SAP Knowledge Base Article - Preview

3153804 - How to control access to Cloud Integration iflow inbound endpoint (with Client Credentials Grant) in CF?


There are multiple endpoints within one single iflow, or from different iflows deployed in Cloud Integration, CF environment.
Secured connections with Client Credentials Grant following document Setting Up OAuth Inbound Authentication with Client Credentials Grant, Cloud Foundry Environment.
You notice the service keys from same Process Integration Runtime service instance can be used to access all endpoints to send message. You want to know how to restrict service keys of specific service instance to be able to access specific endpoint only. Such as:

  • Service Keys of Process Integration Runtime service instance A only has access to endpoint A;
  • Service Keys of Process Integration Runtime service instance B only has access to endpoint B.

All images are taken from an internal demo system. Any resemblance to real data is a mere coincidence.



  • Cloud Integration, CF environment


Cloud Integration all versions


401, 403, authorization, allow, limit, userrole, invoke endpoint, trigger message, custom role, customize role, restrict, control, minimize , KBA , LOD-HCI-PI-RT , Integration Runtime , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.