We've covered different policies during this CodeJam but it will be impossible to cover every single policy type that's available in SAP API Management. That said, it is still good to be familiar with what's available as every company/project has different requirements/needs that we might need to address via API policies.
At the end of this exercise, you'll be familiar with different API Security Best Practices and examples that are available in SAP Community.
I want to bring to your attention a wonderful blog post series that was published by Divya Mary and Sven Huberti in SAP Community. In the blog post series, she goes through the details of different policy types and best practices that you can apply in SAP API Management to protect your APIs.
Different API policies covered in blog post series
Below is a list of the different policy types and examples of how to use them.
Although the screenshots in the blog post series are from a previous version of SAP API Management but the logic behind applying the policies is still valid.
Now that you are familiar with the basic functionality of SAP Business Accelerator Hub and the Business Partner API, we are ready to start interacting with the services from which our integration will be extracting data.
If you finish earlier than your fellow participants, you might like to ponder these questions. There isn't always a single correct answer and there are no prizes - they're just to give you something else to think about.
- Can you think of any APIs, that you've interacted with, that have similar security best practices?
- Are there any API projects, that you've been involved in, where an API policy could have simplified the implementation?