Skip to Content
Oct 30, 2021 at 10:35 AM

Questions for SAP API Management



for me it feels that the documentation lacks some informations for SAP API Management. I have a a few simple questions and I hope that someone could help me a bit.

My case: I wanted to restrict an OData service so that only some entities can be read and only some query parameters are allowed. On top it would be nice to filter specific data from the results.

Question 1

For now I added the public northwind service from microsoft as proxy and added some resources like /Customers /Orders etc. I expected that /Products would not be accessible than but it seems that it is. Is there an easy way to restrict the other pathes or do I have to add all by my self and put an error policy in the Flow? Same for $metadata and just /

Question 2

To filter the queries, I wanted to add a script with a list of allowed query parameters and check if the query parameters are allowed. Otherwise set the variable error to true and catch this with an error policy. Nevertheless this sounds to complicated. Is there an out of the box way? For example $filter should be allowed and $expand should only be allowed with some specific parameters.

Question 3

For some Ressources, only GET should be allowed. No PUT or POST. Do I have to catch this in the flows and throw an error or is there an out of the box possibility?

Question 4

What do these Route Roules and Properties do? I found nothing related in the docs that really explain it.



Best regards and thank you in advance