OAuth 2.0 for Call Outs

Revised: 11 August 2021

1. Configure Coupa

  1. Administrators can create, view, and edit Call Outs from Setup > Integrations > Call Outsbut they can only create new endpoints when creating a new Call Out  When creating a new Call Out, your integration admin can use an endpoint that was previously defined or use the Create New link to define a new endpoint.

  2. OAuth settings are available within endpoint configuration, In the Endpoint Detail section make sure to use HTTP and provide the Host Name, Token URL, Client ID, and Client Secret.

  3. Link to detailed documentation: https://success.coupa.com/Support/Releases/26/New_Features/BSM_Platform/Coupa_Platform/Call_Outs_Support_OAuth_2.0

2. Customer system/Middleware configuration

  1. Client id and secret need to be configured as an auth string:
    auth_string = Base64.urlsafe_encode64("#{client_id}:#{client_secret}")

  2. The length of the token should not be a concern (We have tested successfully upto 1258 characters)

  3. The response that contains the access token needs to be in the below format:

    {
    		"access_token": "",
    		"token_type": "bearer",
    		"expires_in": 86399
    }
  4. The response that contains the access token needs to be in the below format:

    response = connection.post do |request|
    			request.headers[:content_type] = (content_type || 'application/x-www-form-urlencoded')
    			request.headers[:cache_control] = 'no-cache'
    			request.headers[:Authorization] = "Basic #{auth_string}"
    			request.headers[:accept] = 'application/json'
    			if content_type == 'application/json'
    				request_body = { "grant_type" => "client_credentials" }
    				request_body.merge!(scope: scope) if scope.present?
    				request.body = request_body.to_json
    			else
    				request.body = "grant_type=client_credentials"
    				request.body +="&scope="+scope if scope.present?
    			end

3. Error handling

  1. Only failed transactions appear under call out errors section, <customer_instance>/call_outs/<call out id>

  2. Errors and what they mean

    • { "statusCode": 401, "message": "Unauthorized. Access token is missing or invalid." }: Issue with the response that contains the token, verify the format
    • { "statusCode": 404, "message": "Resource not found" }: Issue with posting the payload to the external system
    • {HTTP exception occured:Service::Oauth::AuthenticationManager::AuthenticationError}: Configuration issue within the middleware, unable to access token.
  3. If you face no challenges in test/sandbox instances but in production or vice versa, request the customer to regenerate the password.

4. Sample Payload (POSTMAN)

  1. Download the Postman payload file.

  2. Use the import option in postman to import the collection:
    postman-import.png

  3. Add the URL, username and password:
    postman-02.png