In SAP BTP Cloud Connector (transaction SUBACCOUNT > ACCESS CONTROL), add the on-premise system as a back-end resource; expose the RFC system ID as a virtual host and set the protocol to RFC.
In BTP Cockpit, create a destination of type RFC pointing to the virtual host and port configured in Cloud Connector; set authentication to PrincipalPropagation or BasicAuthentication with a technical user.
From your BTP application, resolve the destination using the Destination service REST API: GET /destination-configuration/v1/destinations/<destName> — this returns connectivity proxy details and a one-time token.
Use the SAP Cloud SDK (Java or JavaScript) or the JRFC/NCo library with the connectivity proxy settings to open an RFC connection and call the BAPI, e.g., BAPI_GOODSMVT_CREATE.
Pass the BAPI parameters (GOODSMVT_HEADER, GOODSMVT_ITEM table, GOODSMVT_CODE) as RFC structures; call BAPI_TRANSACTION_COMMIT after the BAPI to finalize the posting.
Verify the Cloud Connector audit log and the BTP Connectivity service trace dashboard for failed connection attempts before debugging at the BAPI level.
Known gotchas
RFC connections through Cloud Connector require the JCo (Java Connector) or NCo (.NET Connector) library; pure HTTP REST cannot invoke RFC functions — the Cloud Connector RFC tunnel is not HTTP.
PrincipalPropagation requires the BTP user to have a matching user in the on-premise SAP system; if identity propagation fails, the RFC call returns a logon error rather than an authorization error, making diagnosis confusing.
BAPI_TRANSACTION_COMMIT must be called explicitly after every successful BAPI write — RFC calls do not auto-commit, and omitting the commit leaves the database LUW open until the RFC session terminates, which may be minutes later.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp