Configure your App Service or Azure Functions app to use Azure AD login. Use standard variable X-MS-TOKEN-AAD-ACCESS-TOKEN to retrieve the access token from the request header. Learn more
Consider SAP Principal Propagation for your authentication scenario handled by Azure API Management.
The generated SDK handles ETags for update operations automatically. For CSRF tokens it relies on a centralized solutions with Azure API Management policies rather than implementing it in every client. Find a complete policy including SAP Principal Propagation here. In case you require a client-side solution for CSRF have a look at this class to get started.
Azure AD tokens are handled by Azure without any code dependencies. Use standard variable X-MS-TOKEN-AAD-ACCESS-TOKEN to retrieve the access token from the request header and work with TokenAuthHandler. Learn more
SAP backends on Azure typically run in fully isolated virtual networks. There are multiple ways to connect to them. Most popular ones are:
- Integrate your Azure Function App with an Azure virtual network (VNet). Learn more.
- Private Endpoints for Azure Functions. Learn more
- User Azure API Management for OData with SAP Principal Propagation. Learn more
VNet integration enables your app to securely access resources in your VNet, such as your SAP Gateway, but doesn't block public access to your Function app. To achieve full private connectivity for the app service too, look into private endpoints.