Hi experts,

I've been struggling with a problem for quite a while now and hope to find an approach through you guys. I have the following requirement:

- provisioning of an API by SAP API Management, which provides an OData service on the S4-On Premise system. No problem

- the API call should be filtered by the user who logs on to the API. This means that the response of the OData service should only show the data of the specific customer and not expose the data of all customers stored on the S4 system. Problem

Concrete example: Customer X wants to display his stock sets by logging on to the API. The login is done using his email address as username, which is used by the API as a filter to display only the stock sets of customer X. The stock sets of customer Y and Z, which are stored on the same OData service, should therefore not be displayed.

Also customer Y can acces the API with his own User Credentials and can see only his own data.

Manually, the API can be accessed as follows and will return the desired result in the suite's Test Console.

https://****.apimanagement.eu10.hana.ondemand.com:44*/OdataService/StockSet?$filter=Guid eq 'USERNAME.X@XY.COM'

How do I manage to filter an API dynamically based on the logging in username and thus display data only user specific? Via policies? Routing Rules? Principle Propagation? Is it even possible to access an API endpoint via multiple different users? I have already tried many approaches but never came to a result how to filter an API Proxy properly. Therefore I would be glad about any hint.

(Until now I have avoided this problem by creating an integration flow with HTTPS sender that dynamically inserts the filter parameter in the OData adapter.)