Focus on Interfaces: What the New SAP API Policy Means for Your System Landscape
SAP has updated its global set of guidelines for application programming interfaces (APIs). Setting aside the complex documentation, we’ve analyzed the key points that really matter for your system landscape right now.
While much remains the same, the update brings about a change in one area in particular: the handling of artificial intelligence (AI) and automated data access. SAP’s official goal here is to ensure that APIs are used exactly as intended in order to protect the stability and security of the platforms.
First, it’s important for you to know: The regulations do not impose any technical restrictions or require any changes to existing contracts and licenses.
The main change: A barrier against unauthorized data access
The real driving force behind the new policy is the massive boom in generative AI, autonomous agents, and modern development tools. When developers or business units use LLM-based assistants, a single command can trigger thousands of API calls in the background without anyone noticing.
Current industry discussions make it clear just how sharply SAP is drawing the line here. The decisive criterion is the use of ADT (ABAP Development Tools) in combination with AI servers (such as the Model Context Protocol / MCP):
- Support for developers? Yes! Using AI to assist with day-to-day internal development is still perfectly acceptable. If AI assistants are used via ADT for purely programming tasks—such as code inspections, syntax checks, repository access, ATC, ABAP Unit, or activation—this remains officially permitted by SAP.
- Business Data Extraction? A resounding no! SAP draws a line in the sand as soon as development tools are misused as a “backdoor” to access bulk data. Functions such as the ADT Data Preview, free SQL execution, direct table reads, or the systematic extraction of business data through these channels are blocked or strictly regulated.
- No uncontrolled training: At the same time, the policy prevents external AI bots from accessing business-critical data without oversight and ensures that protected SAP source code is not used unnoticed to train external language models (LLMs). Autonomous systems must operate exclusively through controlled paths.
- Focus on Interface Monitoring
Under the new policy, SAP reserves the right to more closely review and monitor API usage in order to protect its systems from overload.
For modifications made within a company’s own Z namespace, nothing actually changes. This customer-specific code was never subject to SAP approvals anyway and may continue to be used by companies without any restrictions—this explicitly applies to the integration of LLMs and AI applications as well.
Important for you: This is a guideline (“should”), not an immediate requirement
Even if SAP tightens the reins, there is no reason for immediate panic. The set of rules is formulated as a policy (“should” guideline), not as a strict, immediate shutdown requirement during ongoing operations. If an interface exceeds new limits, the data stream is generally not blocked immediately. SAP takes an approach here in which monitoring and collaborative dialogue clearly take precedence over harsh consequences. If necessary, the first step is to seek a dialogue in order to jointly optimize the architecture.
INFORMATICS' Conclusion: Proactively Future-Proof Your Architecture
The direction is clear: SAP protects systems from the uncontrolled data overload of the AI era and ensures transparent, intended use of the interfaces. AI is very welcome in the developer workflow—as long as it stays where it belongs and isn’t misused as a data vacuum cleaner.
As your long-term SAP partner, we provide you with comprehensive support during the implementation of your cloud solutions and your secure transition to the cloud. The INFORMATICS team helps you analyze your existing interface architecture, eliminate gray areas, and set up your new cloud landscape so that it is fully future-proof and compliant with regulations from the very beginning.
