SAP Connection
Optional RFC connection from FileRelay back to SAP for document metadata enrichment.
SAP Connection
Optional. Lets FileRelay call back into SAP via RFC to enrich incoming documents with business-object metadata. Documents still flow without it — they just don't carry the extra metadata.
What enrichment adds
An incoming ArchiveLink request carries docId, contRep, compId — the bare identifiers. RFC enrichment looks up the linked business object and attaches fields like:
- Invoice number + date
- Vendor name + number
- Purchase order reference
- Company code, fiscal year
- SAP object type + key
Enriched metadata can be used in:
- File paths (
/invoices/2026/{VENDOR_NAME}/invoice_{NUM}.pdf) - Object tags / metadata headers on cloud destinations (S3, Azure, GCS, etc.)
- Webhook payloads for downstream processing
For CMIS and OData ingest paths, the underlying SAP system attaches the business-object key to the event itself — so explicit RFC enrichment is usually only needed for ArchiveLink.
Configure
Settings → SAP Connection.
| Field | Notes |
|---|---|
| Host | SAP application server hostname / IP; must be reachable from the FileRelay deployment |
| SysNr | 2-digit system number, e.g. 00 |
| Client | 3-digit client number, e.g. 100 |
| User | RFC user (dedicated communication user recommended) |
| Password | Stored encrypted at rest |
| Lang | Logon language, e.g. EN |
REPLACE: Screenshot of the SAP connection configuration form
SAP user authorisations
Minimum:
S_RFC— execute remote function callsS_TABU_DIS— read tables for metadata lookups- Function-module authz for the specific BAPIs you use for enrichment
Prefer a dedicated communication user (type CPIC / B) over a dialog user — avoids password-expiry policies and dialog-user locks from failed interactive logons.
Test connection
Click Test Connection. A pass confirms FileRelay can reach the application server, the credentials work, and the user has basic RFC authz.
Common failures:
- Network — for on-prem SAP, you may need VPN, SAP Cloud Connector, or peering.
- Credentials — user exists in this client + correct password.
- User locked — check SAP user lock status.
- Authz — confirm
S_RFCis granted.
REPLACE: Screenshot of a successful test result
How it works at runtime
- Document arrives via ArchiveLink (or CMIS / OData) at the receiver.
- FileRelay extracts SAP object type + key from the request.
- RFC call to SAP looks up business-object metadata.
- Metadata is attached to the document record.
- Downstream routing / file naming / destination metadata can use the enriched fields.
Enrichment is asynchronous and non-blocking — SAP gets its 201 back immediately. If the RFC call fails, the document still goes to destinations (without the extra metadata).
Security
- Credentials encrypted at rest with envelope encryption.
- Standard SAP RFC on the wire — wrap with SAProuter or SAP Cloud Connector if you want extra control / audit.
- SAP-side audit — every RFC call shows up in transaction SM20 under the configured user.
When to skip
- You don't need business-object metadata at the destination.
- SAP isn't reachable from FileRelay and you don't want to provision the path.
- You enrich downstream (webhook → your own system).
- Initial testing.
Next steps
- Workspace Settings — relay mode + retry config
- Document Routing — use enriched fields in paths
- Sources Overview