Good morning everyone,

I’m facing an issue with my SAP BTP destination configuration and would appreciate your guidance.

Current Setup:

I have an HTTP destination configured in BTP with Basic Authentication (username/password).

The destination is used by a CAP (Node.js) service to connect to an on-premise OData service via Cloud Connector (ProxyType: OnPremise).

The destination works manually when I use my default-env json in BAS.

The Problem is:

When my CAP service calls the destination, I get this error:

Error during request to remote service: Failed to build headers. Caused by: AuthenticationType is "BasicAuthentication", but "username" and/or "password" are missing!

My senior advised not to hardcode credentials in the mta.yaml or package.json, but the service fails to retrieve them dynamically.

So,

How can I ensure my CAP service retrieves the username/password from the BTP destination? Are there specific @SAP/cds or @SAP-cloud-sdk configurations required to resolve this?

Destination Configuration:

Type: HTTP Authentication: BasicAuthentication

CAP Service Code:

const BackendSrv = await cds.connect.to("my destination", { csrf: true });
const orders = await BackendSrv.run(
SELECT.one("OrderByIds", orderId)
);

package.json:

"cds": {
"requires": {
"placeholdername": {
"kind": "odata-v2",
"csrf": true,
"model": "srv/external/placeholdername",
"credentials": {
"destination": "my destination name"
}
}
},
"[production]": {
"requires": {
"db": {
"kind": "hana-cloud"
},
"placeholdername": {
"kind": "odata-v2",
"model": "srv/external/placeholdername",
"csrf": true,
"csrfInBatch": true,
"credentials": {
"destination": "my destination name"
}
},
"connectivity": true,
"destination": true,
"auth": {
"kind": "xsuaa"
}
},
"log": {
"levels": {
"ui-service": "trace"
}
}
}
}

mta.yaml:

_schema-version: 3.3.0
ID: myapp
version: 1.0.0
description: "A simple CAP project."
parameters:
enable-parallel-deployments: true
build-parameters:
before-all:
- builder: custom
commands:
- npm ci
- npx cds build --production
modules:
- name: myapp-srv
type: nodejs
path: gen/srv
parameters:
instances: 1
buildpack: nodejs_buildpack
build-parameters:
builder: npm-ci
provides:
- name: srv-api
properties:
srv-url: ${default-url}
requires:
- name: myapp-auth
- name: myapp-destination
- name: myapp-db
- name: myapp-connectivity
- name: myapp
type: approuter.nodejs
path: app/
parameters:
keep-existing-routes: true
disk-quota: 256M
memory: 256M
requires:
- name: srv-api
group: destinations
properties:
name: srv-api
url: ~{srv-url}
forwardAuthToken: true
- name: myapp-auth
- name: myapp-destination
provides:
- name: app-api
properties:
app-protocol: ${protocol}
app-uri: ${default-uri}
- name: myapp-db-deployer
type: hdb
path: gen/db
parameters:
buildpack: nodejs_buildpack
requires:
- name: myapp-db
resources:
- name: myapp-auth
type: .cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
path: ./xs-security.json
config:
xsappname: myapp-${}-${space}
tenant-mode: dedicated
- name: myapp-destination
type: .cloudfoundry.managed-service
parameters:
service: destination
service-plan: lite
- name: myapp-db
type: com.sap.xs.hdi-container
parameters:
service: hana
service-plan: hdi-shared
- name: myapp-connectivity
type: .cloudfoundry.managed-service
parameters:
service: connectivity
service-plan: lite

I’ve verified the destination name matches in package.json and that the Cloud Connector is reachable. Any insights would be greatly appreciated!

Thank you in advance.

i expect that username and password should be injected during runtime