SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Karthik_ramadurai — Sat, 07 Dec 2024 16:18:33 GMT

Dear All,

In SAP Integration Suite, Basic Authentication offers a simple way to safeguard your API proxies using a username and password. This blog covers how to configure Basic Authentication for your API proxy in API Management.

Follow the Below Steps to Set Basic Authentication to your API Proxy.

Step 1 : Create a Proxy with your target endpoint (For test purpose i used httpbin URL)

https://httpbin.org/get

Step 2 : Go to Policies and Assign Basic Authentication in PreFlow Incoming request Stream

Provide the below code in the policy editor:

<BasicAuthentication async='true' continueOnError='false' enabled='true' xmlns='http://www.sap.com/apimgmt'> <Operation>Decode</Operation> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <User ref='current.username'></User> <Password ref='current.password'></Password> <Source>request.header.Authorization</Source> </BasicAuthentication>

Step 3 : Add Raise Fault Policy in PreFlow Incoming Stream (Next to the Basic Authentication Policy)

<RaiseFault async="true" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt"> <FaultResponse> <Set> <Headers/> <Payload contentType="application/json">{"status" : "Error", "messege" : "401 Unauthorized" } </Payload> <StatusCode>401</StatusCode> <ReasonPhrase>Unauthorized</ReasonPhrase> </Set> </FaultResponse> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> </RaiseFault>

In RaiseFault Policy ConditionString Provide below Code (Replace "YOUR_USERNAME" & "YOUR_PASSWORD" with your credentials)

(current.username != "YOUR_USERNAME") OR (current.password != "YOUR_PASSWORD")

Save and Deploy.

Testing :

To Test the Basic Authentication Try a GET Call for Your API Proxy in PostMan:

Positive Testing :

Provide the exact Username and Password given in the Condition String :

Negative Testing :

Provide an incorrect username and password to verify if access is correctly denied.

Incorrect Username :

Incorrect Password :

Thank You!

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Prasannavengatesh — Tue, 28 Jan 2025 12:10:13 GMT

Thank you for sharing your insights on this topic.

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

TimonGartung — Thu, 16 Oct 2025 08:43:42 GMT

Nice Blog. It helped a lot to understand how to set up Basic Auth.

Is it possible to fetch the credentials from the Security Materials? I don't like the fact, that the username and password is hardcoded in the policies.

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Rutik_Darekar_01 — Sun, 15 Mar 2026 13:35:33 GMT

Great blog! In the policy, I can see that the credentials are hardcoded. Is there a way to implement this without hardcoding them?

Question Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite in Technology Q&A

SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite

Re: SAP API Management - Set Basic Authentication for API Proxy in Integration Suite