Managing access rights for APIs in SAP Subscription Billing is a crucial aspect of ensuring the security and integrity of the system. With the increasing reliance on APIs in various business processes, it becomes essential to define and regulate the access permissions for these APIs to prevent unauthorized access and misuse of sensitive data.
In the previous course unit, bearer tokens and service keys to manage API user authentication in SAP Subscription Billing were discussed. Again, service keys are used to establish secure connections and provide the necessary credentials, while bearer tokens are used for authentication and authorization.
When API calls are made to retrieve or update billing information, the data is typically formatted in JSON, or JavaScript Object Notation. JSON scopes are a way of categorizing and organizing the different levels of access rights that can be assigned to users or applications interacting with the APIs.
SAP Subscription Billing Provides a Comprehensive Framework for Managing API Access Rights
This ensures that only authorized entities are granted access to the required resources and functionalities, thereby reducing the risk of unauthorized data access and potential security breaches.
The process of managing access rights for APIs in SAP Subscription Billing via JSON scopes typically involves several key steps. Managing access rights begins with an administrator defining the various JSON scopes that correspond to the specific access rights and functionalities within the Subscription Billing API. These scopes may include permissions related to customer data, subscription management, billing information, and other relevant aspects of the Subscription Billing process. Once the JSON scopes are defined, they are assigned to the respective Subscription Billing API Instance in the SAP Business Technology Platform (SAP BTP).
Multiple service keys define access rights to specific authorizations. For example, while Service Key A provides a particular user access to all APIs, Service Key B limits access to subscription APIs.
You can create multiple service keys with varying permissions and authorizations. This means that each service key, associated with different user roles, enables users to generate bearer tokens based on their specific authorizations. For example, User A utilizing Service Key A that encompasses all JSON Scope items, can access all APIs. Meanwhile, User B, using Service Key B containing only the JSON Scope items for Subscription Management, have access exclusively to APIs related to subscription management.
Summary
More information and the API Scopes in JSON format can be found in the Help Portal. Let’s move to canceling a subscription using an API.