Tiven Wang
Wang Tiven November 18, 2016
425 favorite favorites
bookmark bookmark
share share

The project codes for this article can be downloaded from Github.

What is YaaS

YaaS (Hybris as a Service) is a microservices ecosystem helping businesses to rapidly augment and build new, highly flexible solutions. Two role in YaaS, one is provider, another is consumer. As a provider, add new microservice-based features to your products or create your own services and apps from scratch. As a business, subscribe to YaaS services and add new capabilities to your applications.

YaaS Diagram
YaaS Diagram

As a Provider

As a provider, you can create a service in YaaS, before that you need to create a service in the HANA Cloud Platform, other programming languages or Java technologies are supported. Once you have a REST web service that is deployable on the web, continue to create a service in YaaS.

These two series articles introduced two approach about how to create a service on HCP:

Application on Cloud Foundry

In this article, use the application on HCP cloud foundry service to provide the microservices to YaaS.

Change the application code from the first series articles to process requests from YaaS.

Application Code

For testing getting the information from YaaS, you can add an Express routing to return the information in the body of response in the messages module.

// for testing getting information from YaaS
oApp.get('/api/yaas', function (req, res) {
    reqMethod: req.method,
    reqUrl: req.url,
    reqHeaders: req.headers

The other Express routings:

  • get /api/message
  • post /api/message
  • get /api/message/:id
  • delete /api/message/:id
  • put /api/message/:id

The rest of the application don’t need to be changed.

Push Application

Push the application to HCP Cloud Foundry, you will get to access the urls: Base url https://digital-account.cfapps.us10.hana.ondemand.com/api and the sub-paths:

  • get /yaas
  • get /message
  • post /message
  • get /message/:id
  • delete /message/:id
  • put /message/:id

Publish Service in YaaS

Register a Service in the Builder

Register Service in Builder

Follow the tutorial Register a Service in the Builder, register the app on HCP cloud foundry service in the YaaS builder.

The base path for the application will be the source url, and the generated proxy url follows the pattern


Register a Service in YaaS
Register a Service in YaaS

This app will get the generated proxy url


Authorization Rules

Authorization rules enable you to secure your service by assigning scopes for different operations without having to write any code. We will skip the service scopes that will be introduced in the next topics.

Create a new rule, add the sub-path of the cf application as it’s path, and select methods, check the Skip Authorization or not.

Create a new Authorization Rule
Create a new Authorization Rule

All of the rules for the service:

Authorization Rules in Service
Authorization Rules in Service

Test Authorization Rules

Now you can test authorization rules of the service, the path /yaas will be protected by the security of YaaS:

get https://digital-account.cfapps.us10.hana.ondemand.com/api/yaas Response:

  "reqMethod": "GET",
  "reqUrl": "/api/yaas",
  "reqHeaders": {
    "host": "digital-account.cfapps.us10.hana.ondemand.com",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
    "accept": "*/*",
    "accept-encoding": "gzip, deflate, sdch, br",
    "accept-language": "en,en-US;q=0.8,zh-CN;q=0.6,zh;q=0.4,ja;q=0.2,zh-TW;q=0.2",
    "cache-control": "no-cache",
    "postman-token": "0f454f39-4fc5-125d-5992-4c7d57124055",
    "x-cf-applicationid": "e37b63cd-7abf-491e-9b39-265510dad5fa",
    "x-cf-instanceid": "6251ce475f5d4c9b8518d530726dd67ec3b3c3230b7b42e9a890ec23c02dea85",
    "x-forwarded-for": ",",
    "x-forwarded-proto": "https",
    "x-request-start": "1479694510611",
    "x-vcap-request-id": "a58d387e-d7b3-41fd-6080-c96d7c4f9ed2",
    "connection": "close"

get https://api.yaas.io/tiven-labs/digital-account/v1/yaas Response:

  "status": 401,
  "message": "Unauthorized: Bearer TOKEN is missing",
  "type": "insufficient_credentials",
  "moreInfo": "https://api.yaas.io/patterns/errortypes.html"

post https://api.yaas.io/tiven-labs/digital-account/v1/message body:

  "result": [
        "text":"Hello world!"


  "id": "WB1519-3872640834"

Add to Package

YaaS centers around packages because they are the main commodity. You can use existing packages by subscribing to them in the YaaS Market, or you can create your own packages using the Builder. A package is a bundle that contains at least one service or Builder module.

  1. Create a package in YaaS builder.
  2. Include the service in the package.

As a consumer

As a business user, you can consume a service.

Subscribe a Service

  • Create a Project

    Create another Project in YaaS, the project consumes the service from provider. Create a Consumer Project

  • Add Allowed Projects in Access Control

    Add the Allowed Projects who want to access the package in access control of the package using project identifier. Allowed Project in Access Control

  • Add Private Subscriptions in Consumer Project

    Add the package as a private package subscription by Version ID

Create a Client in Consumer Project

The projects use clients to access the services. The client is an OAuth2 client application created within a project. After the tenant subscribes to a package that includes the client, it can access data from other tenants.

Test by Consumer

Now it is time to test accessing the YaaS service by the client credentials.

Authorization using Client Credentials

OAuth2 is the authorization service for YaaS. It implements the OAuth 2.0 framework and provides account authentication and authorization with the use of access tokens.

Use this endpoint /token to obtain an access token for a client

Authorization using Client Credentials
Authorization using Client Credentials

Access Service using Access Token

Now you can use the token to access the service apis, then you will get the response with hybris attributes

Access Service using Access Token
Access Service using Access Token

You can also get the authorization using grant_type as ‘password’.

More about Security for YaaS.

More about OAuth2 for YaaS.

Next Steps

OAuth2 with YaaS

Similar Posts


Back to Top