SAP S/4HANA On-Premise API Integration Research

Date: 2026-03-31 Target: SAP S/4HANA On-Premise (ERP system) Purpose: Evaluate API capabilities for Orcha integration (AP automation, invoice processing)

1. Summary — Capability Matrix

Data Object	Read	Write	Confidence	Channel
Supplier Invoices (AP)	YES	YES (create, park, post, reverse)	VERY HIGH	OData v2: `API_SUPPLIERINVOICE_PROCESS_SRV`
Credit Notes	YES	YES (type KG on same API)	VERY HIGH	OData v2: `API_SUPPLIERINVOICE_PROCESS_SRV`
Journal Entries	YES	YES (create, post)	HIGH	OData v2: `API_JOURNAL_ENTRY_SRV` (2020+), SOAP, BAPI
Invoice Attachments (PDF)	YES	YES (binary upload)	HIGH	OData v2: `API_CV_ATTACHMENT_SRV`
Suppliers / Vendors	YES	YES (CRUD)	VERY HIGH	OData v2: `API_BUSINESS_PARTNER`
Cost Centers	YES	YES (CRUD)	VERY HIGH	OData v2/v4: `API_COSTCENTER_SRV`
Profit Centers	YES	YES (CRUD)	HIGH	OData v2: `API_PROFITCENTER_SRV`
GL Accounts	YES	NO (OData read-only)	HIGH	OData read; write via BAPI `BAPI_GL_ACCOUNT_CREATE` (RFC)
Tax Codes	YES	NO (configuration data)	HIGH	OData v2: `API_TAXCODE_SRV` / BAPI
Company Codes	YES	NO (configuration data)	HIGH	OData v2: `API_COMPANYCODE_SRV`
Exchange Rates	YES	Read-only	HIGH	OData v2: `API_EXCHANGERATE_SRV`
Purchase Orders	YES	YES	HIGH	OData v4: `API_PURCHASEORDER` (successor to deprecated v2)
Approval Workflows	YES (read tasks)	YES (approve/reject/claim)	MEDIUM	OData v2: `API_TASK_SRV` / `TASKPROCESSING`
Invoice Status	YES	N/A	HIGH	OData v2: `API_SUPPLIERINVOICE_PROCESS_SRV` (status fields)
Payment Status	YES	N/A	HIGH	OData v2: `API_JOURNALENTRYITEMBASIC_SRV` (clearing fields)
Webhooks / Events	LIMITED	N/A	LOW	SAP Event Mesh (requires cloud infra) or polling

Bottom line: SAP S/4HANA On-Premise has a comprehensive, well-documented API surface covering all core Orcha integration needs. The primary invoice creation API (API_SUPPLIERINVOICE_PROCESS_SRV) supports deep insert (header + line items + tax in one call), document attachment, and status tracking. Write access is available for all critical transactional and master data objects. The main gaps are: GL account creation (BAPI only, no OData), no native webhooks on-premise (polling required), and approval workflows being heavily customer-specific.

2. API Landscape

Central Documentation

Resource	URL	Notes
SAP Business Accelerator Hub	https://api.sap.com	Central API catalog — interactive sandbox, specs, code generation
S/4HANA On-Premise APIs	https://api.sap.com/products/SAPS4HANA/apis/packages	All released APIs by package
OData V2 API Package	https://api.sap.com/package/S4HANAOPAPI/odata	Primary API set
OData V4 APIs	https://api.sap.com/products/SAPS4HANA/apis/ODATAV4	Newer APIs (RAP model)
SAP Help Portal	https://help.sap.com/docs/SAP_S4HANA_ON-PREMISE	On-Premise specific docs

API Protocols

Protocol	Status	URL Pattern	Notes
OData V2	Primary (majority of APIs)	`/sap/opu/odata/sap/<SERVICE>/<ENTITY>`	XML/Atom or JSON, most mature
OData V4	Growing (all new APIs)	`/sap/opu/odata4/sap/<SERVICE>/<ENTITY>`	JSON-native, RAP model, replacing V2
BAPI/RFC	Legacy but supported	Via SAP JCo / RFC protocol	Still required for GL account creation, some niche operations
SOAP	Supported	Various WSDL endpoints	Used for journal entry posting (sync/async)

Migration note: SAP is actively migrating V2 to V4 (e.g., Purchase Order API). BAPIs are being deprecated per "Clean Core" initiative (Q3 2025 modernization recommendations). However, some functionality is still BAPI-only.

Authentication Methods

Method	Use Case	Setup Complexity
Basic Auth	Simplest, development/testing	Low — username/password Base64 encoded
OAuth 2.0	Recommended for production	Medium — requires ICF service activation, client registration (tx `SOAUTH2`). Available from S/4HANA 1709+
X.509 Client Certificates	Server-to-server, high security	Medium-High — certificate management required
SAP Logon Tickets	SSO scenarios	High — requires SAP SSO infrastructure

CSRF Token requirement: All write operations (POST/PATCH/DELETE) require a fresh CSRF token:

GET request with header X-CSRF-Token: Fetch → receive token + session cookies
Include token + cookies in subsequent write request
Token is session-bound — reuse within same HTTP session

Pagination & Rate Limits

On-Premise: No formal rate limits at API level (unlike cloud). Configurable via SAP Gateway / Web Dispatcher.
Pagination: OData $top, $skip, server-driven paging via $skiptoken. Default page size typically 100-1,000 records.
Batch: $batch endpoint available for combining multiple operations. Supports atomic changesets.

3. Write Verification — Evidence for Write Capability

Confirmed Write Operations

Operation	API	Evidence	Confidence
Create supplier invoice	`API_SUPPLIERINVOICE_PROCESS_SRV` POST	Official SAP API docs, iPaaS connectors (all 6 platforms confirm write), community examples	VERY HIGH
Create credit note	Same API, `SupplierInvoiceType = "KG"`	Official docs	VERY HIGH
Park invoice (save without posting)	Same API, `SupplierInvoiceStatus = "5"`	Official docs, Fiori app behavior	HIGH
Release blocked invoice	Same API, clear `PaymentBlockingReason`	Official docs	HIGH
Reverse invoice	Same API, reversal action	Official docs	HIGH
Upload attachment	`API_CV_ATTACHMENT_SRV` POST (binary)	Official docs, BUS2081 object type for invoices	HIGH
Create cost center	`API_COSTCENTER_SRV` POST	Official docs, iPaaS connectors	VERY HIGH
Create profit center	`API_PROFITCENTER_SRV` POST	Official docs	HIGH
Create/update business partner	`API_BUSINESS_PARTNER` POST/PATCH	Official docs, most-used SAP API	VERY HIGH
Post journal entry	`API_JOURNAL_ENTRY_SRV` POST / SOAP / BAPI	Official docs (from 2020 release)	HIGH
Approve/reject workflow task	`API_TASK_SRV` POST Decision	Official docs	MEDIUM (depends on customer workflow config)

Notable Write Gaps

Operation	Status	Workaround
Create GL account	No OData write	BAPI `BAPI_GL_ACCOUNT_CREATE` via RFC
Create business area	No API (config only)	Transaction `OX03` in SAP GUI
Webhook push (outbound events)	No native on-premise	Polling with `$filter` on `LastChangeDate`; or SAP Event Mesh (requires cloud)

4. iPaaS & Middleware Findings

Platform Comparison

Platform	Native SAP Connector	On-Prem Support	Read	Write	Programmatic API	Cost
SAP BTP Integration Suite	First-party	Yes (Cloud Connector)	Full	Full	Yes	$5K-50K+/yr
MuleSoft	Yes (JCo-based)	Yes (Runtime Fabric/VPN)	Full	Full	Yes	$50K-200K+/yr
Workato	Yes	Yes (On-Prem Agent)	Full	Full	Yes	$10K-50K+/yr
Boomi	Yes (RFC/BAPI/OData/IDoc)	Yes (Atom agent)	Full	Full	Yes	$10K-50K+/yr
Celigo	Yes	Yes (Agent)	Full	Full	Yes	$7K-24K+/yr
Tray.io	Yes	Yes (Agent)	Full	Full	Yes	$25K-100K+/yr
n8n	No (HTTP only)	Yes (self-hosted)	Via HTTP	Via HTTP	Yes	Free (OSS)
Make.com	No	No	N/A	N/A	—	Not viable
Zapier	No	No	N/A	N/A	—	Not viable

Key iPaaS Insights

All 6 enterprise iPaaS platforms confirm full write capability to S/4HANA On-Premise — this is a well-established integration pattern.
On-Premise connectivity is solved via lightweight agents (Workato OPA, Boomi Atom, Celigo Agent, SAP Cloud Connector). Agents create outbound tunnels — no inbound firewall rules needed.
SAP BTP Integration Suite is the gold standard with 2,000+ pre-built integration flows, but requires SAP ecosystem investment.
Boomi and Celigo offer best cost-to-capability ratio for SAP specifically.
iPaaS as discovery tool: iPaaS connectors revealing Import/Action operations confirmed that write endpoints exist even where SAP's public docs are unclear.

SAP BTP Integration Suite (Recommended iPaaS if Middleware Needed)

First-party SAP product — deepest integration, 2,000+ pre-built flows
Pre-built content for: Finance (Journal Entries, GL Posting), Procurement (PO, Invoices), Master Data (Business Partners, Cost Centers)
Connectivity via SAP Cloud Connector (lightweight on-prem agent, X.509 cert auth, principal propagation)
Integration flows expose HTTP endpoints callable from any external system (including Orcha)
Licensed under SAP BTP — subscription or pay-as-you-go based on message volume

5. Alternative Channels

Channel	Availability	Direction	Notes
IDocs	YES — native SAP format	Bidirectional	SAP's EDI/document exchange format. `INVOIC02` for invoices, `CREMAS` for vendors. Requires IDoc port configuration + partner profile setup. Best for high-volume batch scenarios.
RFC/BAPI	YES — fully supported	Bidirectional	Classic SAP integration. Requires SAP JCo library or SAP Connector for .NET. Still needed for GL account creation. Direct binary protocol (not HTTP).
SAP Cloud Connector	YES — SAP's recommended bridge	Cloud → On-Prem	Lightweight agent creating secure tunnel from SAP BTP to on-prem. Reverse proxy pattern — no inbound firewall changes. Supports HTTP(S) and RFC tunneling.
SFTP / File-based	YES	Bidirectional	CSV/XML file import via batch input (BDC) or LSMW. Custom-configured per customer. Common for initial data migration. Not real-time.
Webhooks / Events	LIMITED	Outbound only	SAP Event Mesh / Enterprise Messaging available from S/4HANA 2020, but requires cloud infrastructure (SAP BTP). Not natively available on bare on-premise. Practical alternative: polling with OData `$filter` on `LastChangeDate`.
Batch Input (BDC)	YES	Inbound to SAP	Simulates SAP GUI transactions programmatically. Legacy but reliable for operations without API coverage. Requires ABAP development on the customer side.
EBICS / Banking	YES	Bidirectional	For payment file exchange. SAP supports SEPA pain.001/pain.002, CAMT.053/054. Relevant for payment status reconciliation.

Recommended Channel Strategy

Primary: Direct OData API calls via HTTPS (simplest, most maintainable)
Fallback for GL accounts: RFC/BAPI via SAP JCo or through iPaaS
Status monitoring: OData polling with date-based filters
High-volume scenarios: Consider IDoc or batch file exchange
If customer has SAP BTP: Leverage Cloud Connector + Integration Suite

6. Licensing & Access Requirements

API Access — Included or Extra Cost?

Question	Answer
Is API access included in base license?	YES — OData APIs are part of the S/4HANA On-Premise installation. No separate API module purchase needed. The APIs ship with the software.
Are there separate API user licenses?	YES (important) — SAP requires a communication user (technical user / service account) for API access. This user needs an SAP user license. The type depends on the licensing model — see "Digital Access" below.
Usage-based API costs?	Not per-call, but SAP's Digital Access licensing charges per document created by third-party systems. See critical section below.
Admin setup required?	YES — significant. See setup checklist below.

CRITICAL: SAP Digital Access / Indirect Access Licensing

This is the most important licensing consideration and a well-known cost trap:

What it is: SAP charges for "digital access" when third-party systems (like Orcha) create or read documents in SAP. This was historically called "indirect access" and was the subject of major lawsuits (notably SAP vs. Diageo, 2017).

Current model (since 2018): SAP offers a Document-Based Pricing model:

Charges are based on the number of documents created in SAP by external systems per year
Document types are categorized (e.g., "Order to Cash," "Procure to Pay," "Finance")
Supplier invoices created via API count as "Procure to Pay" documents
Pricing tiers vary — typically starting at several thousand EUR for document packages
Existing SAP customers can choose to adopt the new model or stay on their existing licensing

Impact for Orcha customers:

Every supplier invoice Orcha creates in SAP via API may incur a per-document digital access fee
The customer MUST clarify their SAP licensing model and digital access entitlement before going live
Some customers may already have digital access included in their enterprise agreement
Others may need to purchase document packages from SAP

What Orcha should include in customer-facing materials:

"Please confirm with your SAP account manager whether your S/4HANA license includes Digital Access entitlement for Procure-to-Pay documents. If your license predates 2018, you may need to adopt SAP's Digital Access pricing model or purchase document packages before enabling third-party invoice creation via API."

Customer Setup Checklist

The following steps must be completed by the customer's SAP Basis administrator before Orcha can connect:

Step	Transaction / Tool	Description
1. Activate OData services	`/IWFND/MAINT_SERVICE`	Add and activate required OData services (see list below)
2. Create communication user	`SU01`	Create a technical user (type "System" or "Communication")
3. Assign authorization roles	`PFCG`	Create/assign roles with required authorization objects
4. Configure OAuth 2.0 (recommended)	`SOAUTH2`	Register OAuth client, configure scopes
5. Activate ICF services	`SICF`	Ensure SAP Gateway ICF nodes are active
6. Network access	Firewall / VPN / Cloud Connector	Enable HTTPS access from Orcha to SAP Gateway (port 443 or custom)
7. Test connectivity	SAP Gateway Client (`/IWFND/GW_CLIENT`)	Verify API responses

OData Services to Activate

Service	Purpose
`API_SUPPLIERINVOICE_PROCESS_SRV`	Create/read/manage supplier invoices
`API_CV_ATTACHMENT_SRV`	Upload document attachments
`API_BUSINESS_PARTNER`	Read/sync supplier master data
`API_COSTCENTER_SRV`	Read/sync cost centers
`API_GLACCOUNTINCHARTOFACCOUNTS_SRV`	Read GL accounts
`API_GLACCOUNTINCOMPANYCODE_SRV`	Read GL accounts per company code
`API_COMPANYCODE_SRV`	Read company codes
`API_JOURNALENTRYITEMBASIC_SRV`	Read payment/clearing status
`API_TASK_SRV`	Approval workflow (if needed)

Required Authorization Objects

Auth Object	Description	Typical Values
`F_BKPF_BUK`	FI Document — Company Code	Customer's company codes
`F_BKPF_BLA`	FI Document — Document Type	`RE` (invoice), `KG` (credit note)
`M_RECH_WRK`	Invoice Verification — Plant	Customer's plants
`S_SERVICE`	OData Service Access	Specific service names
`S_RFC`	RFC Authorization	RFC function groups (if BAPI used)

Ongoing Costs for Customer

Cost Type	Description	Estimate
SAP Digital Access	Per-document fee for invoices created via API	Varies by agreement — confirm with SAP
Communication user license	SAP user license for the technical user	Included in most agreements (dialog-free user)
SAP BTP (if used)	Cloud Connector + Integration Suite subscription	$5K-50K+/yr if iPaaS route chosen
Infrastructure	VPN / reverse proxy / network setup	One-time setup cost

7. Orcha-Specific Deep Dive

7a. Create Supplier Invoice (AP Invoice) — PRIMARY INTEGRATION POINT

Service: API_SUPPLIERINVOICE_PROCESS_SRV (OData v2) Available from: S/4HANA 1610+ Endpoint: POST /sap/opu/odata/sap/API_SUPPLIERINVOICE_PROCESS_SRV/A_SupplierInvoice

Supports deep insert — create header + GL line items + tax items in a single POST:

{
  "CompanyCode": "1000",
  "DocumentDate": "/Date(1711843200000)/",
  "PostingDate": "/Date(1711843200000)/",
  "SupplierInvoiceIDByInvoicingParty": "INV-2026-001",
  "InvoicingParty": "0000001000",
  "DocumentCurrency": "EUR",
  "InvoiceGrossAmount": "1190.00",
  "TaxIsCalculatedAutomatically": true,
  "DocumentHeaderText": "Orcha processed invoice",
  "PaymentTerms": "0001",
  "to_SupplierInvoiceItemGLAcct": [
    {
      "GLAccount": "0000400000",
      "SupplierInvoiceItemAmount": "1000.00",
      "TaxCode": "V1",
      "CostCenter": "0000010000",
      "DocumentItemText": "Office supplies"
    }
  ],
  "to_SupplierInvoiceItemTax": [
    {
      "TaxCode": "V1",
      "TaxAmount": "190.00",
      "TaxBaseAmountInTransCrcy": "1000.00"
    }
  ]
}

Navigation properties for deep insert:

to_SupplierInvoiceItemGLAcct — GL account line items (non-PO invoices)
to_SupplierInvoiceItemPurOrd — PO-based line items (3-way matching)
to_SupplierInvoiceItemTax — tax line items
to_SuplrInvcItemAcctAssgmt — account assignment details

Key fields (header): CompanyCode, DocumentDate, PostingDate, InvoicingParty (vendor), DocumentCurrency, InvoiceGrossAmount, SupplierInvoiceIDByInvoicingParty (vendor's invoice number), PaymentTerms, SupplierInvoiceStatus (5 = park), PaymentBlockingReason

Key fields (line items): GLAccount, SupplierInvoiceItemAmount, TaxCode, CostCenter, ProfitCenter, WBSElement, InternalOrder, DocumentItemText, DebitCreditCode

Credit notes: Same API with SupplierInvoiceType = "KG" (credit memo) or "KR" (vendor credit note).

Response: Returns SupplierInvoice (document number), FiscalYear, CompanyCode as keys.

BAPI alternative: BAPI_INCOMINGINVOICE_CREATE via RFC — older, stable, same capability.

Confidence: VERY HIGH

7b. Attach Invoice PDF

Service: API_CV_ATTACHMENT_SRV (OData v2) Available from: S/4HANA 1709+ Endpoint: POST /sap/opu/odata/sap/API_CV_ATTACHMENT_SRV/AttachmentContentSet

How it works:

POST with binary file content as body
Set Content-Type to file MIME type (e.g., application/pdf)
Required URL parameters / headers:
- BusinessObjectTypeName = "BUS2081" (supplier invoice)
- LinkedSAPObjectKey = "<CompanyCode><InvoiceDocNumber><FiscalYear>" (padded: 4+10+4 chars)
- Slug = "invoice_12345.pdf" (filename)
Supports: PDF, JPEG, PNG, TIFF, XLSX, DOCX — any binary format
Max file size: configurable on SAP Gateway (typically 50-100 MB)

Workflow: Create invoice first → get document number → upload attachment using document key.

Confidence: HIGH

7c. Sync Reference Data (Read from SAP)

Data	Service	Key Fields
Suppliers/Vendors	`API_BUSINESS_PARTNER` → `A_Supplier`, `A_SupplierCompany`	`BusinessPartner`, `Supplier`, `BusinessPartnerName`, `TaxNumber1`, `VATRegistration`, bank details via `to_BusinessPartnerBank`
Cost Centers	`API_COSTCENTER_SRV` → `A_CostCenter`	`ControllingArea`, `CostCenter`, `CostCenterName`, `ValidityStartDate/EndDate`, `CompanyCode`
GL Accounts	`API_GLACCOUNTINCHARTOFACCOUNTS_SRV` + `API_GLACCOUNTINCOMPANYCODE_SRV`	`ChartOfAccounts`, `GLAccount`, `GLAccountName`, `GLAccountType`, `IsBalanceSheetAccount`
Tax Codes	`API_TAXCODE_SRV` / BAPI	`TaxCode`, `TaxCodeName`, `TaxRate`, `Country`
Company Codes	`API_COMPANYCODE_SRV`	`CompanyCode`, `CompanyCodeName`, `Country`, `Currency`, `ChartOfAccounts`
Exchange Rates	`API_EXCHANGERATE_SRV`	`SourceCurrency`, `TargetCurrency`, `ExchangeRate`, `ValidityStartDate`

All support OData $filter, $select, $top, $skip for efficient querying and pagination.

Confidence: VERY HIGH

7d. Write Reference Data (Into SAP)

Data	Capability	Service	Notes
Cost Centers	FULL CRUD	`API_COSTCENTER_SRV` POST/PATCH	Time-dependent (validity dates are part of key)
Profit Centers	FULL CRUD	`API_PROFITCENTER_SRV` POST/PATCH	Same time-dependency pattern
Business Partners	FULL CRUD	`API_BUSINESS_PARTNER` POST/PATCH	SAP's central master data API
GL Accounts	READ-ONLY via OData	Write only via BAPI `BAPI_GL_ACCOUNT_CREATE` (RFC)	Notable gap — GL account creation requires RFC
WBS Elements	Depends on PS module	`API_WBS_ELEMENT_SRV`	Requires Project System licensing

Confidence: HIGH (except GL accounts via OData — LOW for write)

7e. Approval Workflow Management

Pattern: Park → Approve → Post

Park invoice: Create with SupplierInvoiceStatus = "5" (parked, not posted)
Read workflow tasks: GET /sap/opu/odata/sap/API_TASK_SRV/TaskCollection — lists pending approval items
Approve/Reject: POST /sap/opu/odata/sap/API_TASK_SRV/Decision with DecisionKey (e.g., "0001" = approve, "0002" = reject)
Post parked invoice: Post action on the parked document after approval

Important caveats:

Approval workflows are heavily customer-specific — configured per customer via SWU3 / PFTC
No universal "approve this invoice" endpoint — depends on customer's workflow definition
Safest Orcha approach: park invoices, then either let SAP handle approval internally, or query API_TASK_SRV to drive approvals if customer exposes their workflow
Some customers use SAP's Flexible Workflow, others use classic Business Workflow, others use custom ABAP

Confidence: MEDIUM (API exists, but behavior varies per customer)

7f. Invoice Status & Payment Tracking

Invoice status: Read from API_SUPPLIERINVOICE_PROCESS_SRV

SupplierInvoiceStatus — posted vs. parked
PaymentBlockingReason — blank = not blocked
IsReversed / ReversedDocument

Payment status: Read from API_JOURNALENTRYITEMBASIC_SRV

Query: $filter=SupplierInvoice eq '...' and CompanyCode eq '...'
ClearingDocument — if populated, invoice has been paid/cleared
ClearingDate — date of payment
IsCleared — boolean
OpenItemAmount — remaining unpaid amount (partial payments)
NetDueDate — payment due date

Delta monitoring: No native webhooks on-premise. Use polling:

GET .../A_SupplierInvoice?$filter=LastChangeDate gt datetime'2026-03-30T00:00:00'
Configurable polling interval per customer (recommend 5-15 minutes)

Confidence: HIGH

Orcha Integration Capability Summary

Orcha Need	SAP Endpoint	Method	Confidence	Notes
Push invoice to SAP	`API_SUPPLIERINVOICE_PROCESS_SRV`	POST (deep insert)	VERY HIGH	Full header + lines + tax in one call
Push credit note	Same API	POST (`type = KG`)	VERY HIGH	Same structure as invoice
Attach original PDF	`API_CV_ATTACHMENT_SRV`	POST (binary)	HIGH	BUS2081 object type, two-step (create → attach)
Sync vendors from SAP	`API_BUSINESS_PARTNER`	GET	VERY HIGH	Includes addresses, bank details, tax numbers
Sync cost centers from SAP	`API_COSTCENTER_SRV`	GET	VERY HIGH	Filter by controlling area, time-dependent
Sync GL accounts from SAP	`API_GLACCOUNTINCHARTOFACCOUNTS_SRV`	GET	VERY HIGH	Per chart of accounts and company code
Sync tax codes from SAP	`API_TAXCODE_SRV`	GET	HIGH	Country-specific tax procedures
Manage approvals	`API_TASK_SRV` + park pattern	POST	MEDIUM	Customer-specific workflow config
Track invoice status	`API_SUPPLIERINVOICE_PROCESS_SRV`	GET	HIGH	Status, blocking, reversal fields
Track payment status	`API_JOURNALENTRYITEMBASIC_SRV`	GET	HIGH	Clearing document/date, open amount
Detect changes (polling)	All read APIs	GET + `$filter`	HIGH	`LastChangeDate` filter, no native webhooks

8. Recommended Path Forward

Architecture Recommendation: Direct OData API Integration

For Orcha's use case, direct OData API integration is the recommended approach — no iPaaS middleware needed.

Rationale:

SAP S/4HANA On-Premise has well-documented, stable OData APIs for all core Orcha needs
The APIs are included in the base S/4HANA license (no additional API module cost)
Direct integration gives Orcha full control over the integration logic, error handling, and retry behavior
Avoids iPaaS subscription costs ($10K-200K+/yr) for the customer
OData v2 over HTTPS is a standard REST-like protocol — no special SDK needed

When iPaaS makes sense instead:

Customer already has SAP BTP Integration Suite — leverage existing investment
Customer requires IDoc-based integration (legacy processes)
Customer's network policy prohibits direct HTTPS access to SAP — iPaaS agent as bridge
GL account creation is critical — iPaaS can handle RFC/BAPI calls that direct OData cannot

Phased Integration Plan

Phase 1: Reference Data Sync (Read from SAP)

Sync suppliers/vendors (API_BUSINESS_PARTNER)
Sync cost centers (API_COSTCENTER_SRV)
Sync GL accounts (API_GLACCOUNTINCHARTOFACCOUNTS_SRV)
Sync company codes, tax codes
Establish polling-based delta sync

Phase 2: Invoice Push (Write to SAP)

Create supplier invoices via API_SUPPLIERINVOICE_PROCESS_SRV (deep insert)
Create credit notes (same API, type KG)
Attach original PDF via API_CV_ATTACHMENT_SRV
Implement CSRF token handling and error management

Phase 3: Status Tracking & Lifecycle

Poll for invoice status changes
Track payment/clearing status via API_JOURNALENTRYITEMBASIC_SRV
Build status sync back to Orcha (posted → approved → paid → cleared)

Phase 4: Approval Integration (Optional)

Park invoices instead of posting directly
Integrate with customer's approval workflow via API_TASK_SRV
Note: highly customer-specific — may need per-customer configuration

Architecture Decision Matrix

Approach	Customer Cost	Complexity	Control	Best When
Direct OData API	Low (included in license + digital access fees)	Medium	Full	Standard AP automation — recommended
SAP BTP Integration Suite	$5K-50K+/yr	Medium	Medium	Customer already on SAP BTP
Third-party iPaaS (Boomi/Celigo)	$10K-50K+/yr	Medium	Partial	Customer requires middleware for other integrations
MuleSoft	$50K-200K+/yr	High	Full	Large enterprise, Salesforce ecosystem
IDoc-based	Low (custom dev)	High	Medium	High-volume batch processing, legacy requirements
SFTP/File-based	Low	High	Low	No API access possible, data migration only

Technical Considerations

Concern	Recommendation
CSRF tokens	Implement token caching with session reuse. Fetch new token on 403 response.
Error handling	Parse OData error response body for SAP message class/number. Implement retry with exponential backoff for 5xx errors.
Pagination	Use server-driven paging (`__next` links) for large reference data syncs.
Date handling	OData v2 uses Edm.DateTime format: `/Date(milliseconds)/`. Handle timezone carefully.
Testing	Request access to customer's sandbox/QA S/4HANA system. Use SAP Gateway Client for API testing.
GL account gap	If GL account creation is required, consider SAP JCo library for RFC calls or route through iPaaS.

9. Sources

Official SAP Documentation

SAP Business Accelerator Hub — S/4HANA APIs: https://api.sap.com/products/SAPS4HANA/apis/packages
SAP S/4HANA OData V2 API Package: https://api.sap.com/package/S4HANAOPAPI/odata
SAP S/4HANA OData V4 APIs: https://api.sap.com/products/SAPS4HANA/apis/ODATAV4
Supplier Invoice API: https://api.sap.com/api/API_SUPPLIERINVOICE_PROCESS_SRV/overview
SAP Help Portal (On-Premise): https://help.sap.com/docs/SAP_S4HANA_ON-PREMISE
APIs on SAP Business Accelerator Hub: https://help.sap.com/docs/SAP_S4HANA_ON-PREMISE/8308e6d301d54584a33cd04a9861bc52/1e60f14bdc224c2c975c8fa8bcfd7f3f.html

Community & Guides

Complete Guide to SAP S/4HANA APIs (Apideck): https://www.apideck.com/blog/guide-to-sap-4-hana-rest-and-soap-api
SAP S/4HANA API Essentials (Rollout): https://rollout.com/integration-guides/sap/api-essentials
Using Postman to test OData API in OnPrem system: https://community.sap.com/t5/enterprise-resource-planning-blog-posts-by-sap/using-postman-to-test-odata-api-in-onprem-system/ba-p/13547065
Modernizing RFC/BAPI-based Integrations for Clean Core: https://community.sap.com/t5/technology-blog-posts-by-sap/modernizing-rfc-bapi-based-integrations-for-a-clean-core-with-sap/ba-p/14240582
APIs for Journal Entries Collection: https://community.sap.com/t5/technology-blog-posts-by-sap/apis-for-journal-entries-the-collection-updated-july-2025/ba-p/13565258
Cost Center APIs Practical Guide: https://community.sap.com/t5/enterprise-resource-planning-blog-posts-by-sap/a-practical-guide-to-cost-center-apis-in-sap-s-4hana-cloud/ba-p/14229337
OAuth 2.0 with S/4HANA OData Services: https://community.sap.com/t5/technology-blog-posts-by-sap/step-by-step-calling-s-4hana-standard-odata-apis-with-oauth-2-0-from-client/ba-p/14346113

Licensing

SAP Digital Access Licensing: https://www.sap.com/products/erp/digital-access.html
SAP Indirect Access / Digital Access FAQ: SAP community discussions and analyst coverage (Gartner, Forrester)

iPaaS Platforms

Celigo SAP Connector documentation
Workato SAP Connector (On-Premise Agent)
Boomi SAP Connector (Atom deployment)
SAP BTP Integration Suite (Cloud Platform Integration)
MuleSoft SAP Connector (Anypoint Exchange)
Tray.io SAP Connector

API Specifications

OData $metadata: Available per service at https://<host>/sap/opu/odata/sap/<SERVICE>/$metadata
OpenAPI/YAML/JSON specs: Downloadable from SAP Business Accelerator Hub (login required)
SAP Cloud SDK specification download: https://sap.github.io/cloud-sdk/docs/js/guides/api-business-hub-download-specification