the following requirements:
- Be able to manage multiple identity providers with JWT token authentication.
- Comply with SAP’s stringent interface requirements.
- Standardize JSON responses for uniform data consumption.
- Implement advanced token validation for better access control.
- Centralized monitoring and logging for proactive anomaly detection and quick issue resolution.
Why KrakenD for SAP Integration?
After evaluating various solutions through multiple Proofs of Concept (POCs), and given the critical nature of the SAP Integration, Coop Atlantique chose KrakenD due to its:
- Robust architecture capable of handling complex integration requirements, including SAP.
- Flexible tools for dynamic header customization, response formatting, and advanced authentication management.
- Enterprise-level features that supported data transformation, security, and API management.
Solutions and Implementation
The project’s success was keyed to the ability to use tokens generated in multiple identity providers for a secure SAP integration. To do that, Coop Atlantique implemented KrakenD’s JWK aggregator. This feature allowed the integration of JWK URLs from multiple Keycloak realms, simplifying the management of certificates and reducing authentication errors.
In addition, the cooperative implemented KrakenD’s authentication validator to manage advanced role-based access control using nested roles extracted from JWT tokens. This ensured permissions were applied accurately across various SAP-related services and strengthened API security by enabling granular access control tailored to Coop Atlantique’s needs.
Another SAP requirement was that all gateway interactions needed an independent authentication from the one used by end-users. Coop Atlantique used KrakenD’s Martian modifier to set headers and request parameters. This capability ensured that essential parameters, such as authorization headers and sap-client, were correctly included in API requests to meet SAP requirements.
When it comes to responses, SAP’s response structures often required reformatting to meet Coop Atlantique’s internal data consumption standards. Using built-in data manipulations allowed for consistent data structures, reduced client-side interpretation errors, and improved development efficiency.
Finally, real-time monitoring with centralized logging was a must, so Coop Atlantique integrated KrakenD’s telemetry capabilities with Graylog via GELF. This setup provided a centralized view of API logs and activity, which improved responsiveness and reliability through quick anomaly detection and issue resolution.
Benefits of the gateway in front of SAP
The benefits of choosing this setup were:
- Enhanced security and efficiency: Coop Atlantique achieved secure and reliable service exposure, reducing the risk of authentication errors while ensuring compatibility with SAP.
- Development efficiency: KrakenD’s header adaptation and response formatting tools simplified the development process, minimized errors, and shortened development cycles.
- Proactive monitoring: Centralized log analysis allowed the team to gain real-time insights and act swiftly on potential issues, improving overall system reliability.
Conclusion
KrakenD provided Coop Atlantique with a robust, adaptable solution to meet their complex SAP integration and security needs. The Enterprise License further empowered them with essential tools that streamlined development, enhanced security, and enabled seamless communication with SAP, solidifying KrakenD as an integral part of their digital infrastructure.
