diff --git a/docs/api-integrations/sap-ariba.mdx b/docs/api-integrations/sap-ariba.mdx
new file mode 100644
index 00000000000..c12def26822
--- /dev/null
+++ b/docs/api-integrations/sap-ariba.mdx
@@ -0,0 +1,84 @@
+---
+title: 'SAP Ariba'
+sidebarTitle: 'SAP Ariba'
+description: 'Integrate your application with the SAP Ariba API'
+---
+
+## 🚀 Quickstart
+
+Connect to SAP Ariba with Nango and see data flow in 2 minutes.
+
+
+
+ In Nango ([free signup](https://app.nango.dev)), go to [Integrations](https://app.nango.dev/dev/integrations) -> _Configure New Integration_ -> _SAP Ariba_.
+
+
+ Go to [Connections](https://app.nango.dev/dev/connections) -> _Add Test Connection_ -> _Authorize_, then enter your SAP Ariba credentials. Later, you'll let your users do the same directly from your app.
+
+
+ Let's make your first request to the SAP Ariba API (fetch supplier data). Replace the placeholders below with your [secret key](https://app.nango.dev/dev/environment-settings), [integration ID](https://app.nango.dev/dev/integrations), and [connection ID](https://app.nango.dev/dev/connections):
+
+
+
+ ```bash
+ curl "https://api.nango.dev/proxy/discovery/api/collaborationRoom/v1/collaborationRooms" \
+ -H "Authorization: Bearer " \
+ -H "Provider-Config-Key: " \
+ -H "Connection-Id: "
+ ```
+
+
+
+
+
+ Install Nango's backend SDK with `npm i @nangohq/node`. Then run:
+
+ ```typescript
+ import { Nango } from '@nangohq/node';
+
+ const nango = new Nango({ secretKey: '' });
+
+ const res = await nango.get({
+ endpoint: '/discovery/api/collaborationRoom/v1/collaborationRooms',
+ providerConfigKey: '',
+ connectionId: ''
+ });
+
+ console.log(res.data);
+ ```
+
+
+
+
+ Or fetch credentials with the [Node SDK](/reference/sdks/node#get-a-connection-with-credentials) or [API](/reference/api/connection/get).
+
+ ✅ You're connected! Check the [Logs](https://app.nango.dev/dev/logs) tab in Nango to inspect requests.
+
+
+
+ Follow our [Auth implementation guide](/implementation-guides/platform/auth/implement-api-auth) to integrate Nango in your app.
+
+ To obtain your own production credentials, follow the setup guide linked below.
+
+
+
+## 📚 SAP Ariba Integration Guides
+
+Nango maintained guides for common use cases.
+
+- [How do I link my account?](/api-integrations/sap-ariba/connect)
+Connect your SAP Ariba account
+- [How to obtain your SAP Ariba API credentials](/api-integrations/sap-ariba/sap-ariba-api-credentials-setup)
+Register an application on the SAP Ariba Developer Portal and obtain credentials to connect it to Nango
+
+Official docs: [SAP Ariba API docs](https://help.sap.com/docs/ariba-apis)
+
+## 🧩 Pre-built syncs & actions for SAP Ariba
+
+Enable them in your dashboard. [Extend and customize](/implementation-guides/platform/functions/customize-template) to fit your needs.
+
+import PreBuiltUseCases from "/snippets/generated/sap-ariba/PreBuiltUseCases.mdx"
+
+
+
+---
diff --git a/docs/api-integrations/sap-ariba/connect.mdx b/docs/api-integrations/sap-ariba/connect.mdx
new file mode 100644
index 00000000000..a000f0fd9c5
--- /dev/null
+++ b/docs/api-integrations/sap-ariba/connect.mdx
@@ -0,0 +1,71 @@
+---
+title: 'SAP Ariba - How do I link my account?'
+sidebarTitle: 'SAP Ariba'
+---
+
+# Overview
+
+To authenticate with SAP Ariba, you will need:
+1. **Client ID** - A unique identifier for your application.
+2. **Client Secret** - A confidential key used to authenticate the identity of your application.
+3. **Region** (optional) - Your SAP Ariba data center region (US, EU, or Australia).
+4. **Application Key (API Key)** - Required for all API requests.
+5. **Ariba Network ID (ANID)** - Your organization's unique identifier in SAP Ariba (e.g., `AN01234567890`).
+
+This guide will walk you through obtaining these credentials within SAP Ariba.
+
+### Prerequisites:
+
+- You must have an account with [SAP Ariba Developer Portal](https://developer.ariba.com).
+- You need your Ariba Network ID (ANID) for your organization.
+
+### Instructions:
+
+#### Step 1: Select Your Region
+
+SAP Ariba has different data centers for different regions. Select the region where your SAP Ariba instance is hosted:
+
+| Region | Region Value | Description |
+|--------|--------------|-------------|
+| United States | *(leave empty)* | Default region for US-based customers |
+| Europe | `-eu` | For EU-based customers |
+| Australia | `.au.cloud` | For APAC customers |
+
+The region determines which API endpoints will be used for authentication and API calls. Enter the exact value shown in the "Region Value" column.
+
+#### Step 2: Get Your API Key
+
+1. Log in to the [SAP Ariba Developer Portal](https://developer.ariba.com).
+2. Navigate to **Manage > Applications**.
+3. Select your application (or create one if you haven't already).
+4. Navigate to **Application Details**.
+5. Copy your **Application Key** (also called `apikey`).
+
+This API Key is required in the header of all API requests to SAP Ariba.
+
+#### Step 3: Find Your ANID
+
+Your Ariba Network ID (ANID) is your organization's unique identifier in SAP Ariba:
+
+1. Your ANID starts with `AN` followed by digits (e.g., `AN01234567890`).
+2. You can find your ANID in your SAP Ariba account settings under **Company Profile** or in the URL when logged in.
+3. Contact your SAP Ariba administrator if you're unsure of your ANID.
+
+#### Step 4: Get OAuth Credentials
+
+1. In the SAP Ariba Developer Portal, navigate to your application's **Credentials** section.
+2. Copy your **OAuth Client ID**.
+3. Click **Generate** to create a new **OAuth Client Secret** (if you don't have one).
+4. Store these credentials securely - the Client Secret is only shown once.
+
+#### Step 5: Enter credentials in the Connect UI
+
+Once you have all your credentials:
+1. Open the form where you need to authenticate with SAP Ariba.
+2. Enter your **Region** value (leave empty for US, use `-eu` for Europe, or `.au.cloud` for Australia).
+3. Enter your **Application Key (API Key)**.
+4. Enter your **Ariba Network ID (ANID)**.
+5. Enter your **Client ID** and **Client Secret**.
+6. Submit the form, and you should be successfully authenticated.
+
+You are now connected to SAP Ariba.
diff --git a/docs/api-integrations/sap-ariba/sap-ariba-api-credentials-setup.mdx b/docs/api-integrations/sap-ariba/sap-ariba-api-credentials-setup.mdx
new file mode 100644
index 00000000000..908f37afdf4
--- /dev/null
+++ b/docs/api-integrations/sap-ariba/sap-ariba-api-credentials-setup.mdx
@@ -0,0 +1,45 @@
+---
+title: 'How to obtain your SAP Ariba API credentials'
+sidebarTitle: 'SAP Ariba Setup'
+description: 'Register an application on the SAP Ariba Developer Portal and obtain credentials to connect it to Nango'
+---
+
+This guide shows you how to register your own application with SAP Ariba to obtain API credentials. These are required to let your app access data via the SAP Ariba APIs.
+
+
+
+ Go to the [SAP Ariba Developer Portal](https://developer.ariba.com) and sign up for a developer account.
+
+
+ 1. Log in and navigate to **Manage > Applications**
+ 2. Click **Create New Application**
+ 3. Fill in the required details (application name, description)
+ 4. Request API access for your needed APIs (e.g., Operational Reporting, Supplier Data, Collaboration Room)
+ 5. Wait for auto-approval (typically within 12 hours)
+
+
+ 1. Navigate to your application's **Application Details**
+ 2. Copy your **Application Key** — this is sent as the `apikey` header on every API request
+
+
+ 1. Navigate to your application's **Credentials** section
+ 2. Copy your **OAuth Client ID**
+ 3. Click **Generate** to create a new **OAuth Client Secret**
+ 4. Store both securely — the Client Secret is only shown once
+
+ SAP Ariba uses a custom OAuth 2.0 grant type (`openapi_2lo`) instead of the standard `client_credentials`. Nango handles this automatically.
+
+
+ Your ANID identifies your organization:
+ 1. It starts with `AN` followed by digits (e.g., `AN01234567890`)
+ 2. Find it in your SAP Ariba account settings under **Company Profile**
+ 3. Contact your SAP Ariba administrator if unsure
+
+
+ Follow the [_Quickstart_](/getting-started/quickstart) to connect your first account.
+
+
+
+For more details, see [SAP Ariba's OAuth documentation](https://help.sap.com/docs/ariba-apis/help-for-sap-ariba-developer-portal/use-of-api-gateway-and-oauth-to-authenticate-applications).
+
+---
diff --git a/docs/docs.json b/docs/docs.json
index 85338e8eb1f..ea811e1f40e 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -759,6 +759,7 @@
"integrations/all/sage-intacct",
"integrations/all/sage-intacct-oauth",
"integrations/all/sage-people",
+ "api-integrations/sap-ariba",
"api-integrations/salesforce",
"api-integrations/salesforce-cc",
"api-integrations/salesforce-jwt",
diff --git a/docs/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx b/docs/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx
index 22b957fc822..d2237922407 100644
--- a/docs/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx
+++ b/docs/snippets/generated/salesforce-cc/PreBuiltUseCases.mdx
@@ -1,3 +1,3 @@
_No pre-built syncs or actions available yet._
-Not seeing the integration you need? [Build your own](https://nango.dev/docs/guides/primitives/functions) independently.
\ No newline at end of file
+Not seeing the integration you need? [Build your own](/guides/primitives/functions) independently.
\ No newline at end of file
diff --git a/docs/snippets/generated/sap-ariba/PreBuiltTooling.mdx b/docs/snippets/generated/sap-ariba/PreBuiltTooling.mdx
new file mode 100644
index 00000000000..434860d66bf
--- /dev/null
+++ b/docs/snippets/generated/sap-ariba/PreBuiltTooling.mdx
@@ -0,0 +1,41 @@
+## Pre-built tooling
+
+
+| Tools | Status |
+| - | - |
+| Pre-built authorization (OAuth) | ✅ |
+| Credentials auto-refresh | ✅ |
+| Pre-built authorization UI | ✅ |
+| Custom authorization UI | ✅ |
+| End-user authorization guide | ✅ |
+| Expired credentials detection | ✅ |
+
+
+| Tools | Status |
+| - | - |
+| Pre-built integrations | 🚫 (time to contribute: <48h) |
+| API unification | ✅ |
+| 2-way sync | ✅ |
+| Webhooks from Nango on data modifications | ✅ |
+| Real-time webhooks from 3rd-party API | 🚫 (time to contribute: <48h) |
+| Proxy requests | ✅ |
+
+
+| Tools | Status |
+| - | - |
+| HTTP request logging | ✅ |
+| End-to-end type safety | ✅ |
+| Data runtime validation | ✅ |
+| OpenTelemetry export | ✅ |
+| Slack alerts on errors | ✅ |
+| Integration status API | ✅ |
+
+
+| Tools | Status |
+| - | - |
+| Create or customize use-cases | ✅ |
+| Pre-configured pagination | 🚫 (time to contribute: <48h) |
+| Pre-configured rate-limit handling | 🚫 (time to contribute: <48h) |
+| Per-customer configurations | ✅ |
+
+
\ No newline at end of file
diff --git a/docs/snippets/generated/sap-ariba/PreBuiltUseCases.mdx b/docs/snippets/generated/sap-ariba/PreBuiltUseCases.mdx
new file mode 100644
index 00000000000..d2237922407
--- /dev/null
+++ b/docs/snippets/generated/sap-ariba/PreBuiltUseCases.mdx
@@ -0,0 +1,3 @@
+_No pre-built syncs or actions available yet._
+
+Not seeing the integration you need? [Build your own](/guides/primitives/functions) independently.
\ No newline at end of file
diff --git a/packages/providers/providers.yaml b/packages/providers/providers.yaml
index fbe2ee5369a..d14afaee618 100644
--- a/packages/providers/providers.yaml
+++ b/packages/providers/providers.yaml
@@ -14289,6 +14289,52 @@ sage-people:
pattern: '^https?://.*$'
automated: true
+sap-ariba:
+ display_name: SAP Ariba
+ categories:
+ - erp
+ auth_mode: OAUTH2_CC
+ token_url: https://api${connectionConfig.region}.ariba.com/v2/oauth/token || https://api.ariba.com/v2/oauth/token
+ token_params:
+ grant_type: openapi_2lo
+ token_request_auth_method: basic
+ body_format: form
+ proxy:
+ base_url: https://openapi${connectionConfig.region}.ariba.com || https://openapi.ariba.com
+ headers:
+ apikey: ${connectionConfig.apiKey}
+ X-ARIBA-NETWORK-ID: ${connectionConfig.anid}
+ retry:
+ after:
+ - retry-after
+ docs: https://nango.dev/docs/api-integrations/sap-ariba
+ docs_connect: https://nango.dev/docs/api-integrations/sap-ariba/connect
+ setup_guide_url: https://nango.dev/docs/api-integrations/sap-ariba/sap-ariba-api-credentials-setup
+ connection_config:
+ region:
+ type: string
+ title: Region
+ description: Your SAP Ariba data center region. Leave empty for US, use "-eu" for Europe, or ".au.cloud" for Australia.
+ example: -eu
+ doc_section: '#step-1-select-your-region'
+ order: 1
+ optional: true
+ apiKey:
+ type: string
+ title: Application Key (API Key)
+ description: Your SAP Ariba application's API Key from the Developer Portal
+ secret: true
+ doc_section: '#step-2-get-your-api-key'
+ order: 2
+ anid:
+ type: string
+ title: Ariba Network ID (ANID)
+ description: Your SAP Ariba Network ID (e.g., AN01234567890). Found in your SAP Ariba account settings.
+ example: AN01234567890
+ pattern: '^AN[0-9]+$'
+ doc_section: '#step-3-find-your-anid'
+ order: 3
+
salesforce:
display_name: Salesforce
categories:
diff --git a/packages/shared/lib/services/connection.service.ts b/packages/shared/lib/services/connection.service.ts
index eab6b6f631f..443f99452b2 100644
--- a/packages/shared/lib/services/connection.service.ts
+++ b/packages/shared/lib/services/connection.service.ts
@@ -38,6 +38,7 @@ import {
interpolateObject,
interpolateObjectValues,
interpolateString,
+ interpolateStringFromObject,
makeUrl,
parseTokenExpirationDate,
stripCredential,
@@ -1192,8 +1193,8 @@ class ConnectionService {
client_certificate?: string | undefined;
client_private_key?: string | undefined;
}): Promise> {
- const strippedTokenUrl = typeof provider.token_url === 'string' ? provider.token_url.replace(/connectionConfig\./g, '') : '';
- const url = new URL(interpolateString(strippedTokenUrl, connectionConfig));
+ const tokenUrl = typeof provider.token_url === 'string' ? provider.token_url : '';
+ const url = new URL(interpolateStringFromObject(tokenUrl, { connectionConfig }));
let interpolatedParams: Record = {};
if (provider.token_params) {
diff --git a/scripts/validation/providers/schema.json b/scripts/validation/providers/schema.json
index bc51e30b3c3..a7ade866bdd 100644
--- a/scripts/validation/providers/schema.json
+++ b/scripts/validation/providers/schema.json
@@ -481,7 +481,8 @@
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"password",
- "refresh_token"
+ "refresh_token",
+ "openapi_2lo"
]
},
"request": {