RELEASE NOTES/API Management/API Management v1

A new security feature is introduced in the API Management service. Using the new tenants property you can specify the tenants that can access your resources. You can use this property similarly to other authorization options that are already available in the Builder.
Currently this feature is available on the API level.

The tenants property allows only the specified tenants to access your resources. You can set this property when you create a service, or at any time later.

This is a sample request to the API Management service to create a new service with an authorization rule that allows only the two user-defined tenants to access the specified resources. Line breaks are added for better readability.

curl -X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer 0918th3-t0k3nz18eU-u09810n33d-1337eet" \
-d '{
  "name": "myservice",
  "version": "v1",
  "state": "DRAFT",
  "sourceUrl": "",
  "authorizationRules": [
          "path": "/myservice/pathiwannasecure",
          "methods": ["POST", "DELETE"],
          "tenants": ["mytrustedtenant1", "mytrustedtenant2"]

As result, the newly created service allows only the mytrustedtenant1 and mytrustedtenant2 tenants to access the resources located under the /myservice/pathiwannasecure path.

If you want to use the tenants property and create a new authorization rule for a service that already exists, send a PUT request to the projects/{projectID}/services/{serviceID} endpoint of the API Management service.

Learn more:

  • Read about the authorization rules in the related section of the YaaS Security documentation in the Dev Portal.
  • For more information about the API Management service, see the related documentation and API console.
  • Send feedback

    If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.

  • Get Help

    Use our private help channel. Receive updates over email and contact our specialists directly.

  • hybris Experts

    If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.