Most "AI + SAP" demos quietly cross a line SAP drew in its own API Policy. Run your setup through this before it reaches production.
"SAP prohibits API use for: (a) interaction or integration with (semi-)autonomous or generative AI systems that plan, select, or execute sequences of API calls … except through SAP-endorsed architectures."
In plain terms: pointing an autonomous/agentic LLM at SAP over its APIs is restricted — unless you go through an SAP-endorsed pathway (Generative AI Hub, Agent Gateway, Joule). Separately, the policy also bars use of non-Published (internal) APIs — which is what the ADT REST interface most tools ride on actually is.
01Published API — or internal?
Are you driving SAP through a Published API, or an internal/undocumented one — /sap/bc/adt/, unpublished RFCs, GUI scripting? Non-Published interfaces are off-limits under the policy.
02Is it an agentic loop?
Does the AI plan, select and execute sequences of calls on its own? That autonomous pattern is the exact thing §2.2.2 names.
03Through an endorsed pathway?
For anything productive, are you routing via SAP Generative AI Hub / Agent Gateway / Joule? That's the sanctioned route — and the one competitors on raw APIs can't claim.
04Read-only, or can it write?
Is write / activate gated by the user's own authorizations and SoD — or can the agent change the system freely? Read-only by default is the safe posture.
05Dev system — or production?
Local dev tooling on a dev system under your own credentials is defensible. Pointing the same thing at production or customer systems is a different risk class.
06Does SAP data leave the building?
Do ABAP source or business data egress to a third-party LLM? Check it against your SAP agreement and your customer's confidentiality terms before you send a byte.
07Any implied SAP endorsement?
Does naming or marketing suggest SAP endorses your tool? It shouldn't — keep trademark use nominative and add a clear disclaimer.
Local dev tooling. Dev system, your own authorizations, read-only, no data egress you're not cleared for. Reasonable — this is how a developer already uses Eclipse/ADT.
Tighten before you scale. Write/activate enabled, shared or team use, or data leaving to an LLM. Add gates (SoD, human approval, dry-run), confirm confidentiality, get written sign-off.
Stop. Agentic AI driving production/customer SAP over a non-Published API, outside an endorsed pathway. Move it to Generative AI Hub / Agent Gateway before it's a policy — and licensing — problem.