SAP CPI (Cloud Integration) — Interview Questions Booklet (50 Q&A)
Integration Suite • iFlow Design • Adapters & Security • Cloud Connector • Mapping (Graphical/XSLT/Groovy) • QoS & JMS • B2B/EDI & TPM • Monitoring & Operations • Transport & DevOps
1) What is SAP CPI (Cloud Integration), and where does it fit within SAP Integration Suite?
Answer: Cloud Integration is the runtime and design-time service for building and running integration flows (iFlows). It sits inside SAP Integration Suite alongside API Mgmt, Integration Advisor, Open Connectors, etc., covering application-to-application and B2B integrations.
2) How do tenants, regions, and data centers impact a CPI landscape?
Answer: Tenants are isolated environments per region/data center. Region choice affects latency, data residency, and available services; landscapes commonly use separate tenants for Dev/QA/Prod with governed transports.
3) What are iFlows, and which artifact types are typically included?
Answer: An iFlow orchestrates message processing via steps (adapters, transformations, routers, scripts). Packages also include value mappings, message mappings, scripts, certificates, and security material.
4) How do design-time and runtime differ in CPI?
Answer: Design-time covers modeling artifacts, versioning, and configuration; runtime executes deployed iFlows, persisting message processing logs (MPL), attachments, and adapter calls under configured QoS.
5) What are the typical integration patterns supported by CPI?
Answer: Request–reply, asynchronous messaging, pub/sub via JMS, content-based routing, scatter–gather/multicast, splitter–aggregator, enrichment, and BPMN-like exception handling.
6) How do the Destination and Connectivity concepts help CPI reach external systems?
Answer: Destinations centralize endpoints and auth; the connectivity proxy (with Cloud Connector for on-prem) provides secure outbound tunnels so iFlows call internal systems without inbound firewall holes.
7) What is the SAP Cloud Connector, and why is it critical for on-premise integrations?
Answer: Cloud Connector creates a secure reverse tunnel from on-prem to BTP, exposing only whitelisted resources. CPI uses it for RFC/HTTP/ODATA/IDoc/RFC connections to internal systems.
8) Which authentication schemes are commonly used in CPI adapters?
Answer: Basic, Client Certificate (mTLS), OAuth2 (Client Credentials, SAML Bearer, JWT), API key, and SFTP SSH keys. Credentials and keys are stored as Security Material and referenced by adapters.
9) How are certificates and keystores managed in CPI?
Answer: You upload private keys, certs, and trusted CAs into the tenant keystore, assign aliases in adapter channels, and refresh before expiry to keep TLS handshakes and signatures valid.
10) How do you implement principal propagation end-to-end from cloud to on-prem?
Answer: Use OAuth2 SAML Bearer for destinations via Cloud Connector, set trust between IAS/IdP and backend, and map the user in the ABAP/Java system so CPI forwards the end-user identity.
11) Which CPI adapters do you reach for most often, and why?
Answer: HTTP/REST and OData for SAP and SaaS APIs; SOAP for legacy or enterprise web services; IDoc/RFC for ABAP integration; SFTP/AS2 for B2B file/EDI; JMS/AMQP for decoupling and reliability.
12) When would you use the IDoc adapter versus SOAP for IDoc processing?
Answer: Prefer the IDoc adapter for native ALE/IDoc integration with tRFC security and QoS; use SOAP only when the endpoint requires IDoc over SOAP rather than classic tRFC/HTTP.
13) How does the OData adapter simplify S/4HANA integrations?
Answer: It natively handles OData service discovery, metadata, and query options, reducing manual HTTP handling and easing pagination, filtering, and batch requests.
14) Why and how would you use JMS within CPI?
Answer: JMS queues buffer spikes, enforce EO/EOIO ordering, and enable async retries. You drop messages into JMS and consume downstream to decouple producers from consumers.
15) What are typical use cases for the AS2 adapter in B2B scenarios?
Answer: Secure EDI exchange (EDIFACT/X12) with partners requiring signed/encrypted payloads and MDNs. AS2 provides message integrity, non-repudiation, and partner acknowledgments.
16) How does the Content Modifier step help prepare messages?
Answer: It sets or reads headers, properties, and body fragments (XPath/JSONPath/expressions) so subsequent steps (mappings, calls) receive clean, contextual data.
17) When should you use a Splitter, and how do you recombine messages?
Answer: Use a Splitter for bulk payloads (e.g., array of orders) to process per item; pair with Aggregator (correlation) to reassemble, or process independently for async fan-out.
18) How do you implement content-based routing in CPI?
Answer: Add a Router with XPath/JSONPath or header/property conditions to branch to different receivers or mappings based on business rules.
19) What is the role of the Exception Subprocess in an iFlow?
Answer: It centralizes error handling—catching exceptions, enriching error context, writing to logs/JMS, triggering alerts, and shaping a functional error response.
20) How do you design an iFlow for resiliency and retries?
Answer: Use JMS between risky hops, idempotent keys, backoff retries, circuit-breaker logic in scripts, and compensating steps for partial failures.
21) What mapping options exist in CPI, and when is each appropriate?
Answer: Graphical Message Mapping for straightforward field mapping, XSLT for XML-to-XML transformations, and Groovy/JavaScript for complex logic, calculations, or non-XML payloads.
22) How do you handle JSON to XML (and back) transformations?
Answer: Use Format Converters, JSON to XML step, or scripts to convert structures; then apply Message Mapping/XSLT and convert back if the receiver expects JSON.
23) How do you version and reuse mappings across multiple iFlows?
Answer: Keep mappings in shared packages, manage versions, and reference them from iFlows; use value mappings for cross-system code conversions.
24) What are value mappings, and how do they support code conversion?
Answer: Value mappings store key pairs (e.g., unit codes, material groups) across systems; mappings look up the correct target value at runtime for consistency.
25) How do you test and debug a complex mapping?
Answer: Use the mapping test tool with sample payloads, enable trace to capture intermediate results, and add temporary log statements in scripts for variables/paths.
26) What Quality of Service (QoS) levels does CPI support, and what do they mean?
Answer: Best Effort (no persistence), Exactly Once (EO) for once-and-only-once delivery, and Exactly Once In Order (EOIO) to preserve sequence via queues/sequence IDs.
27) How do you ensure idempotency for APIs that might receive duplicates?
Answer: Generate/propagate unique business keys, check a Data Store/JMS header before processing, and design receivers to safely ignore repeats.
28) When should you use the Data Store, and what are common pitfalls?
Answer: Use it for correlation, checkpoints, and small state. Avoid storing large payloads or long retention that can bloat storage and impact performance.
29) How do you throttle or rate-limit outbound calls from CPI?
Answer: Add a JMS queue to smooth bursts, apply timers or scripts for pacing, and implement 429/backoff handling to respect partner quotas.
30) How do you guarantee ordering across a multi-receiver scenario?
Answer: Use EOIO with a consistent sequence ID per business object and avoid parallel branches that would break the single ordered path.
31) How does CPI support EDI standards like EDIFACT or ANSI X12?
Answer: With the B2B capabilities: EDI parsing/serialization, interchange control (envelopes), and mappings to canonical formats; often combined with AS2/OFTP adapters.
32) What is Trading Partner Management (TPM), and why is it useful?
Answer: TPM centralizes partner profiles, agreements, certificates, and channel settings so you manage partner-specific EDI/AS2 parameters without cloning iFlows.
33) How do you validate EDI messages and generate functional acknowledgments?
Answer: Apply EDI validation steps and create 997/CONTRL acknowledgments based on validation results; return MDNs for AS2 delivery confirmation.
34) What approach do you take for partner-specific mapping differences?
Answer: Parameterize mappings via TPM/agreement variables or value mappings, and branch in iFlow to apply partner-specific transforms without duplicating logic.
35) How do you rotate B2B certificates with zero downtime?
Answer: Upload new certs to TPM/keystore, run dual-signing/dual-decryption windows if supported, coordinate cutover with partners, then decommission old certs.
36) What monitoring tools are available for CPI at runtime?
Answer: Message Processing Monitor (MPL), Integration Content Monitor, End-to-End Trace, JMS metrics, and alerting via email/webhooks or external observability hooks.
37) How do you troubleshoot an iFlow failure effectively?
Answer: Reproduce with the same payload in trace mode, inspect MPL attachments, check adapter logs and partner responses, and review exception subprocess outputs.
38) How should alerts be designed to be actionable rather than noisy?
Answer: Include correlation IDs, business keys, endpoint/status, retry hints, and severity; send to the right on-call group and suppress transient, self-healing conditions.
39) Which KPIs help you assess integration health over time?
Answer: Success/failure rates, median/95th latency, retry counts, queue depth, partner error rates, and cost/throughput per integration.
40) How do you audit changes and deployments across tenants?
Answer: Use content versioning, transport logs/approvals, and tie deploys to change tickets; export evidence packs for audits (config, mappings, cert dates).
41) What transport options exist for promoting CPI content between tenants?
Answer: Use SAP Cloud Transport Management (TMS/CTM) or Integration Suite’s transport capabilities to move packages/iFlows with approvals and traceability.
42) How do you implement CI/CD for CPI artifacts?
Answer: Store artifacts in Git, automate packaging/testing with pipelines, and use transport APIs/TMS for gated deployments to QA/Prod.
43) What techniques improve iFlow performance for large payloads?
Answer: Stream where possible, split large messages, avoid heavy scripts in hot paths, paginate API calls, and push compute to backends when appropriate.
44) How do you control costs while scaling integrations?
Answer: Consolidate flows, reuse mappings, cache lookups, respect partner rate limits to avoid retries, and monitor throughput to right-size capacity.
45) How do you manage secrets safely across environments?
Answer: Keep credentials in Security Material, separate per tenant, rotate regularly, prefer OAuth over basic, and never hardcode secrets in scripts.
46) Why might an HTTP receiver call return intermittent 429/5xx, and how do you stabilize it?
Answer: Rate limits or transient partner issues—implement retries with exponential backoff, add JMS buffering, and coordinate quotas with the partner.
47) What would you check if IDocs stop arriving from an on-prem SAP system?
Answer: ALE/port status, Cloud Connector availability, IDoc adapter channel auth, queue backlogs, and recent cert/endpoint changes on either side.
48) How do you approach a mapping that suddenly produces empty target segments?
Answer: Compare payload schema/version, re-run mapping test with trace, inspect XPath/JSONPath contexts, and validate value mapping keys and namespaces.
49) How do you prevent duplicate postings when a partner retries a request?
Answer: Use idempotency keys (e.g., order number + timestamp), check a Data Store/JMS header for prior processing, and make receiver operations idempotent.
50) What steps help when an iFlow works in Dev but fails in Prod?
Answer: Compare security material (certs/keys), destinations, allowed resources in Cloud Connector, partner whitelists, and environment variables; redeploy with the same artifact version after alignment.