Hi guys, In this article I want to shared step by step about Working with PARTNER DIRECTORY. Because this is tutorial base on my understand about this. Kindly reference for more detail to known some concept about Partner Directory.


In this article I will share something

  • How to create and working with User Role ( Replace for default Role ESBMessaging.send)
  • How to create service key and call to integration flow with custom User Role ( Replace for default Role)
  • How to call integration flow with client certificate
  • How to create instance service Process Integration Runtime and service key to with plan is API to call ODATA API
  • How to configuration for partner directory run on two differently tenant. One for Partner Directory and one for Receiver.

NOTE : All configuration in this articles, using SAP CPI Cloud Foundry Environment. (CF)


Currently, I have 3 partner involve integration flow and It’s running on production live. And my customer required me add more partner into here. How can I do ?

Easy to do that by open designer integration flow, just drag partner and configure this integration flow. After done, transport it to production environment. That’s it. But seem like this way have something wrong. Something which my customer want that they can can add a lot of partner by configuration something as

Sender IDABC
Receiver partner IDXYZ
Receiver partner addressHTTPS://xxxx.com

And they just add this information into somewhere, after that, integration flow will collect this data and go to accordingly partner automatic.

Ok, I think with three this holidays, I will finish some article for this scenario and share with you.

I. Step by step working with Partner Directory


Two SAP Cloud Integration Tenant and configuration Integration Suite application and Process integration runtime to get Access Token

User administration of 2 tenant has role AuthGroup.Administrator, AuthGroup.IntegrationDeveloper

One user which use to send message to Partner Directory Tenant ( can you Integration Developer or Tenant Administration. In this article, We call this user is COMMUNITION USER

Key store must have alias sap_cloudintegrationcertificate Or hcicertificate

Step 1 : Create integration flow on receiver tenant.

  • Create integration flow on receiver tenant with following information
Sender Adapter
Content Modifier
Data Typejava.lang.String
Message Body
<Content>Receiver_1 welcome ${property.SENDER_ID}</Content>
  • Create new user role : receive1.send

After done, go to Role from tenant, we will see this ROLE

  • Next, assign user to this ROLE. Because user just use ROLE collection, so we will create custom ROLE collection before, add ROLE receiver_1.send to this ROLE Collection and then, assign user to this ROLE Collection.
  • Add Role Collection for User
  • Update parameter of instance process integration runtime and create new service key
  • Create service key
  • After done, we have configure file look like
  • Test integration flow at POSTMAN
  • Create one more receiver with the same way above.
  • address /receiver_2
  • User Role : receiver_2.send
  • Test Receiver_2 on POSTMAN

Step 2 : Create integration flow on Partner Directory Tenant

Sender Adapter
User RoleESBMessage.send
CSRF ProtectedUnchecked
Content Modifier
Receiver Adapter

This is code groovy script to get data from Partner Directory and set to PROERTY RECEIVER_ADDRESS

import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import com.sap.it.api.pd.PartnerDirectoryService;
import com.sap.it.api.ITApiFactory;
def Message processData(Message message) {
       def service = ITApiFactory.getApi(PartnerDirectoryService.class, null); 
       if (service == null){
          throw new IllegalStateException("Partner Directory Service not found");
       def map = message.getProperties();
       def receiverId = map.get("RECEIVER_ID");
       if (receiverId == null){
          throw new IllegalStateException("Receiver ID is not set in the property 'RECEIVER_ID'")      

     def parameterValue = service.getParameter("ADDRESS", receiverId , String.class);
     if (parameterValue == null){
        throw new IllegalStateException("ADDRESS parameter not found in the Partner Directory for the partner ID "+receiverId);      

      message.setProperty("RECEIVER_ADDRESS", parameterValue );

       return message;

Step 3 : Adding Partner Information to the Partner Directory

Because of partner directory including information of partners, tenant administration will put data into here and from there CPI will get dynamic data to call to another flow.


Partner Information include two parts. One for receiver and one for sender. We call API string parameter mean We are configuring for Receiver. In this API, field Pid (Partner ID) is ID of Receiver

To add information into Partner Directory, we will use ODATA API of Partner Directory. Kindly reference here to get more details another ODATA API.


Because of this is ODATA API, they need one access token to connect. Client have to use information from service key which created service Process Integration with plan API, not plan integration flow. Kindly take a look from below image

  • Install service Process Integration with plan is API to get access token for ODATA API
  • Create service key

After done, we have

client IDClient Id to get access token
Client SecretClient secret to get access token
Token URLURL of authorize server
  • Get all String Parameters of partner directory : URL + api/v1/StringParameters
  • As Step 1 we have integration flow of receiver_1 and receiver_2 as
  • Create partner information in Partner Directory
  • Check partner information by method GET of API

In this time, we begin run test integration flow of Partner Directory.

We will receiver error

This error happen because We use client-certificate authentication for the calls from the Partner Directory integration flow to the receivers. Therefore, we have to exchange the client certificate with the receivers so that a certificate-user mapping can be performed on the receiver tenant.

For fix this issue, we have to configure client certificate.

Step 4 : Exchanging Client Certificate with the Receivers

  • Go to the SAP Cloud  Integration WEBUI of your tenant where the Partner Directory integration flow is running and navigate to Monitor > Keystore
  • Choose the entry with the alias “hcicertificate” or “sap_cloudintegrationcertificate” and select the button for the entry actions. Choose “Download Certificate”.
  • This will download the X.509 Certificate for the key-pair.
  • Open this cert, copy it. This text will have format like —– BEGIN CERTIFICATE—– XXXX —– END CERTIFICATE—–
  • Go to Receiver Tenant, create service key with Key Type is External Certificate and paste Cert which download above in here
  • Run test integration flow of partner directory tenant again

This times, we receive one more ISSUE about Unauthorize. This issue happen because in partner directory, we have to configure Authorize user.

Another important entity type of the Partner Directory is the Authorized User. An Authorized User entry assigns a communication user to a partner ID. A communication user can only be assigned to exactly one partner ID, but a partner ID can have several communication users. When an Authorized User entry is created, automatically the role ESBMessaging.send is assigned to the user in the (worker node) application (iflmap), so that this communication user can execute inbound calls to an integration flow.

OK, we will use ODATA API about Authorize User to fix Issue. For more detail about Authorize user in Partner Directory, kindly reference here

  • Create authorize user : https://URL + /api/v1/AuthorizedUsers
PidPartner ID of sender ( SenderPartnerId)
UserUser communication ( Ex : Client ID in service key)
  • Run test again we get successful.

NOTE : For improve performance, CPI will cache information of Partner Directory. Kindly reference https://help.sap.com/docs/CLOUD_INTEGRATION/368c481cd6954bdfa5d0435479fd4eaf/1577f7742507413081f50c3c80a9bd7a.html?version=Cloud for more details


In this article, I shared step by step how to working with Partner Directory. I also talk about APIs of Partner Directory as String Parameters, Authorize Users and how to call them with client access token. Thanks for your reading and any question, kindly leave your comment below this.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.