SAP Gateway Connection Details

Introduction

Connector Version

This documentation is based on version 25.0.9368 of the connector.

Get Started

SAP Gateway Version Support

The connector leverages the SAP Gateway API to enable bidirectional access to SAP services that use the gateway. This includes but is not limited to S/4 HANA, S/4 HANA Cloud, ERP, and any other editions that support the SAP Gateway.

Establish a Connection

Connect to SAP Gateway

SAP Gateway provides three ways to connect to data:

To connect to your own local data via the desktop (non-browser connection, referred to below as "basic authentication"), use

the -supplied embedded OAuth application.
To connect to shared data over the network (browser connection), use a custom OAuth application.

To access SAP Gateway tables, set the following connection properties:

URL = the URL of your environment, or the full URL of the service. For example, the full URL might appear as: https://sapes5.sapdevcenter.com/sap/opu/odata/IWBEP/GWSAMPLE_BASIC/. In this example, the environment URL would just be: https://sapes5.sapdevcenter.com. Add any additional properties using the CustomUrlParams property.
Namespace = the appropriate Service Namespace. In the example above, IWBEP is the namespace. It is optional if the full URL to the service is specified.
SAP Gateway = the service from which you want to retrieve data. In the example above, the service is GWSAMPLE_BASIC. It is not required if the full URL is specified.
CustomURLParams = any required additional properties that need to be included with the HTTP request; for example, sap-client=001&sap-language=EN.

Authenticate to SAP Gateway

SAP Gateway allows both basic and OAuth 2.0 authentication. Use basic authentication to connect to your own account, or use OAuth to authenticate to shared data via a browser connection.

Basic

To enable basic authentication, set the following properties:

AuthScheme = Basic.
User = the username you use to log in to SAP Gateway.
Password = the password you use to log in to SAP Gateway.

After you set the above properties are set, you are ready to connect. Use your personal credentials to access your local data.

OAuth

The following subsections provide details about authenticating from a desktop application, the web, or a headless machine. For information about creating a custom OAuth application, see Creating a Custom OAuth Application.

Desktop Applications

To authenticate with the credentials for a custom OAuth application, you must get and refresh the OAuth access token. After you do that,

you are ready to connect.

Get and Refresh the OAuth Access Token

OAuthClientId = the client ID assigned when you registered your application.
OAuthClientSecret = the client secret that was assigned when you registered your application.
CallbackURL = the redirect URI that was defined when you registered your application.

When you connect, the connector opens SAP Gateway's OAuth endpoint in your default browser.

Log in and grant permissions to the application. The connector then completes the OAuth process:

The connector obtains an access token from SAP Gateway and uses it to request data.
The OAuth values are saved in the path specified in OAuthSettingsLocation. These values persist across connections.

When the access token expires, the connector refreshes the access token automatically.

SAP BTP Destination Authentication

To authenticate using SAP BTP Destination Service, you can configure the connector to retrieve authentication details automatically from your SAP BTP destination. This method simplifies authentication by handling token management internally.

To enable authentication via SAP BTP Destination Service, set the following connection properties:

AuthScheme = SAPBTP
InitiateOAuth = GETANDREFRESH.
OAuthClientId = The client ID associated with your SAP BTP Destination Service. Can be found in the service key of the Destination Service instance under the clientid field.
OAuthClientSecret = The client secret associated with your SAP BTP Destination Service. Can be found in the service key of the Destination Service instance under the clientsecret field.
OAuthAccessTokenURL = The URL of the SAP BTP OAuth token endpoint used to obtain an access token for the destination. Can be found in the service key of the Destination Service instance under the URL field.
DestinationName = The name of the SAP BTP destination configured to hold the credentials of the service you want to connect to.
DestinationURL = The URL of the SAP BTP Destination Service API. Can be found in the service key of the Destination Service instance under the uri field.

After configuring the above properties, the connector handles the authentication flow automatically. You do not need to manage tokens or authentication details manually, making this AuthScheme useful especially for headless machines.

See Creating a SAP Gateway Destination for information on how to create a SAP Gateway Destination.

Create a Custom OAuth Application

Creating an OAuth application for accessing SAP Gateway entails creating a service user in the SAP APAB Security and Identity Management Console and registering the new OAuth 2.0 Client ID with the creation wizard.

Create a Service User for the OAuth 2.0 Client

This procedure creates a service user whose Client ID is identical with the username the OAuth client uses to request an access token.

This user is normally named LEAVEAPP.

Navigate to the SAP ABAP Security and Identity Management console.
Start transaction SU01. The console displays the User Maintenance: Initial Screen.
Enter the user name for the OAuth client's service user; for example, LEAVEAPP.
Click Create or press F8. The console displays the Maintain Users screen.
Ensure that the Address tab is selected, and enter a last name for the new user; for example, LEAVEAPP.
Still in the Maintain Users window, click the Logon Data tab.
At the User Type dropdown, choose System.
At the Password section, in the New Password field, choose Generate. The system generates a password for the new user

and displays it in the Maintain Users message section.
Copy the displayed password and use it in the configuration of your Client Application.
Click the Save icon and exit transaction SU01.

Register the New User With the Creation Wizard

This procedure registers the new user you just created, and creates a new leave request application, also named LEAVEAPP.

Navigate to the SAP ABAP Security and Identity Management console.
Start transaction SU02. The console displays the OAuth 2.0 Administration screen.
Choose Create. The console starts the Create OAuth 2.0 Client wizard.
At the Client ID field, enter LEAVEAPP.
Enter a short description for the new client.
If desired, adjust the value in the Token Lifetime field. (The default lifetime of an issued access token is one hour, expressed as

3600s. You may want to shorten this lifetime for security reasons.)
Click Next. The console displays the Client Authentication Details screen.
Define the resource owner authentication details:
- To permit Research Owner authentication with authorization code type "grand", select "Grant Type Authorization Code Active".
- Specify a redirect URL of https://oauth.cdata.com/oauth/.
Click Next. The console displays the Scope Assignment screen.
At Scope Assignment, add the following two scopes: ZLEAVEREQUEST_0001 and ZLEAVEREQUESTAPPR_0001. (For an overview of available OAuth 2.0 Scope IDs, press F4-Help.)
Click Next. The console displays the OAuth 2.0 Client Summary screen.
Check the OAuth 2.0 Client Summary to be sure it looks as you expect, then click Finish.

Create a SAP Gateway Destination

To establish a connection to your SAP Gateway using the SAPBTP AuthScheme, you need to create a SAP BTP Destination and generate a service key for the corresponding service instance.

Create a Destination to your SAP Gateway instance

In this step, you will create a connection between SAP BTP and your SAP Gateway instance.

Login to SAP BTP Cockpit and navigate to the SAP BTP subaccount.
Under Services > Instances and Subscriptions, select the Destination instance where your SAP Gateway Destination is located. If there is no Destination service, you should create a new one via the Create button.
In the left navigation panel click Destinations, under Connectivity and click on Create Destination.
Configure the below Destination properties with your selected authenticaiton method. In this example we are using Basic Authentication.
- Name: ES5 or if using a shared account, <unique id>_ES5
- Type: HTTP
- Description: SAP Gateway ES5
- URL: Your SAP Gateway service URL
- Proxy Type: Internet
- Authentication: BasicAuthentication
- User Name: Your ES5 Gateway user
- Password: Your ES5 Gateway password
Check the Use default JDK truststore checkbox.
Enter the following Additional Properties depending on your SAP Gateway configuration by clicking the New Property button for every new property.
- Type: true
- Type: Gateway
- Type: odata_abap,dev_abap
- Type: ABAP
- Type: 002
- Type: true
Lastly, click Save and verify the connection by clicking on Check Connection.

You can set the name of the created SAP Gateway Destination to the DestinationName connection property.

Create a Service Key

In this step, you will create a Service Key between SAP BTP and your SAP Gateway instance.

Login to SAP BTP Cockpit and navigate to the SAP BTP subaccount.
Under Services > Instances and Subscriptions, select the Destination instance where your SAP Gateway Destination is located.
On the opened tab for the selected instance, click Service Keys > Create.
Provide a name for your service key and click Create.
Once the Service Key is generated, you will find the following connection property values mapped to the corresponding keys:
- DestinationURL > uri
- OAuthClientId > clientid
- OAuthClientSecret > clientsecret
- OAuthAccessTokenURL > url

These values are necessary for configuring your connection properties to your SAP Gateway instance.

Important Notes

Configuration Files and Their Paths

All references to adding configuration files and their paths refer to files and locations on the Jitterbit agent where the connector is installed. These paths are to be adjusted as appropriate depending on the agent and the operating system. If multiple agents are used in an agent group, identical files will be required on each agent.

Advanced Features

This section details a selection of advanced features of the SAP Gateway connector.

User Defined Views

The connector supports the use of user defined views, virtual tables whose contents are decided by a pre-configured user defined query. These views are useful when you cannot directly control queries being issued to the drivers. For an overview of creating and configuring custom views, see User Defined Views.

SSL Configuration

Use SSL Configuration to adjust how connector handles TLS/SSL certificate negotiations. You can choose from various certificate formats. For further information, see the SSLServerCert property under "Connection String Options".

Proxy

To configure the connector using private agent proxy settings, select the Use Proxy Settings checkbox on the connection configuration screen.

Query Processing

The connector offloads as much of the SELECT statement processing as possible to SAP Gateway and then processes the rest of the query in memory (client-side).

For further information, see Query Processing.

Log

For an overview of configuration settings that can be used to refine logging, see Logging. Only two connection properties are required for basic logging, but there are numerous features that support more refined logging, which enables you to use the LogModules connection property to specify subsets of information to be logged.

User Defined Views

The SAP Gateway connector supports the use of user defined views: user-defined virtual tables whose contents are decided by a preconfigured query. User defined views are useful in situations where you cannot directly control the query being issued to the driver; for example, when using the driver from Jitterbit.

Use a user defined view to define predicates that are always applied. If you specify additional predicates in the query to the view, they are combined with the query already defined as part of the view.

There are two ways to create user defined views:

Create a JSON-formatted configuration file defining the views you want.
DDL statements.

Define Views Using a Configuration File

User defined views are defined in a JSON-formatted configuration file called UserDefinedViews.json. The connector automatically detects the views specified in this file.

You can also have multiple view definitions and control them using the UserDefinedViews connection property. When you use this property, only the specified views are seen by the connector.

This user defined view configuration file is formatted so that each root element defines the name of a view, and includes a child element, called query, which contains the custom SQL query for the view.

For example:

{
    "MyView": {
        "query": "SELECT * FROM SampleTable_1 WHERE MyColumn = 'value'"
    },
    "MyView2": {
        "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
    }
}

Use the UserDefinedViews connection property to specify the location of your JSON configuration file. For example:

"UserDefinedViews", "C:\Users\yourusername\Desktop\tmp\UserDefinedViews.json"

Define Views Using DDL Statements

The connector is also capable of creating and altering the schema via DDL Statements such as CREATE LOCAL VIEW, ALTER LOCAL VIEW, and DROP LOCAL VIEW.

Create a View

To create a new view using DDL statements, provide the view name and query as follows:

CREATE LOCAL VIEW [MyViewName] AS SELECT * FROM Customers LIMIT 20;

If no JSON file exists, the above code creates one. The view is then created in the JSON configuration file and is now discoverable. The JSON file location is specified by the UserDefinedViews connection property.

Alter a View

To alter an existing view, provide the name of an existing view alongside the new query you would like to use instead:

ALTER LOCAL VIEW [MyViewName] AS SELECT * FROM Customers WHERE TimeModified > '3/1/2020';

The view is then updated in the JSON configuration file.

Drop a View

To drop an existing view, provide the name of an existing schema alongside the new query you would like to use instead.

DROP LOCAL VIEW [MyViewName]

This removes the view from the JSON configuration file. It can no longer be queried.

Schema for User Defined Views

In order to avoid a view's name clashing with an actual entity in the data model, user defined views are exposed in the UserViews schema by default. To change the name of the schema used for UserViews, reset the UserViewsSchemaName property.

Work with User Defined Views

For example, a SQL statement with a user defined view called UserViews.RCustomers only lists customers in Raleigh:

SELECT * FROM Customers WHERE City = 'Raleigh';

An example of a query to the driver:

SELECT * FROM UserViews.RCustomers WHERE Status = 'Active';

Resulting in the effective query to the source:

SELECT * FROM Customers WHERE City = 'Raleigh' AND Status = 'Active';

That is a very simple example of a query to a user defined view that is effectively a combination of the view query and the view definition. It is possible to compose these queries in much more complex patterns. All SQL operations are allowed in both queries and are combined when appropriate.

SSL Configuration

Customize the SSL Configuration

To enable TLS, set the following:

URL: Prefix the connection string with https://

With this configuration, the connector attempts to negotiate TLS with the server. The server certificate is validated against the default system trusted certificate store. You can override how the certificate gets validated using the SSLServerCert connection property.

To specify another certificate, see the SSLServerCert connection property.

Data Model

The SAP Gateway connector models SAP Gateway entities in relational Tables, Views, and Stored Procedures. The table definitions are dynamically obtained from the OData service you connect to. Any changes in the metadata, such as added or removed columns or changes in data type, can be loaded by reconnecting.

Tables

The connector models the writable entity sets and singletons described in the service metadata document as bidirectional Tables.

Views

Some OData entities can only be accessed through Navigation Properties. By default, the connector models navigation properties as separate views. See Views for more information on querying navigation properties.

Stored Procedures

Stored Procedures are function-like interfaces to the data source. They can be used to search, update, and modify information

in the data source.

Tables

The connector exposes tables for every entity set and singleton defined on the OData service document. Entities on these tables may be inserted, updated, or deleted using standard SQL insert, update, or delete statements.

Executing Deep Inserts with SQL

The connector supports OData deep inserts, in which you simultaneously create a base entity and link it to related entities, by specifying navigation properties. To specify Navigation Properties for an entity, you create a temporary table for the navigation property and then reference the temporary table in the insert to the base table. Reference the temporary table in the appropriate navigation property column on the base table. Each navigation property column is prefixed with the word "Linked".

Note that you must define the temporary tables and insert to the base entity within the same connection. Alternatively you can provide a JSON/XML aggregate to instead of the temporary table.

Example: Deep Inserts in SAP Gateway

For example, consider the GWSAMPLE_BASIC service. On GWSAMPLE_BASIC, there is a SalesOrder table. When creating a SalesOrder, you must specify a new SalesOrderLineItem and an existing BusinessPartner. To do so, you can specify the following navigation properties.

Creating Temporary Tables

Insert the related entities into temporary tables that correspond to each navigation property. You can specify an existing entity's primary key or you can insert a new entity.

SalesOrderLineItems: The following statements add two SalesOrderLineItems to the SalesOrder:

INSERT INTO SalesOrderLineItems#TEMP (ProductID, Quantity) VALUES ('P001', 15)


INSERT INTO SalesOrderLineItems#TEMP (ProductID, Quantity) VALUES ('P002', 10)

BusinessPartners: The following statement specifies the existing BusinessPartner:
```
INSERT INTO BusinessPartners#TEMP (BusinessPartnerID)
VALUES ('BP001')
```

Note

BusinessPartner can also be specified via the CustomerID property directly on the SalesOrder. This example is not using that column due to the possibility that a suitable foreign key may not always be available.

The SAP Gateway connector will assume that the BusinessPartner already exists and will only link to the existing references since only the primary keys was specified. When more than just the primary key is defined, such as the example for SalesOrderLines, the SAP Gateway connector will attempt to create new entries - triggering the deep insert.

Inserting the Entity

In the INSERT statement for the base entity, reference the temporary tables in the LinkedToLineItems and LinkedToBusinessPartner columns:

INSERT INTO SalesOrders (Note, LinkedToLineItems, LinkedToBusinessPartner)
VALUES ('New sales order', 'SalesOrderLineItems#TEMP', 'BusinessPartners#TEMP')

Code Example

Below is the complete code to create the new ExternalUser:

Connection conn = DriverManager.getConnection(connectionStr);
Statement stat = conn.createStatement();
stat.executeUpdate("INSERT INTO SalesOrderLineItems#TEMP (ProductID, Quantity) VALUES ('P001', 15)");

stat.executeUpdate("INSERT INTO SalesOrderLineItems#TEMP (ProductID, Quantity) VALUES ('P002', 10)");

stat.executeUpdate("INSERT INTO BusinessPartners#TEMP (BusinessPartnerID) VALUES ('BP001')");

stat.executeUpdate("INSERT INTO SalesOrders (Note, LinkedToLineItems, LinkedToBusinessPartner) VALUES ('New sales order', 'SalesOrderLineItems#TEMP', 'BusinessPartners#TEMP')");

stat.close();

Using Aggregates

Below is an example of providing multiple Order Line Items as a JSON aggregate:

INSERT INTO SalesOrderSet (Note, CustomerID, LinkedToLineItems) VALUES ('New sales order', '0100000001', '
    [
      {
          "ProductID": "HT-1001",
          "Quantity": 2,
          "Note": "Test aggregate 1",
          "DeliveryDate": "2024-12-20 13:20:10"
      },
      {
          "ProductID": "HT-1001",
          "Quantity": 4,
          "Note": "Test aggregate 2",
          "DeliveryDate": "2024-12-20 13:20:10"
      }
  ]
')

Views

By default, the connector models Navigation Properties as separate views. The views are named in the format ParentTable_NavigationProperty.

For an example of working with a navigation property as a view, consider the GWSAMPLE_BASIC service. The SalesOrder entity has the ToLineItems navigation property. The SAP Gateway connector will display a view called SalesOrders_ToLineItems. Retrieving data from SalesOrders_ToLineItems will display the SalesOrderLineItems objects associated with a given SalesOrder. The SalesOrders_ToLineItems view has a primary key made up of the ID of the parent entity and the ID of the related entity.

Note that the GWSAMPLE_BASIC sample service also contains foreign keys directly on each entity, such as a SalesOrderID directly on the SalesOrderLineItems table. In this case, the same effect can be achieved by simply retrieving data from the SalesOrderLineItems table directly. However, it is not a requirement in OData to have these foreign keys, nor is it a guarantee that each navigation property will be exposed individually as their own table. Since there is no way of knowing beforehand what might be exposed on its own endpoint, the SAP Gateway connector will display both the view and the table. In general, it is best to use Tables when available, and views only when necessary (ie: not table is displayed, or no foreign keys can be used to identify relationships).

Navigation Properties

In OData, a navigation property is a property on an entity that is itself either a single entity or list of entities.

A single-entity navigation property signifies a one-to-one relationship. For example, consider the GWSAMPLE_BASIC SAP Gateway endpoint. The ProductSet contains a ToSupplier navigation property, which references a single BusinessPartner entity.

An entity set navigation property signifies a one-to-many relationship. For example, consider the GWSAMPLE_BASIC SAP Gateway endpoint. The ProductSet contains a ToSalesOrderLineItems navigation property, which references many SalesOrderLineItem objects.

Navigation properties in OData link related entities. Similarly, in a relational database, a foreign key serves to link tables. For example, the SalesOrderLineItem record contains the ProductID column, which uniquely identifies what Product the SalesOrderLineItem is using.

Select

It can be used to retrieve associated entites. See Views for more information on querying navigation properties.

Insert

The connector supports OData deep inserts. See Tables for more information on specifying navigation properties when you create an entity.

Stored Procedures

Stored procedures are function-like interfaces that extend the functionality of the connector beyond simple SELECT/INSERT/UPDATE/DELETE operations with SAP Gateway.

Stored procedures accept a list of parameters, perform their intended function, and then return any relevant response data from SAP Gateway, along with an indication of whether the procedure succeeded or failed.

SAP Gateway Connector Stored Procedures

Name	Description
`GetOAuthAccessToken`	Gets the OAuth access token from SAPGateway.
`GetOAuthAuthorizationURL`	Gets the SAPGateway authorization URL. Access the URL returned in the output in a Web browser. This requests the access token that can be used as part of the connection string to SAPGateway.
`RefreshOAuthAccessToken`	Refreshes the OAuth access token used for authentication with SAPGateway.

GetOAuthAccessToken

Gets the OAuth access token from SAPGateway.

Input

Name	Type	Required	Description
`AuthMode`	`String`	False	The type of authentication mode to use. The allowed values are APP, WEB. The allowed values are APP, WEB. The default value is WEB.
`Verifier`	`String`	False	The verifier token returned by SAPGateway after using the URL obtained with GetOAuthAuthorizationURL. Required if AuthMode is set to WEB.
`CallbackUrl`	`String`	False	The URL the user will be redirected to after authorizing your application.
`Scope`	`String`	False	The scope or permissions you are requesting. In AuthMode = APP, the scope must be provided unless it's defined as a connection property.
`State`	`String`	False	Any value that you wish to be sent with the callback.
`PKCEVerifier`	`String`	False	Specifies 128 bytes of random data with high entropy to make guessing the code value difficult. Used when AuthScheme=OAuthPKCE.

Result Set Columns

Name	Type	Description
`OAuthAccessToken`	`String`	The authentication token returned from SAPGateway.
`OAuthRefreshToken`	`String`	A token that may be used to obtain a new access token.
`ExpiresIn`	`String`	The remaining lifetime for the access token in seconds.

GetOAuthAuthorizationURL

Gets the SAPGateway authorization URL. Access the URL returned in the output in a Web browser. This requests the access token that can be used as part of the connection string to SAPGateway.

Input

Name	Type	Required	Description
`CallbackUrl`	`String`	False	The URL that SAPGateway will return to after the user has authorized your app.
`Scope`	`String`	False	The scope or permissions you are requesting.
`State`	`String`	False	An opaque value used by the client to maintain state between the request and callback.
`PKCEVerifier`	`String`	False	Specifies 128 bytes of random data with high entropy to make guessing the code value difficult. Used when AuthScheme=OAuthPKCE.

Result Set Columns

Name	Type	Description
`PKCEVerifier`	`String`	The auto generated 128 bytes of random data. Used when AuthScheme=OAuthPKCE.
`URL`	`String`	The URL to be entered into a Web browser to obtain the verifier token and authorize the data provider with.

RefreshOAuthAccessToken

Refreshes the OAuth access token used for authentication with SAPGateway.

Input

Name	Type	Required	Description
`OAuthRefreshToken`	`String`	True	The refresh token used to refresh the old token.

Result Set Columns

Name	Type	Description
`OAuthAccessToken`	`String`	The authentication token returned from SAPGateway.
`OAuthRefreshToken`	`String`	The refresh token returned from SAPGateway.
`ExpiresIn`	`String`	The remaining lifetime on the access token.

System Tables

You can query the system tables described in this section to access schema information, information on data source functionality, and batch operation statistics.

Schema Tables

The following tables return database metadata for SAP Gateway:

sys_catalogs: Lists the available databases.
sys_schemas: Lists the available schemas.
sys_tables: Lists the available tables and views.
sys_tablecolumns: Describes the columns of the available tables and views.
sys_procedures: Describes the available stored procedures.
sys_procedureparameters: Describes stored procedure parameters.
sys_keycolumns: Describes the primary and foreign keys.
sys_indexes: Describes the available indexes.

Data Source Tables

The following tables return information about how to connect to and query the data source:

sys_connection_props: Returns information on the available connection properties.
sys_sqlinfo: Describes the SELECT queries that the connector can offload to the data source.

Query Information Tables

The following table returns query statistics for data modification queries:

sys_identity: Returns information about batch operations or single updates.

sys_catalogs

Lists the available databases.

The following query retrieves all databases determined by the connection string:

SELECT * FROM sys_catalogs

Columns

Name	Type	Description
`CatalogName`	`String`	The database name.

sys_schemas

Lists the available schemas.

The following query retrieves all available schemas:

SELECT * FROM sys_schemas

Columns

Name	Type	Description
`CatalogName`	`String`	The database name.
`SchemaName`	`String`	The schema name.

sys_tables

Lists the available tables.

The following query retrieves the available tables and views:

SELECT * FROM sys_tables

Columns

Name	Type	Description
`CatalogName`	`String`	The database containing the table or view.
`SchemaName`	`String`	The schema containing the table or view.
`TableName`	`String`	The name of the table or view.
`TableType`	`String`	The table type (table or view).
`Description`	`String`	A description of the table or view.
`IsUpdateable`	`Boolean`	Whether the table can be updated.

sys_tablecolumns

Describes the columns of the available tables and views.

The following query returns the columns and data types for the SampleTable_1 table:

SELECT ColumnName, DataTypeName FROM sys_tablecolumns WHERE TableName='SampleTable_1'

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the table or view.
`SchemaName`	`String`	The schema containing the table or view.
`TableName`	`String`	The name of the table or view containing the column.
`ColumnName`	`String`	The column name.
`DataTypeName`	`String`	The data type name.
`DataType`	`Int32`	An integer indicating the data type. This value is determined at run time based on the environment.
`Length`	`Int32`	The storage size of the column.
`DisplaySize`	`Int32`	The designated column's normal maximum width in characters.
`NumericPrecision`	`Int32`	The maximum number of digits in numeric data. The column length in characters for character and date-time data.
`NumericScale`	`Int32`	The column scale or number of digits to the right of the decimal point.
`IsNullable`	`Boolean`	Whether the column can contain null.
`Description`	`String`	A brief description of the column.
`Ordinal`	`Int32`	The sequence number of the column.
`IsAutoIncrement`	`String`	Whether the column value is assigned in fixed increments.
`IsGeneratedColumn`	`String`	Whether the column is generated.
`IsHidden`	`Boolean`	Whether the column is hidden.
`IsArray`	`Boolean`	Whether the column is an array.
`IsReadOnly`	`Boolean`	Whether the column is read-only.
`IsKey`	`Boolean`	Indicates whether a field returned from sys_tablecolumns is the primary key of the table.
`ColumnType`	`String`	The role or classification of the column in the schema. Possible values include SYSTEM, LINKEDCOLUMN, NAVIGATIONKEY, REFERENCECOLUMN, and NAVIGATIONPARENTCOLUMN.

sys_procedures

Lists the available stored procedures.

The following query retrieves the available stored procedures:

SELECT * FROM sys_procedures

Columns

Name	Type	Description
`CatalogName`	`String`	The database containing the stored procedure.
`SchemaName`	`String`	The schema containing the stored procedure.
`ProcedureName`	`String`	The name of the stored procedure.
`Description`	`String`	A description of the stored procedure.
`ProcedureType`	`String`	The type of the procedure, such as PROCEDURE or FUNCTION.

sys_procedureparameters

Describes stored procedure parameters.

The following query returns information about all of the input parameters for the SampleProcedure stored procedure:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'SampleProcedure' AND Direction = 1 OR Direction = 2

To include result set columns in addition to the parameters, set the IncludeResultColumns pseudo column to True:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'SampleProcedure' AND IncludeResultColumns='True'

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the stored procedure.
`SchemaName`	`String`	The name of the schema containing the stored procedure.
`ProcedureName`	`String`	The name of the stored procedure containing the parameter.
`ColumnName`	`String`	The name of the stored procedure parameter.
`Direction`	`Int32`	An integer corresponding to the type of the parameter: input (1), input/output (2), or output(4). input/output type parameters can be both input and output parameters.
`DataType`	`Int32`	An integer indicating the data type. This value is determined at run time based on the environment.
`DataTypeName`	`String`	The name of the data type.
`NumericPrecision`	`Int32`	The maximum precision for numeric data. The column length in characters for character and date-time data.
`Length`	`Int32`	The number of characters allowed for character data. The number of digits allowed for numeric data.
`NumericScale`	`Int32`	The number of digits to the right of the decimal point in numeric data.
`IsNullable`	`Boolean`	Whether the parameter can contain null.
`IsRequired`	`Boolean`	Whether the parameter is required for execution of the procedure.
`IsArray`	`Boolean`	Whether the parameter is an array.
`Description`	`String`	The description of the parameter.
`Ordinal`	`Int32`	The index of the parameter.
`Values`	`String`	The values you can set in this parameter are limited to those shown in this column. Possible values are comma-separated.
`SupportsStreams`	`Boolean`	Whether the parameter represents a file that you can pass as either a file path or a stream.
`IsPath`	`Boolean`	Whether the parameter is a target path for a schema creation operation.
`Default`	`String`	The value used for this parameter when no value is specified.
`SpecificName`	`String`	A label that, when multiple stored procedures have the same name, uniquely identifies each identically-named stored procedure. If there's only one procedure with a given name, its name is simply reflected here.
`IsProvided`	`Boolean`	Whether the procedure is added/implemented by , as opposed to being a native SAP Gateway procedure.

Pseudo-Columns

Name	Type	Description
`IncludeResultColumns`	`Boolean`	Whether the output should include columns from the result set in addition to parameters. Defaults to False.

sys_keycolumns

Describes the primary and foreign keys.

The following query retrieves the primary key for the SampleTable_1 table:

SELECT * FROM sys_keycolumns WHERE IsKey='True' AND TableName='SampleTable_1'

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the key.
`SchemaName`	`String`	The name of the schema containing the key.
`TableName`	`String`	The name of the table containing the key.
`ColumnName`	`String`	The name of the key column.
`IsKey`	`Boolean`	Whether the column is a primary key in the table referenced in the TableName field.
`IsForeignKey`	`Boolean`	Whether the column is a foreign key referenced in the TableName field.
`PrimaryKeyName`	`String`	The name of the primary key.
`ForeignKeyName`	`String`	The name of the foreign key.
`ReferencedCatalogName`	`String`	The database containing the primary key.
`ReferencedSchemaName`	`String`	The schema containing the primary key.
`ReferencedTableName`	`String`	The table containing the primary key.
`ReferencedColumnName`	`String`	The column name of the primary key.

sys_foreignkeys

Describes the foreign keys.

The following query retrieves all foreign keys which refer to other tables:

SELECT * FROM sys_foreignkeys WHERE ForeignKeyType = 'FOREIGNKEY_TYPE_IMPORT'

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the key.
`SchemaName`	`String`	The name of the schema containing the key.
`TableName`	`String`	The name of the table containing the key.
`ColumnName`	`String`	The name of the key column.
`PrimaryKeyName`	`String`	The name of the primary key.
`ForeignKeyName`	`String`	The name of the foreign key.
`ReferencedCatalogName`	`String`	The database containing the primary key.
`ReferencedSchemaName`	`String`	The schema containing the primary key.
`ReferencedTableName`	`String`	The table containing the primary key.
`ReferencedColumnName`	`String`	The column name of the primary key.
`ForeignKeyType`	`String`	Designates whether the foreign key is an import (points to other tables) or export (referenced from other tables) key.

sys_primarykeys

Describes the primary keys.

The following query retrieves the primary keys from all tables and views:

SELECT * FROM sys_primarykeys

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the key.
`SchemaName`	`String`	The name of the schema containing the key.
`TableName`	`String`	The name of the table containing the key.
`ColumnName`	`String`	The name of the key column.
`KeySeq`	`String`	The sequence number of the primary key.
`KeyName`	`String`	The name of the primary key.

sys_indexes

Describes the available indexes. By filtering on indexes, you can write more selective queries with faster query response times.

The following query retrieves all indexes that are not primary keys:

SELECT * FROM sys_indexes WHERE IsPrimary='false'

Columns

Name	Type	Description
`CatalogName`	`String`	The name of the database containing the index.
`SchemaName`	`String`	The name of the schema containing the index.
`TableName`	`String`	The name of the table containing the index.
`IndexName`	`String`	The index name.
`ColumnName`	`String`	The name of the column associated with the index.
`IsUnique`	`Boolean`	True if the index is unique. False otherwise.
`IsPrimary`	`Boolean`	True if the index is a primary key. False otherwise.
`Type`	`Int16`	An integer value corresponding to the index type: statistic (0), clustered (1), hashed (2), or other (3).
`SortOrder`	`String`	The sort order: A for ascending or D for descending.
`OrdinalPosition`	`Int16`	The sequence number of the column in the index.

sys_connection_props

Returns information on the available connection properties and those set in the connection string.

The following query retrieves all connection properties that have been set in the connection string or set through a default value:

SELECT * FROM sys_connection_props WHERE Value <> ''

Columns

Name	Type	Description
`Name`	`String`	The name of the connection property.
`ShortDescription`	`String`	A brief description.
`Type`	`String`	The data type of the connection property.
`Default`	`String`	The default value if one is not explicitly set.
`Values`	`String`	A comma-separated list of possible values. A validation error is thrown if another value is specified.
`Value`	`String`	The value you set or a preconfigured default.
`Required`	`Boolean`	Whether the property is required to connect.
`Category`	`String`	The category of the connection property.
`IsSessionProperty`	`String`	Whether the property is a session property, used to save information about the current connection.
`Sensitivity`	`String`	The sensitivity level of the property. This informs whether the property is obfuscated in logging and authentication forms.
`PropertyName`	`String`	A camel-cased truncated form of the connection property name.
`Ordinal`	`Int32`	The index of the parameter.
`CatOrdinal`	`Int32`	The index of the parameter category.
`Hierarchy`	`String`	Shows dependent properties associated that need to be set alongside this one.
`Visible`	`Boolean`	Informs whether the property is visible in the connection UI.
`ETC`	`String`	Various miscellaneous information about the property.

sys_sqlinfo

Describes the SELECT query processing that the connector can offload to the data source.

Discovering the Data Source's SELECT Capabilities

Below is an example data set of SQL capabilities. Some aspects of SELECT functionality are returned in a comma-separated list if supported; otherwise, the column contains NO.

Name	Description	Possible Values
`AGGREGATE_FUNCTIONS`	Supported aggregation functions.	`AVG`, `COUNT`, `MAX`, `MIN`, `SUM`, `DISTINCT`
`COUNT`	Whether COUNT function is supported.	`YES`, `NO`
`IDENTIFIER_QUOTE_OPEN_CHAR`	The opening character used to escape an identifier.	`[`
`IDENTIFIER_QUOTE_CLOSE_CHAR`	The closing character used to escape an identifier.	`]`
`SUPPORTED_OPERATORS`	A list of supported SQL operators.	`=`, `>`, `<`, `>=`, `<=`, `<>`, `!=`, `LIKE`, `NOT LIKE`, `IN`, `NOT IN`, `IS NULL`, `IS NOT NULL`, `AND`, `OR`
`GROUP_BY`	Whether GROUP BY is supported, and, if so, the degree of support.	`NO`, `NO_RELATION`, `EQUALS_SELECT`, `SQL_GB_COLLATE`
`STRING_FUNCTIONS`	Supported string functions.	`LENGTH`, `CHAR`, `LOCATE`, `REPLACE`, `SUBSTRING`, `RTRIM`, `LTRIM`, `RIGHT`, `LEFT`, `UCASE`, `SPACE`, `SOUNDEX`, `LCASE`, `CONCAT`, `ASCII`, `REPEAT`, `OCTET`, `BIT`, `POSITION`, `INSERT`, `TRIM`, `UPPER`, `REGEXP`, `LOWER`, `DIFFERENCE`, `CHARACTER`, `SUBSTR`, `STR`, `REVERSE`, `PLAN`, `UUIDTOSTR`, `TRANSLATE`, `TRAILING`, `TO`, `STUFF`, `STRTOUUID`, `STRING`, `SPLIT`, `SORTKEY`, `SIMILAR`, `REPLICATE`, `PATINDEX`, `LPAD`, `LEN`, `LEADING`, `KEY`, `INSTR`, `INSERTSTR`, `HTML`, `GRAPHICAL`, `CONVERT`, `COLLATION`, `CHARINDEX`, `BYTE`
`NUMERIC_FUNCTIONS`	Supported numeric functions.	`ABS`, `ACOS`, `ASIN`, `ATAN`, `ATAN2`, `CEILING`, `COS`, `COT`, `EXP`, `FLOOR`, `LOG`, `MOD`, `SIGN`, `SIN`, `SQRT`, `TAN`, `PI`, `RAND`, `DEGREES`, `LOG10`, `POWER`, `RADIANS`, `ROUND`, `TRUNCATE`
`TIMEDATE_FUNCTIONS`	Supported date/time functions.	`NOW`, `CURDATE`, `DAYOFMONTH`, `DAYOFWEEK`, `DAYOFYEAR`, `MONTH`, `QUARTER`, `WEEK`, `YEAR`, `CURTIME`, `HOUR`, `MINUTE`, `SECOND`, `TIMESTAMPADD`, `TIMESTAMPDIFF`, `DAYNAME`, `MONTHNAME`, `CURRENT_DATE`, `CURRENT_TIME`, `CURRENT_TIMESTAMP`, `EXTRACT`
`REPLICATION_SKIP_TABLES`	Indicates tables skipped during replication.
`REPLICATION_TIMECHECK_COLUMNS`	A string array containing a list of columns which will be used to check for (in the given order) to use as a modified column during replication.
`IDENTIFIER_PATTERN`	String value indicating what string is valid for an identifier.
`SUPPORT_TRANSACTION`	Indicates if the provider supports transactions such as commit and rollback.	`YES`, `NO`
`DIALECT`	Indicates the SQL dialect to use.
`KEY_PROPERTIES`	Indicates the properties which identify the uniform database.
`SUPPORTS_MULTIPLE_SCHEMAS`	Indicates if multiple schemas may exist for the provider.	`YES`, `NO`
`SUPPORTS_MULTIPLE_CATALOGS`	Indicates if multiple catalogs may exist for the provider.	`YES`, `NO`
`DATASYNCVERSION`	The Data Sync version needed to access this driver.	`Standard`, `Starter`, `Professional`, `Enterprise`
`DATASYNCCATEGORY`	The Data Sync category of this driver.	`Source`, `Destination`, `Cloud Destination`
`SUPPORTSENHANCEDSQL`	Whether enhanced SQL functionality beyond what is offered by the API is supported.	`TRUE`, `FALSE`
`SUPPORTS_BATCH_OPERATIONS`	Whether batch operations are supported.	`YES`, `NO`
`SQL_CAP`	All supported SQL capabilities for this driver.	`SELECT`, `INSERT`, `DELETE`, `UPDATE`, `TRANSACTIONS`, `ORDERBY`, `OAUTH`, `ASSIGNEDID`, `LIMIT`, `LIKE`, `BULKINSERT`, `COUNT`, `BULKDELETE`, `BULKUPDATE`, `GROUPBY`, `HAVING`, `AGGS`, `OFFSET`, `REPLICATE`, `COUNTDISTINCT`, `JOINS`, `DROP`, `CREATE`, `DISTINCT`, `INNERJOINS`, `SUBQUERIES`, `ALTER`, `MULTIPLESCHEMAS`, `GROUPBYNORELATION`, `OUTERJOINS`, `UNIONALL`, `UNION`, `UPSERT`, `GETDELETED`, `CROSSJOINS`, `GROUPBYCOLLATE`, `MULTIPLECATS`, `FULLOUTERJOIN`, `MERGE`, `JSONEXTRACT`, `BULKUPSERT`, `SUM`, `SUBQUERIESFULL`, `MIN`, `MAX`, `JOINSFULL`, `XMLEXTRACT`, `AVG`, `MULTISTATEMENTS`, `FOREIGNKEYS`, `CASE`, `LEFTJOINS`, `COMMAJOINS`, `WITH`, `LITERALS`, `RENAME`, `NESTEDTABLES`, `EXECUTE`, `BATCH`, `BASIC`, `INDEX`
`PREFERRED_CACHE_OPTIONS`	A string value specifies the preferred cacheOptions.
`ENABLE_EF_ADVANCED_QUERY`	Indicates if the driver directly supports advanced queries coming from Entity Framework. If not, queries will be handled client side.	`YES`, `NO`
`PSEUDO_COLUMNS`	A string array indicating the available pseudo columns.
`MERGE_ALWAYS`	If the value is true, The Merge Mode is forcibly executed in Data Sync.	`TRUE`, `FALSE`
`REPLICATION_MIN_DATE_QUERY`	A select query to return the replicate start datetime.
`REPLICATION_MIN_FUNCTION`	Allows a provider to specify the formula name to use for executing a server side min.
`REPLICATION_START_DATE`	Allows a provider to specify a replicate startdate.
`REPLICATION_MAX_DATE_QUERY`	A select query to return the replicate end datetime.
`REPLICATION_MAX_FUNCTION`	Allows a provider to specify the formula name to use for executing a server side max.
`IGNORE_INTERVALS_ON_INITIAL_REPLICATE`	A list of tables which will skip dividing the replicate into chunks on the initial replicate.
`CHECKCACHE_USE_PARENTID`	Indicates whether the CheckCache statement should be done against the parent key column.	`TRUE`, `FALSE`
`CREATE_SCHEMA_PROCEDURES`	Indicates stored procedures that can be used for generating schema files.

The following query retrieves the operators that can be used in the WHERE clause:

SELECT * FROM sys_sqlinfo WHERE Name = 'SUPPORTED_OPERATORS'

Note that individual tables may have different limitations or requirements on the WHERE clause; refer to the Data Model section for more information.

Columns

Name	Type	Description
`NAME`	`String`	A component of SQL syntax, or a capability that can be processed on the server.
`VALUE`	`String`	Detail on the supported SQL or SQL syntax.

sys_identity

Returns information about attempted modifications.

The following query retrieves the Ids of the modified rows in a batch operation:

SELECT * FROM sys_identity

Columns

Name	Type	Description
`Id`	`String`	The database-generated ID returned from a data modification operation.
`Batch`	`String`	An identifier for the batch. 1 for a single operation.
`Operation`	`String`	The result of the operation in the batch: INSERTED, UPDATED, or DELETED.
`Message`	`String`	SUCCESS or an error message if the update in the batch failed.

sys_information

Describes the available system information.

The following query retrieves all columns:

SELECT * FROM sys_information

Columns

Name	Type	Description
`Product`	`String`	The name of the product.
`Version`	`String`	The version number of the product.
`Datasource`	`String`	The name of the datasource the product connects to.
`NodeId`	`String`	The unique identifier of the machine where the product is installed.
`HelpURL`	`String`	The URL to the product's help documentation.
`License`	`String`	The license information for the product. (If this information is not available, the field may be left blank or marked as 'N/A'.)
`Location`	`String`	The file path location where the product's library is stored.
`Environment`	`String`	The version of the environment or rumtine the product is currently running under.
`DataSyncVersion`	`String`	The tier of Sync required to use this connector.
`DataSyncCategory`	`String`	The category of Sync functionality (e.g., Source, Destination).

Advanced Configurations Properties

The advanced configurations properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure. Click the links for further details.

Authentication

Property	Description
`AuthScheme`	The type of authentication to use when connecting to SAP Gateway.
`URL`	Set this to the URL your SAP Gateway environment or to the full URL of the OData service. Any additional properties must be added using the CustomURLParams property.
`Namespace`	Specify the service namespace you want to retrieve data from. This is required if the service is not specified in the URL.
`Service`	Specify one or a comma-delimited list of services you want to retrieve data from. If the service is set in the URL, this property will be ignored. In case that the service is neither set in the URL nor via this property, the SAP Gateway's catalog service will be used to discover all the available services.
`User`	Specifies the user ID of the authenticating SAP Gateway user account.
`Password`	Specifies the password of the authenticating user account.
`APIKey`	Set this to the key of the application you have created. If you set this, User and Password are not used for authentication.

OAuth

Property	Description
`InitiateOAuth`	Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.
`OAuthClientId`	Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.
`OAuthClientSecret`	Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server.
`OAuthAccessToken`	Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.
`OAuthSettingsLocation`	Specifies the location of the settings file where OAuth values are saved. Storing OAuth settings in a central location avoids the need for users to enter OAuth connection properties manually each time they log in. It also enables credentials to be shared across connections or processes.
`Scope`	The permission scopes in space separated values. This is required when authenticating via OAuth2.0 flow.
`CallbackURL`	Identifies the URL users return to after authenticating to SAP Gateway via OAuth. (Custom OAuth applications only.).
`OAuthAccessTokenURL`	The URL to retrieve the OAuth access token from.
`OAuthVerifier`	Specifies a verifier code returned from the OAuthAuthorizationURL. Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set.
`PKCEVerifier`	The PKCE code verifier generated from executing the GetOAuthAuthorizationUrl stored procedure for PKCE authentication schemes.
`OAuthRefreshToken`	Specifies the OAuth refresh token used to request a new access token after the original has expired.
`OAuthExpiresIn`	Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.
`OAuthTokenTimestamp`	Displays a Unix epoch timestamp in milliseconds that shows how long ago the current Access Token was created.

SAP BTP Authentication

Property	Description
`DestinationURL`	The URL of the SAP BTP destination service.
`DestinationName`	The name of the SAP BTP destination to retreive the authentication details from.

SSL

Property	Description
`SSLServerCert`	Specifies the certificate to be accepted from the server when connecting using TLS/SSL.

Schema

Property	Description
`Location`	Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.
`BrowsableSchemas`	Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA, SchemaB, SchemaC.
`Tables`	Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA, TableB, TableC.
`Views`	Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA, ViewB, ViewC.
`UseDisplayNames`	Boolean determining whether or not to use SAP labels.

Miscellaneous

Property	Description
`CustomURLParams`	A string of custom URL parameters to be included with the HTTP request, in the form field1=value1&field2=value2&field3=value3.
`DataFormat`	The data format to retrieve data in. Select either XML or JSON.
`MaxRows`	Specifies the maximum rows returned for queries without aggregation or GROUP BY.
`Other`	Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties.
`Pagesize`	The maximum number of records per page the provider returns when requesting data from SAP Gateway.
`PseudoColumns`	Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property.
`Timeout`	Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout.
`UseDynamicStoredProcedures`	A boolean indicating if dynamic stored procedures should be exposed.
`UserDefinedViews`	Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file.

Authentication

This section provides a complete list of authentication properties you can configure.

Property	Description
`AuthScheme`	The type of authentication to use when connecting to SAP Gateway.
`URL`	Set this to the URL your SAP Gateway environment or to the full URL of the OData service. Any additional properties must be added using the CustomURLParams property.
`Namespace`	Specify the service namespace you want to retrieve data from. This is required if the service is not specified in the URL.
`Service`	Specify one or a comma-delimited list of services you want to retrieve data from. If the service is set in the URL, this property will be ignored. In case that the service is neither set in the URL nor via this property, the SAP Gateway's catalog service will be used to discover all the available services.
`User`	Specifies the user ID of the authenticating SAP Gateway user account.
`Password`	Specifies the password of the authenticating user account.
`APIKey`	Set this to the key of the application you have created. If you set this, User and Password are not used for authentication.

Property	Description
`InitiateOAuth`	Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.
`OAuthClientId`	Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.
`OAuthClientSecret`	Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server.
`OAuthAccessToken`	Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.
`OAuthSettingsLocation`	Specifies the location of the settings file where OAuth values are saved. Storing OAuth settings in a central location avoids the need for users to enter OAuth connection properties manually each time they log in. It also enables credentials to be shared across connections or processes.
`Scope`	The permission scopes in space separated values. This is required when authenticating via OAuth2.0 flow.
`CallbackURL`	Identifies the URL users return to after authenticating to SAP Gateway via OAuth. (Custom OAuth applications only.).
`OAuthAccessTokenURL`	The URL to retrieve the OAuth access token from.
`OAuthVerifier`	Specifies a verifier code returned from the OAuthAuthorizationURL. Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set.
`PKCEVerifier`	The PKCE code verifier generated from executing the GetOAuthAuthorizationUrl stored procedure for PKCE authentication schemes.
`OAuthRefreshToken`	Specifies the OAuth refresh token used to request a new access token after the original has expired.
`OAuthExpiresIn`	Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.
`OAuthTokenTimestamp`	Displays a Unix epoch timestamp in milliseconds that shows how long ago the current Access Token was created.

InitiateOAuth

Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.

Possible Values

OFF, REFRESH, GETANDREFRESH

Data Type

string

Default Value

OFF

Remarks

OAuth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. The OAuth flow defines the method to be used for logging in users, exchanging their credentials for an OAuth access token to be used for authentication, and providing limited access to applications.

SAP Gateway supports the following options for initiating OAuth access:

OFF: No automatic OAuth flow initiation. The OAuth flow is handled entirely by the user, who will take action to obtain their OAuthAccessToken. Note that with this setting the user must refresh the token manually and reconnect with an updated OAuthAccessToken property when the current token expires.
GETANDREFRESH: The OAuth flow is handled entirely by the connector. If a token already exists, it is refreshed when necessary. If no token currently exists, it will be obtained by prompting the user to login.
REFRESH: The user handles obtaining the OAuth Access Token and sets up the sequence for refreshing the OAuth Access Token. (The user is never prompted to log in to authenticate. After the user logs in, the connector handles the refresh of the OAuth Access Token.

OAuth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. The OAuth flow defines the method to be used for logging in users, exchanging their credentials for an OAuth access token to be used for authentication, and providing limited access to applications.

SAP Gateway supports the following options for initiating OAuth access:

OFF: No automatic OAuth flow initiation. The OAuth flow is handled entirely by the user, who will take action to obtain their OAuthAccessToken. Note that with this setting the user must refresh the token manually and reconnect with an updated OAuthAccessToken property when the current token expires.
GETANDREFRESH: The OAuth flow is handled entirely by the connector. If a token already exists, it is refreshed when necessary. If no token currently exists, it will be obtained by prompting the user to login.
REFRESH: The user handles obtaining the OAuth Access Token and sets up the sequence for refreshing the OAuth Access Token. (The user is never prompted to log in to authenticate. After the user logs in, the connector handles the refresh of the OAuth Access Token.

OAuthClientId

Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application, such as in web-based authentication flows, service-based authentication, or certificate-based flows that require application registration. It is also required if an embedded OAuth application is not available for the driver. When an embedded OAuth application is available, this value may already be provided by the connector and not require manual entry.

This value is generally used alongside other OAuth-related properties such as OAuthClientSecret and OAuthSettingsLocation when configuring an authenticated connection.

OAuthClientId is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can typically find this value in your identity provider’s application registration settings. Look for a field labeled Client ID, Application ID, or Consumer Key.

While the client ID is not considered a confidential value like a client secret, it is still part of your application's identity and should be handled carefully. Avoid exposing it in public repositories or shared configuration files.

This property is required when using a custom OAuth application, such as in web-based authentication flows, service-based authentication, or certificate-based flows that require application registration. It is also required if an embedded OAuth application is not available for the driver. When an embedded OAuth application is available, this value may already be provided by the connector and not require manual entry.

This value is generally used alongside other OAuth-related properties such as OAuthClientSecret and OAuthSettingsLocation when configuring an authenticated connection.

OAuthClientId is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can typically find this value in your identity provider’s application registration settings. Look for a field labeled Client ID, Application ID, or Consumer Key.

While the client ID is not considered a confidential value like a client secret, it is still part of your application's identity and should be handled carefully. Avoid exposing it in public repositories or shared configuration files.

OAuthClientSecret

Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application in any flow that requires secure client authentication, such as web-based OAuth, service-based connections, or certificate-based authorization flows. It is not required when using an embedded OAuth application.

The client secret is used during the token exchange step of the OAuth flow, when the driver requests an access token from the authorization server. If this value is missing or incorrect, authentication will fail, and the server may return an invalid_client or unauthorized_client error.

OAuthClientSecret is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can obtain this value from your identity provider when registering the OAuth application. It may be referred to as the client secret, application secret, or consumer secret.

This value should be stored securely and never exposed in public repositories, scripts, or unsecured environments. Client secrets may also expire after a set period. Be sure to monitor expiration dates and rotate secrets as needed to maintain uninterrupted access.

This property is required when using a custom OAuth application in any flow that requires secure client authentication, such as web-based OAuth, service-based connections, or certificate-based authorization flows. It is not required when using an embedded OAuth application.

The client secret is used during the token exchange step of the OAuth flow, when the driver requests an access token from the authorization server. If this value is missing or incorrect, authentication will fail, and the server may return an invalid_client or unauthorized_client error.

OAuthClientSecret is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can obtain this value from your identity provider when registering the OAuth application. It may be referred to as the client secret, application secret, or consumer secret.

This value should be stored securely and never exposed in public repositories, scripts, or unsecured environments. Client secrets may also expire after a set period. Be sure to monitor expiration dates and rotate secrets as needed to maintain uninterrupted access.

OAuthAccessToken

Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.

Data Type

string

Default Value

""

Remarks

The OAuthAccessToken is a temporary credential that authorizes access to protected resources. It is typically returned by the identity provider after the user or client application completes an OAuth authentication flow. This property is most commonly used in automated workflows or custom OAuth implementations where you want to manage token handling outside of the driver.

The OAuth access token has a server-dependent timeout, limiting user access. This is set using the OAuthExpiresIn property. However, it can be reissued between requests to keep access alive as long as the user keeps working.

If InitiateOAuth is set to REFRESH, we recommend that you also set both OAuthExpiresIn and OAuthTokenTimestamp. The connector uses these properties to determine when the token expires so it can refresh most efficiently. If OAuthExpiresIn and OAuthTokenTimestamp are not specified, the connector refreshes the token immediately.

Access tokens should be treated as sensitive credentials and stored securely. Avoid exposing them in logs, scripts, or configuration files that are not access-controlled.

The OAuthAccessToken is a temporary credential that authorizes access to protected resources. It is typically returned by the identity provider after the user or client application completes an OAuth authentication flow. This property is most commonly used in automated workflows or custom OAuth implementations where you want to manage token handling outside of the driver.

The OAuth access token has a server-dependent timeout, limiting user access. This is set using the OAuthExpiresIn property. However, it can be reissued between requests to keep access alive as long as the user keeps working.

If InitiateOAuth is set to REFRESH, we recommend that you also set both OAuthExpiresIn and OAuthTokenTimestamp. The connector uses these properties to determine when the token expires so it can refresh most efficiently. If OAuthExpiresIn and OAuthTokenTimestamp are not specified, the connector refreshes the token immediately.

Access tokens should be treated as sensitive credentials and stored securely. Avoid exposing them in logs, scripts, or configuration files that are not access-controlled.

OAuthSettingsLocation

The location of the settings file where OAuth values are saved when InitiateOAuth is set to GETANDREFRESH or REFRESH. Alternatively, you can hold this location in memory by specifying a value starting with 'memory://'.

Data Type

string

Default Value

%APPDATA%\CData\Acumatica Data Provider\OAuthSettings.txt

Remarks

When InitiateOAuth is set to GETANDREFRESH or REFRESH, the driver saves OAuth values to avoid requiring the user to manually enter OAuth connection properties and to allow the credentials to be shared across connections or processes.

Instead of specifying a file path, you can use memory storage. Memory locations are specified by using a value starting with 'memory://' followed by a unique identifier for that set of credentials (for example, memory://user1). The identifier can be anything you choose but should be unique to the user. Unlike file-based storage, where credentials persist across connections, memory storage loads the credentials into static memory, and the credentials are shared between connections using the same identifier for the life of the process. To persist credentials outside the current process, you must manually store the credentials prior to closing the connection. This enables you to set them in the connection when the process is started again. You can retrieve OAuth property values with a query to the sys_connection_props system table. If there are multiple connections using the same credentials, the properties are read from the previously closed connection.

The default location is "%APPDATA%\CData\Acumatica Data Provider\OAuthSettings.txt" with %APPDATA% set to the user's configuration directory. The default values are

Windows: "register://%DSN"
Unix: "%AppData%..."

where DSN is the name of the current DSN used in the open connection.

The following table lists the value of %APPDATA% by OS:

Platform	%APPDATA%
`Windows`	The value of the APPDATA environment variable
`Linux`	~/.config

Scope

The permission scopes in space separated values. This is required when authenticating via OAuth2.0 flow.

Data Type

string

Default Value

""

Remarks

Scopes are set to define what kind of access the authenticating user will have; for example, read, read and write, restricted access to sensitive information. System administrators can use scopes to selectively enable access by functionality or security clearance.

When InitiateOAuth is set to GETANDREFRESH, you must use this property if you want to change which scopes are requested. When InitiateOAuth is set to either REFRESH or OFF, you can use either this property or the Scope input to change which scopes are requested.

""

Remarks

The Proof Key for Code Exchange code verifier generated from executing the GetOAuthAuthorizationUrl stored procedure for PKCE authentication schemes. This can be used on systems where a browser cannot be launched such as headless systems.

Authentication on Headless Machines

See to obtain the PKCEVerifier value.

Set OAuthSettingsLocation along with OAuthVerifier and PKCEVerifier. When you connect, the connector exchanges the OAuthVerifier and PKCEVerifier for the OAuth authentication tokens and saves them, encrypted, to the specified location. Set InitiateOAuth to GETANDREFRESH to automate the exchange.

Once the OAuth settings file has been generated, you can remove OAuthVerifier and PKCEVerifier from the connection properties and connect with OAuthSettingsLocation set.

To automatically refresh the OAuth token values, set OAuthSettingsLocation and additionally set InitiateOAuth to REFRESH.

The Proof Key for Code Exchange code verifier generated from executing the GetOAuthAuthorizationUrl stored procedure for PKCE authentication schemes. This can be used on systems where a browser cannot be launched such as headless systems.

Authentication on Headless Machines

See to obtain the PKCEVerifier value.

Set OAuthSettingsLocation along with OAuthVerifier and PKCEVerifier. When you connect, the connector exchanges the OAuthVerifier and PKCEVerifier for the OAuth authentication tokens and saves them, encrypted, to the specified location. Set InitiateOAuth to GETANDREFRESH to automate the exchange.

Once the OAuth settings file has been generated, you can remove OAuthVerifier and PKCEVerifier from the connection properties and connect with OAuthSettingsLocation set.

To automatically refresh the OAuth token values, set OAuthSettingsLocation and additionally set InitiateOAuth to REFRESH.

OAuthRefreshToken

Specifies the OAuth refresh token used to request a new access token after the original has expired.

Data Type

string

Default Value

""

Remarks

The refresh token is used to obtain a new access token when the current one expires. It enables seamless authentication for long-running or automated workflows without requiring the user to log in again. This property is especially important in headless, CI/CD, or server-based environments where interactive authentication is not possible.

The refresh token is typically obtained during the initial OAuth exchange by calling the GetOAuthAccessToken stored procedure. After that, it can be set using this property to enable automatic token refresh, or passed to the RefreshOAuthAccessToken stored procedure if you prefer to manage the refresh manually.

When InitiateOAuth is set to REFRESH, the driver uses this token to retrieve a new access token automatically. After the first refresh, the driver saves updated tokens in the location defined by OAuthSettingsLocation, and uses those values for subsequent connections.

The OAuthRefreshToken should be handled securely and stored in a trusted location. Like access tokens, refresh tokens can expire or be revoked depending on the identity provider’s policies.

The refresh token is used to obtain a new access token when the current one expires. It enables seamless authentication for long-running or automated workflows without requiring the user to log in again. This property is especially important in headless, CI/CD, or server-based environments where interactive authentication is not possible.

The refresh token is typically obtained during the initial OAuth exchange by calling the GetOAuthAccessToken stored procedure. After that, it can be set using this property to enable automatic token refresh, or passed to the RefreshOAuthAccessToken stored procedure if you prefer to manage the refresh manually.

When InitiateOAuth is set to REFRESH, the driver uses this token to retrieve a new access token automatically. After the first refresh, the driver saves updated tokens in the location defined by OAuthSettingsLocation, and uses those values for subsequent connections.

The OAuthRefreshToken should be handled securely and stored in a trusted location. Like access tokens, refresh tokens can expire or be revoked depending on the identity provider’s policies.

OAuthExpiresIn

Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthExpiresIn is the number of seconds the token is valid from when it was created. For example, a token generated at 2024-01-29 20:00:00 UTC that expires at 2024-01-29 21:00:00 UTC (an hour later) would have an OAuthExpiresIn value of 3600, no matter what the current time is.

To determine how long the user has before the Access Token will expire, use OAuthTokenTimestamp.

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthExpiresIn is the number of seconds the token is valid from when it was created. For example, a token generated at 2024-01-29 20:00:00 UTC that expires at 2024-01-29 21:00:00 UTC (an hour later) would have an OAuthExpiresIn value of 3600, no matter what the current time is.

To determine how long the user has before the Access Token will expire, use OAuthTokenTimestamp.

OAuthTokenTimestamp

Displays a Unix epoch timestamp in milliseconds that shows how long ago the current Access Token was created.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthTokenTimestamp is the Unix timestamp when the server created the token. For example, OAuthTokenTimestamp=1706558400 indicates the OAuthAccessToken was generated by the server at 2024-01-29 20:00:00 UTC.

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthTokenTimestamp is the Unix timestamp when the server created the token. For example, OAuthTokenTimestamp=1706558400 indicates the OAuthAccessToken was generated by the server at 2024-01-29 20:00:00 UTC.

SAP BTP Authentication

This section provides a complete list of the SAP BTP Authentication properties you can configure.

Property	Description
`DestinationURL`	The URL of the SAP BTP destination service.
`DestinationName`	The name of the SAP BTP destination to retreive the authentication details from.

DestinationURL

The URL of the SAP BTP destination service.

Data Type

string

Default Value

""

Remarks

It can be found in the service key of your Destination Service instance in the SAP BTP Cockpit, under the uri field.

DestinationName

The name of the SAP BTP destination to retreive the authentication details from.

Data Type

string

Default Value

""

Remarks

Specifies the name of your configured SAP BTP destination that holds the authentication details of the SAP Gateway instance you want to connect to.

SSL

This section provides a complete list of SSL properties you can configure.

Property	Description
`SSLServerCert`	Specifies the certificate to be accepted from the server when connecting using TLS/SSL.

SSLServerCert

Specifies the certificate to be accepted from the server when connecting using TLS/SSL.

Data Type

string

Default Value

""

Remarks

If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.

This property can take the following forms:

Description	Example
A full PEM Certificate (example shortened for brevity)	`-----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE-----`
A path to a local file containing the certificate	`C:\\cert.cer`
The public key (example shortened for brevity)	`-----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY-----`
The MD5 Thumbprint (hex values can also be either space or colon separated)	`ecadbdda5a1529c58a1e9e09828d70e4`
The SHA1 Thumbprint (hex values can also be either space or colon separated)	`34a929226ae0819f2ec14b4a3d904f801cbb150d`

If not specified, any certificate trusted by the machine is accepted.

Certificates are validated as trusted by the machine based on the System's trust store. The trust store used is the 'javax.net.ssl.trustStore' value specified for the system. If no value is specified for this property, Java's default trust store is used (for example, JAVA_HOME\lib\security\cacerts).

Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.

Schema

This section provides a complete list of schema properties you can configure.

Property	Description
`Location`	Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.
`BrowsableSchemas`	Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA, SchemaB, SchemaC.
`Tables`	Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA, TableB, TableC.
`Views`	Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA, ViewB, ViewC.
`UseDisplayNames`	Boolean determining whether or not to use SAP labels.

Location

Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.

Data Type

string

Default Value

%APPDATA%\SAPGateway Data Provider\Schema

Remarks

The Location property is only needed if you want to either customize definitions (for example, change a column name, ignore a column, etc.) or extend the data model with new tables, views, or stored procedures.

If left unspecified, the default location is %APPDATA%\SAPGateway Data Provider\Schema, where %APPDATA% is set to the user's configuration directory:

Platform	%APPDATA%
`Windows`	The value of the APPDATA environment variable
`Mac`	~/Library/Application Support
`Linux`	~/.config

BrowsableSchemas

Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.

Data Type

string

Default Value

If set to true, the labels you have configured in your account for the OData properties, will serve as column names. Otherwise, the name of the property will be the column name.

Miscellaneous

This section provides a complete list of miscellaneous properties you can configure.

Property	Description
`CustomURLParams`	A string of custom URL parameters to be included with the HTTP request, in the form field1=value1&field2=value2&field3=value3.
`DataFormat`	The data format to retrieve data in. Select either XML or JSON.
`MaxRows`	Specifies the maximum rows returned for queries without aggregation or GROUP BY.
`Other`	Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties.
`Pagesize`	The maximum number of records per page the provider returns when requesting data from SAP Gateway.
`PseudoColumns`	Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property.
`Timeout`	Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout.
`UseDynamicStoredProcedures`	A boolean indicating if dynamic stored procedures should be exposed.
`UserDefinedViews`	Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file.

CustomURLParams

A string of custom URL parameters to be included with the HTTP request, in the form field1=value1&field2=value2&field3=value3.

Data Type

string

Default Value

""

Remarks

This property enables you to specify custom query string parameters that are included with the HTTP request. The parameters must be encoded as a query string in the form field1=value1&field2=value2&field3=value3, where each value is URL encoded. URL encoding converts the characters in the string that can be transmitted over the internet as follows:

Non-ASCII characters are replaced with their equivalent in the form of a "%" followed by two hexadecimal digits.
Spaces are replaced with either a plus sign (+) or %20.

Default Value

""

Remarks

This property allows advanced users to configure hidden properties for specialized scenarios. These settings are not required for normal use cases but can address unique requirements or provide additional functionality. Multiple properties can be defined in a semicolon-separated list.

Note

It is strongly recommended to set these properties only when advised by the support team to address specific scenarios or issues.

Specify multiple properties in a semicolon-separated list.

Integration and Formatting

Property	Description
`DefaultColumnSize`	Sets the default length of string fields when the data source does not provide column length in the metadata. The default value is 2000.
`ConvertDateTimeToGMT=True`	Converts date-time values to GMT, instead of the local time of the machine. The default value is False (use local time).
`RecordToFile=filename`	Records the underlying socket data transfer to the specified file.

Refer to User Defined Views for more information.

SAP Gateway Connection Details

Introduction

Get Started

Establish a Connection

Connect to SAP Gateway

Authenticate to SAP Gateway

Basic

OAuth

Desktop Applications

SAP BTP Destination Authentication

Create a Custom OAuth Application

Create a Service User for the OAuth 2.0 Client

Register the New User With the Creation Wizard

Create a SAP Gateway Destination

Create a Destination to your SAP Gateway instance

Create a Service Key

Important Notes

Configuration Files and Their Paths

Advanced Features

User Defined Views

Define Views Using a Configuration File

Define Views Using DDL Statements

Create a View

Alter a View

Drop a View

Schema for User Defined Views

Work with User Defined Views

SSL Configuration

Customize the SSL Configuration

Data Model

Tables

Executing Deep Inserts with SQL

Example: Deep Inserts in SAP Gateway

Creating Temporary Tables

Inserting the Entity

Code Example

Using Aggregates

Views

Modeling Navigation Properties

Querying Navigation Properties

Navigation Properties

Working with Navigation Properties Relationally

Select

Insert

Stored Procedures

SAP Gateway Connector Stored Procedures

GetOAuthAccessToken

Input

Result Set Columns

GetOAuthAuthorizationURL

Input

Result Set Columns

RefreshOAuthAccessToken

Input

Result Set Columns

System Tables

Schema Tables

Data Source Tables

Query Information Tables

sys_catalogs

Columns

sys_schemas

Columns

sys_tables

Columns

sys_tablecolumns

Columns

sys_procedures

Columns

sys_procedureparameters

Columns

Pseudo-Columns

sys_keycolumns

Columns

sys_foreignkeys

Columns

sys_primarykeys

Columns

sys_indexes

Columns