Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Identify Which External Applications are Calling Your RFCs

Former Member
0 Kudos

Question: Using RFC Web Services, how can remote calls to these RFCs be engineered in such a way as to be able to identify the calling server AND application name? What are the prerequisites for doing so?

Background: Over the course of time, many RFCs will inevitably be developed to meet the needs of numerous external and third-party applications such as web apps and the like. Some of these RFCs will likely be used by several of these applications. When it becomes necessary to modify a particular shared RFC, you will want to ensure that change has not broken existing implementation of it. Furthermore, over time, and personnel changes, a lack of documentation and training for internal processes can leave development teams struggling to come up with a test plan not knowing how a given RFC is being used in production. To increase the chances of a successful deployment, you must be able to identify these applications to be sure they remain unaffected by the changes or are updated to accommodate them.

2 REPLIES 2

Former Member
0 Kudos

The trick is to use BAPIs with stable interfaces, then you dont have this problem.

Of course you might also create RFC wrappers for the BAPIs and create a webservice for the wrapper. If more than one webservice uses the wrapper then things could go wrong.

So this is more of a developer discipline question than a security question...

But to answer your question (as you already have the problem...) -> you can evaluate the RFC server profiles in ST03N. The detailed vias (see the tabs) will show you the server side users and the client side hosts and destination names calling the RFC.

If it is called from within the system (deeper calls) then you will have to use the where-used-list from SE37. But if the FM name is not called directly, but you will have to resort to a code scan for the name. If the name is concatenated of embedde within macros, then you will have to use a runtime analysis tool.

The hole gets deeper and deeper --> use BAPIs  🙂

Cheers,

Julius

OttoGold
Active Contributor
0 Kudos

I can recommend a brief code review when you ask developers some hard questions. That can help both with the discipline and the coding quality as well as with your original RFC problem

Cheers Otto