Introduction:  

SAP API Management offers a straightforward and sophisticated solution for creating a comprehensive API catalog. Within this catalog, you can easily find and leverage APIs (application programming interfaces) that have been published by your organization. This portal provides administrators with the ability to manage developer access to the catalog. Currently, developers can access the catalog through two different methods:  

1. If the user already has the developer role assigned in BTP (Business Technology Platform), they will be automatically registered when they log in to the catalog. For more information on developer auto registration, please check the Blog .  
2. To gain entry to the catalog, the developers must request registration, and their requests are subject to approval by the administrator.

Feature Enhancement:

In our continuous pursuit of improving developer experience and fostering collaboration, we are excited to introduce an enhanced set of access controls for the API catalog. This update offers three distinct levels of access, empowering your team with flexibility. Let us delve into the details of each level and how it reshapes the landscape of API utilisation.

1. Authorised Users: Business as Usual  : At the heart of our system lies the familiar terrain. Authorised users, those who are logged in and possess the necessary developer role, can seamlessly access, and consume the APIs, maintaining the current behaviour. This ensures a smooth transition for those accustomed to the existing framework. 
2. Authenticated Users: Expanding Horizons : Breaking down barriers, we introduce a new layer of access control. Authenticated users, even without a designated role, can now access the API catalog. This provides an opportunity for broader exploration, enabling users to familiarize themselves with available resources. However, to consume any API, the developer role is still a prerequisite, ensuring a balance between exploration and controlled utilization. 
3. All Visitors: Welcome All, Consume with Care: In a move towards inclusivity, we now extend access to all visitors, whether logged in or not. This allows anyone to explore the APIs and understand its details without the need for authentication. However, the key to consumption still lies in obtaining the necessary developer role. It is a strategy designed to encourage exploration while maintaining a secure environment for API usage. 

How to set the access control? 

This is how the Manage Access page looks like.  

You can manage the access control by referring to the help documentation.

Additionally, we have a comic strip available for you to explore a use case. 

Note:  

1. The "Manage Access" feature is only available in the new design of the Cloud Foundry environment. If you are still using the Classic design, we recommend that you move to the new design, as the Classic design is deprecated and will not be available after June 2024. To learn more about the new design, please see the help documentation.  
2. Access to the developer portal content using the API access plan is not affected by these permissions. 
3. Please be mindful while changing the access control to All Visitors, as this would make your catalog public.  

Conclusion: Take Charge of Your Access 

With these changes, we made the API catalog accessible for everyone. Whether you are someone with exclusive access, an explorer without a specific role, or just a casual visitor, it is all straightforward. Our catalog administrators, by using the 'Manage Access' settings, ensure that you have the right access and control. Enjoy the simplicity, stay in the loop, and let your catalog administrator be your guide through this improved API catalog experience.