Dear community, a Bearer Token is an access token. You use it to identify yourself to an application, such as a REST API. Based on this credential, the application knows what you are and are not authorized to do. This is because you received the token from the application in advance.
Request for Comment 6750 describes how to use a Bearer Token. It’s not complicated and easy to implement even with an older SAP NetWeaver release like 7.40. The topic was discussed in the SAP Community years ago.
I was surprised by the fact that in older releases like 7.40, securely storing a token is complicated. Transaction SM59 doesn’t allow storing a Bearer Token for an HTTP connection, nor does it generally support this form of authorization.
As far as I know, SAP doesn’t approve Secure Storage for customer-specific developments. Even though it probably does exactly what you need: securely storing a token.
This exhausts the possibilities within an older SAP NetWeaver release. The only workaround is to store the token in a database table without display permissions. SE16H won’t work in that case.
To do this, however, you have to program your own logic for saving and reading a token. This, of course, makes it significantly vulnerable to debugging. It’s not really a good idea, either.
Ultimately, it’s a shame that Secure Storage isn’t available for customer developments. It would certainly be useful in other contexts, too.
See you next blog
Michael