Skip to Content

SAP API Management: Managing Application Developers and their access to API Products


Developer Portal is the place where your Application Developers land looking for the API Products you have published. They have the means to test the APIs and further on can go ahead and consume them by creating an Application which grants them the required credentials.

Now, would you want all your Application Developers to see all the API Products that you have published? The answer is not always a Yes. You may have a few Technical API Products that are to be visible to the technical Developers from your organization only. You may have some Marketing API Products that are to be visible only to your Marketing department. In such cases where you want to control the visibility of the API Products based on a persona that an Application Developer plays or the department she belongs to, you can use the new feature of associating Permissions in API Products to control the access.

Let’s see how we could get this done in conjunction with the standard SAP Cloud Platform feature of Custom Roles.

Creation of Custom roles

After you identify a department or a persona which needs exclusive access to one or more API Products, create a Custom Role under the Developer Portal application in the SCP cockpit corresponding to that. Let’s say Marketing department has such a requirement and hence you create  Role.Marketing. This activity is performed by the account admin.

Association of Permissions to API Products

As a user of API Portal managing API Products you can now go to the PERMISSION tab on any such product that you wish to expose only to the Marketing department and assign the new Custom Role to the Discovery and Subscription actions.

A few points to take note of:

  • All the custom roles defined in the Developer Portal application context are available to you to choose from.
  • If no permissions are associated to an API Product, it implies there are no usage restrictions and it is visible to all Application Developers on-boarded on to the Developer Portal.
  • You have the flexibility to define fine-grained access control; so you can achieve use cases like the API Product being visible to all but is restricted to a specific role for subscription.


Assigning Custom Roles to Application Developers

This is again done in the SCP account cockpit under the Developer Portal application. You can leverage the full capabilities of the Cloud Platform to manage the role assignments.

Access control on Developer Portal

With the permissions associated to API Products and the roles assigned as per your organizations requirements, when an Application Developer visits the Developer Portal, the access controller comes into action either granting or restricting access.


Hope this blog gave you an overview of how you can now manage who sees what on the Developer Portal.

If you have any questions or feedback do leave a comment and I will get back. Thanks for reading 🙂

You must be Logged on to comment or reply to a post.
  • Security is a tricky thing. I can see this not working if the developer has a role that would allow it somewhere else in their profile.

    Interesting read. I’m a design/functional/technical type person so of course, I want to see it all. 🙂



      Hello Michelle

      Thanks for stopping by to provide feedback. Since both the Developer Portal UI and the APIs check for access restrictions, the probability that the developer will by-pass the security seems unlikely. There is no other means to get access to the API products in API Management apart from these two means.