Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
API Sandbox is not a new concept in API Business Hub or in API industry. As we were getting lot of queries around this topic so I thought to write a blog which explains sandbox positioning in API Business Hub.

SAP API Business Hub is a central catalog of SAP and selected partner APIs along with integration content. Developers could search, discover, test and consume these APIs to build extensions or integrations using the Cloud Platform.

URL: https://api.sap.com

 

Problem statement:

As a developer visiting API Business Hub, I would like to test and experience an API listed in Hub. Do I need to have license or account to test any of the listed APIs(eg: SuccessFactors, SAP S/4HANA ) ?

 

Solution: API Sandbox.

API provider can host a service to enable test experience of an API listed in API Business Hub. Logged in user can experience this API without having account/license for specific API.

 

Advantage for API consumer:

  • Homogeneous API Sandbox approach for the consumer

  • One API Key per user to test and experience all the APIs in SAP API Business Hub which has sandbox available.

  • Sap community user can test and experience APIs without an account/subscription.

  • When user test an API with Sandbox, implicitly user’s API key is passed to authenticate/authorize user for API call.

  • If API is tested/invoked from outside of API Business Hub, then user must pass his API Business hub’s API Key in header.


Note: In API Business Hub, all sandbox APIs are protected by API Key which is generated per user.

 

Advantage for API provider:

  • Host a single service which can be shared with all [ or multi-tenant support]

  • This service will be protected with security mechanism.

  • API throttling with defined call rate at user level

  • As service is called in controlled fashion, it will avoid DoS attack.

  • Provide API rich experience to developers to capture early feedback.


 

 
2 Comments