Skip to Content

API Management authorisation question

Hi all,

I am using an API Management instance and people from other group/team also use this instance.

When we expose our back-end service in API Management, we can see each other's API Proxy and thus know the service URLs.

We don't want this, is there any authorization setting in API Management?

Moreover, I think API Proxy is not the only one that needs authorization, for example, key-value pair should also be hidden from un-authorized user, although they cannot see the value, they know the existing of the key-value pair.

Anyone knows anything about this?

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Oct 24, 2019 at 12:58 AM

    Hi Ming Yu,

    Can you elaborate a little bit on your ask? When you say you are using API Management alongside other teams, do you mean that you are an Administrator in the API Portal, alongside other teams? At the time of the writing of this answer, there is currently no way to differentiate within the API Portal access rights and viewership, it's an all or nothing.
    If however you are referring to the Developer Portal, then yes SAP API Management has implemented a role based access scheme for viewing / subscribing to a Product/API.

    If there is a serious enough need for security/privacy concerns, the work around currently would be to segregate your API Management instances by team, which is more administration work, but comes at no additional cost to customers.

    For KVM this would be a similar solution.

    With that said, the roadmap currently has the fine grained access control of users for API Portal as an early 2020 development.
    Source: https://www.sap.com/products/roadmaps/finder-all.html#pdf-asset=b6f14428-c37c-0010-82c7-eda71af511fa&page=10

    This should hopefully address the concerns you have around visibility without requiring spinning up and administering new instances.

    Regards,
    Elijah

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.