This skill provides comprehensive knowledge for SAP BTP Connectivity, including the Destination Service, Connectivity Service, Cloud Connector, Connectivity Proxy, and Transparent Proxy for Kubernetes. It should be used when configuring destinations, setting up cloud-to-on-premise connectivity, implementing principal propagation, deploying connectivity proxies in Kubernetes/Kyma environments, or troubleshooting connectivity issues. Use this skill when: - Creating or configuring SAP BTP destinations (HTTP, RFC, LDAP, MAIL, TCP) - Setting up Cloud Connector for on-premise connectivity - Implementing OAuth authentication flows for destinations - Configuring principal propagation or user propagation - Deploying Connectivity Proxy or Transparent Proxy in Kubernetes - Troubleshooting connectivity errors (405, 407, 503) - Setting up high availability for Cloud Connector - Configuring multitenancy for destinations Keywords: SAP BTP, Connectivity, Destination Service, Cloud Connector, Connectivity Proxy, Transparent Proxy, Kyma, Kubernetes, OAuth, Principal Propagation, RFC, LDAP, on-premise, hybrid connectivity, service channels, SOCKS5, reverse proxy, tunnel
/plugin marketplace add secondsky/sap-skills/plugin install sap-btp-connectivity@sap-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
README.mdreferences/advanced-configuration.mdreferences/authentication-types.mdreferences/cloud-connector.mdreferences/connectivity-alternatives-and-config.mdreferences/destination-service-api.mdreferences/http-destinations.mdreferences/identity-propagation-scenarios.mdreferences/java-sdk-development.mdreferences/kubernetes-connectivity.mdreferences/mail-protocols.mdreferences/mail-tcp-ldap-destinations.mdreferences/operational-guides.mdreferences/rfc-destinations.mdreferences/troubleshooting.mdtemplates/connectivity-proxy-values.yamltemplates/destination-http-oauth.jsontemplates/destination-onpremise.jsontemplates/transparent-proxy-values.yamlSAP BTP Connectivity provides secure access from SAP BTP applications to remote services across cloud, on-premise, and VPC environments.
| Component | Purpose |
|---|---|
| Destination Service | Manages connection metadata, authentication, routing |
| Connectivity Service | Enables Kubernetes workloads via Cloud Connector |
| Cloud Connector | Reverse proxy for secure on-premise tunneling |
| Connectivity Proxy | Kubernetes component for on-premise access |
| Transparent Proxy | Kubernetes component for unified destination access |
Supported Environments: Cloud Foundry, ABAP Environment, Kyma
Supported Protocols: HTTP/HTTPS, RFC, TCP (SOCKS5), LDAP/LDAPS, Mail
Name: my-destination
Type: HTTP
URL: [https://api.example.com](https://api.example.com)
ProxyType: Internet
Authentication: OAuth2ClientCredentials
clientId: <your-client-id>
clientSecret: <your-client-secret>
tokenServiceURL: [https://auth.example.com/oauth/token](https://auth.example.com/oauth/token)
[https://localhost:8443](https://localhost:8443`)Administrator / manage (change immediately)const { getDestination } = require('@sap-cloud-sdk/connectivity');
const destination = await getDestination({ destinationName: 'my-destination' });
ProxyType: Internet
Authentication: OAuth2ClientCredentials | OAuth2SAMLBearerAssertion
ProxyType: OnPremise
Authentication: BasicAuthentication | PrincipalPropagation
Requires Cloud Connector installation in on-premise network.
For on-premise systems accessing SAP BTP services via Cloud Connector.
| Type | Use Case | ProxyType | Common Authentication |
|---|---|---|---|
| HTTP | REST/OData APIs | Internet/OnPremise | OAuth2, Basic, Certificates |
| RFC | SAP systems | OnPremise | Basic, PrincipalPropagation |
| LDAP | Directory services | Internet | Basic, NoAuth |
| Email protocols | Internet | Basic, NoAuth | |
| TCP | Generic TCP | OnPremise | Basic |
Detailed configuration: See references/http-destinations.md, references/rfc-destinations.md, references/mail-tcp-ldap-destinations.md
Authentication: OAuth2ClientCredentials
clientId: <client-id>
clientSecret: <client-secret>
tokenServiceURL: [https://auth.example.com/oauth/token](https://auth.example.com/oauth/token)
Authentication: OAuth2SAMLBearerAssertion
audience: <target-audience>
clientKey: <client-key>
tokenServiceURL: [https://auth.example.com/oauth2/token](https://auth.example.com/oauth2/token)
KeyStoreLocation: <certificate-location>
Authentication: PrincipalPropagation
ProxyType: OnPremise
Requires Cloud Connector X.509 certificate generation.
Complete reference: references/authentication-types.md (all 17+ types)
[https://<hostname>:8443](https://<hostname>:8443`)Administrator / manageConfigure on-premise resource access:
Complete guide: references/cloud-connector.md
Enables Kubernetes workloads to access on-premise systems.
Installation:
helm install connectivity-proxy \
oci://registry-1.docker.io/sapse/connectivity-proxy \
--version <version> --namespace <namespace> -f values.yaml
Exposes BTP destinations as Kubernetes Services.
Installation:
helm install transparent-proxy \
oci://registry-1.docker.io/sapse/transparent-proxy \
--version <version> --namespace <namespace> -f values.yaml
Usage: Create Destination Custom Resource, access as Kubernetes Service.
Complete configuration: references/kubernetes-connectivity.md
| Code | Cause | Solution |
|---|---|---|
| 400 | Malformed request | Check request syntax |
| 401 | Authentication failure | Verify credentials/tokens |
| 405 | HTTPS instead of HTTP | Use [http://](http://`) with port 20003 |
| 407 | Missing authorization | Add Proxy-Authorization: Bearer <token> |
| 503 | Cloud Connector offline | Check CC connection and Location ID |
Cannot connect to subaccount:
Access denied to resource:
Complete troubleshooting: references/troubleshooting.md
references/http-destinations.md - Complete HTTP destination propertiesreferences/rfc-destinations.md - RFC destination properties and poolingreferences/mail-tcp-ldap-destinations.md - Mail, TCP, LDAP configurationreferences/authentication-types.md - All 17+ authentication configurationsreferences/cloud-connector.md - Cloud Connector setup and configurationreferences/kubernetes-connectivity.md - Connectivity Proxy and Transparent Proxyreferences/destination-service-api.md - REST API referencereferences/advanced-configuration.md - MTA, config.json, chaining, ZTISreferences/identity-propagation-scenarios.md - ABAP, NetWeaver Java, custom IDPreferences/operational-guides.md - Network zones, solution managementreferences/connectivity-alternatives-and-config.md - Reverse proxy, user roles, RFC configreferences/java-sdk-development.md - Java APIs, JCo, SAP Cloud SDKreferences/mail-protocols.md - SMTP, IMAP, POP3 configurationtemplates/destination-http-oauth.json - HTTP destination with OAuth templatetemplates/destination-onpremise.json - On-premise destination templatetemplates/connectivity-proxy-values.yaml - Helm values for Connectivity Proxytemplates/transparent-proxy-values.yaml - Helm values for Transparent ProxyLast Updated: 2025-11-27
Next Review: 2026-02-27
Source: https://github.com/SAP-docs/btp-connectivity (383 files, 352+ analyzed)
This skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.