Rapid Application Development

AI-based Conversation Chatbot embedded in SAP S/4 HANA

Sudip Ghosh
Helping organization to the New Intelligent Enterprise with SAP Cloud Platform

Step-by-step approach , how AARINI Consulting made a fully SAP integrated AI-based Enterprise Chatbot.

‘Business Story - Tooling - Architecture - Approach' for this Use Case:

Conversational AI in combination with integrating WhatsApp with S/4HANA’.

We all know that WhatsApp is one of most used messaging app that people are using for personal use as well as business use.

Why does the integration of Conversational AI/WhatsApp and S/4 HANA makes sense?

The answer is actually straight forward. It is basically for extending your enterprise. As a purchaser you would like to know the status of your purchase order, as a customer you want to know the status of your sales order etc. But if you want to know your order status, you either need to logon to your S/4 HANA system or you need to ask someone. Now instead of doing this, you could ask a WhatsApp bot, who can give you the insight of your order. Available 24/7 and no cost. By doing this you can increase the customer experience, and employee experience.

Now most of the SAP CAI developers will start thinking that we are just talking about building a bot in SAP CAI and expose this bot through another channel. But here is trick, there is no WhatsApp channel available in SAP CAI just like messenger, alexa, slack etc. 

Then how is this integration still possible?

This answer is also very simple its Twilio which will help us to achieve this.

What is Twilio?

Twilio is a cloud communications platform as a service. Twilio allows software developers to programmatically make and receive phone calls, send and receive text messages and perform other communication functions using its web service APIs

Discussing about Twilio more will not make sense here, because people are smart enough to google and do R&D on it. But the focus here is to discuss how Twilio is enabling this integration.

Technical Architecture

Business Story

BestRunNL is a Dutch based company who uses S/4HANA to run their business. Karin is newly on-boarded employee in BestRunNL and she is eagerly waiting to get her new laptop so she can start contributing. As many employees joined in last seven days, BestRunNL had to place a purchase order for Karin, which will take approximately two days to deliver the order. Karin really would like to know, when she will get the laptop. In the meantime she remembered her onboarding training, where she was introduced to Sarah (a WhatsApp bot), who can help employees to know get various business insights and information. Sarah is completely integrated with their core system S/4HANA. So Karin added the Sarah bot in her WhatsApp account and asked her order status. Sarah bot checked the order status in S/4HANA and reply that the order has been delivered, which gave her a smile on her face.

So far the short business story. Let’s find out how to connect the dots. Let's break this integration into 11 smaller pieces, so that it's easier to understand.

1. CDS and OData service creation for querying the order status. (In this example the Purchase Requisition and Purchase order Status will be queried). Check this blog.

2. Exposing the OData service through cloud connector and creating a proxy API using SAP API management. Check this blog.

3. Designing the skill of the chatbot in SAP CAI. Check this amazing tutorial

4. Creating Node.js app which will be interacting with S/4HANA and provide JSON response in the way that SAP CAI understands. Check out Sudip-AARINI github repository.

5. Deploying the Node.js app which we created in the last step into SAP Cloud Platform Cloud Foundry account.

6. Use the deployed application URL with a proper path as webhook of the skill in SAP CAI.

7. Test the bot using SAP CAI. AARINI has been writing about this previously.

8. Create a free account in Twilio.

9. Enable the WhatsApp channel.

10. Create a Twilio function to interact with SAP CAI using SAP CAI SDK.

11. Deploy the function and use function URL as Webhook of the WhatsApp channel.

Among step 7 till 11, there are numerous blogs which people wrote, so we will not deep dive into these. Let's discuss on last four points one by one.

8. Create free account in Twilio using this link, you can get a free trial account, where all the beta services are enabled. Registration process is quite straightforward.

9. Enable the WhatsApp channel

Twilio provide a WhatsApp Sandbox account. You have to setup the sandbox account in your mobile. This process is pretty straight forward. You have to add your sand box number in your WhatsApp and send the code (E.G join say-rays) as the first message from your WhatsApp as explained below.

(login to your Twilio account and you will find this option , once you click on programmable SMS)

Once successfully connected, you will get Message Received like below.

Now you can leave it like this, as we will discuss this in a later stage. Now we have to create Twilio function which will interact with SAP CAI using SAP CAI SDK.

10. Create a Twilio function to interact with SAP CAI using SAP CAI SDK.

Now click on Runtime in your Twilio dashboard. You will find Functions (beta) option like below.

Now explore the function, you will find manage and configure option, first click on configure option we have to add npm module for SAP CAI SDK.

Now in dependency list we need to add SAP CAI npm module with correct version.

After saving this now you go to manage function option and add function with a blank template.

Give a function name, path, add the code below and save it.

After pasting the code and before saving, replace the request token with your request token which is used in the 4th line. You can get easily request the token from your bot like below.

Twilio Function code

Now save it. After successful saved, copy the function path which has to be Webhooked in WhatsApp channel.

11.Deploy the function and use function Url as Webhook of WhatsApp channel.

Now go to programmable SMS and then go to WhatsApp Sandbox to add the function path as Webhook like below.

Save it. You can test it now.

As the next step you want to add one-time password security.

Security is mandatory in any enterprise conversational system, when it is hosted in public social media like WhatsApp, Facebook etc. Especially, because now everyone has a smartphone. Here we will discuss about security aspect of the WhatsApp integration with S/4 HANA.

Why is Security so important with a Enterprise Chatbot?

Business transaction information is very critical and it should never be disclosed with non verified people. Also everyone has WhatsApp now and it is very easy to add the bot number and start gathering information about the organization and business transactions. 

So how we are going to make sure that only real verified employees can interact with the chatbot?

Two-factor authentication based protocols can help you adding the right security layer. For security reasons it is mandatory that before you start any communication with our SAP CAI based bot, it verifies the employee by sending a one time password to their registered mobile number in the organization HRM/HCM system. So this will block access from someone outside the organization as they do not have an entry in the organization’s employee master record and their mobile number is not registered in organization’s Employee Master record. 

Then how is this One-Time Password Integration possible?

We have reached this by integrating SAP CAI with Twilio Authy Service. The best of SAP CAI is that if you design the brain and train your bot properly, you can achieve almost anything.

What is Twilio Authy?

Twilio Authy is the fastest way to add two-factor authentication login to your app. It provides RESTful APIs to secure your user accounts with high-security checks during logins and step-up transactions to ensure the right security. It also has easy support for SMS, Voice, OTP, and Push Authentication channels.

Do we need to maintain the Employee’s Mobile number and Employee ID in Twilio Authy? If so, how will the complete process work?

Indeed we have to maintain the employee's mobile number and employee ID in Twilio to enable it to send the one-time password. Each organization has a HRM/HCM (like SuccessFactors) Employee Central system to maintain the Employee master record. For this example we have used SAP SuccessFactors. In this example the process flow is pretty straight forward:

Eric is a HR employee, who works in a Dutch based company BestRunNL and is responsible for onboarding employees and maintaining the employee Master record. Karin is a new employee who is going to be onboarded, so Eric checked all the documents and after added all the records in SAP SuccessFactors. Now in this case SAP Cloud Platform Integration (CPI) will extract the Employee ID, Phone Number and Name from SAP SuccesFactors and will push this data into Twilio Authy Service. Once successfully created, it will return a Unique Authy ID to SAP CPI, SAP CPI Club Employee Central ID and Twilio Authy ID and push it to the SAP HANA DB in SAP Cloud Platform as Twilio Authy does not store Employee Central User ID's.

How will SAP Conversational AI be integrated with this?

Though the above conversation flow gives a good idea how it will, still explanation on the verification process is needed. When the new employee will send any message for the first time, it will ask the employee ID for verification. Once the employee has send the ID, it will make a webhook call to the Node.js application, which will first call Hana XS service to check if there is any Authy ID present for that particular employee ID. If it finds a valid Authy ID, it will call the Authy OTP API to send the OTP to the employee Mobile. In parallel it is asking for a OTP number from the employee. If it is a valid employee then the employee will be able to provide the correct OTP and SAP CAI will make another API call to verify that OTP. Once successful it will send a positive response, otherwise it will reset the bot memory and send a negative response.

Let's Redesign the architecture

You can see a green dash border around SAP CAI, which is verifying the real employee. Let's see how this secure architecture looks like.

Is there any special training required in SAP CAI Bot to work seamlessly with this verification process?

Let's start to answer this in a different way. If I would ask you to verify an employee? You probably would go to your HRM/HCM system and search for that specific employee record. You need to know how to access this HRM/HCM system, where you need to search etc. Similarly the bot also need to know how to get the employee ID and One-Time Password from the conversation and pass it into a webhook call.

Same thing we have to do for OTP as well, once we have maintained this entity and our bot, we will be able to recognize and store it in-memory. This can be used in a webhook call. E.g. in Authy we have configured a six digit OTP, the entity should look like 134575, 842292, 123098….. and Intent should look like 144133 is my OTP, my OTP is 245763 …

This should wrap up the information and architecture part. Let's get into the implementation of it. Let's split it up into 5 steps:

1. Setting up Authy Application / OTP service in Twilio

2. Exploring the Authy API

Look at the nice documentation for Authy API. Here mainly we need three API

a) Authy User Creation API

b) Request One Time Password API

c) Verifying One Time Password API

3. Re-Designing the skills of Sarah (Bot)

We have two additional skills here to add to this verification. a) Verify Employee b) OTP. Verifying the employee would be triggered in case both EMP and OTP memories are absent and any Intent gets captured from the user conversation. The OTP skill will be triggered from Verify employee in case the employee ID got matched with the supplied employee ID from the user.

Let see how the OTP skill looks like

Action of OTP Skill

Let's Look at how we have designed the other skill triggered

4. Writing the Node.js Application and integrate it with SAP CAI in Webhook

As you might have noticed two extra function i have added a) Verifying Employee b) Verifying OTP

Github for Verifying Employee Function

Github for Verifying One time Password function

5. Twilio function

Interested in moving towards the New Intelligent Enterprise with Conversational AI in your Organization?

Please PM or contact me on:


Read More Cases