Customers and developers using one of the most popular ERP systems are concerned over a recent update to its API policy, according to published reports. Organizations that use SAP for enterprise planning are worried that new restrictions on how the system interacts with third-party systems, especially AI applications, could leave them unable to access their data and implement strategic initiatives.
The revised policy, published in April, tightens control over how APIs can be used, strictly forbidding them except when interacting with “published” and supported interfaces. Access to undocumented or unsupported APIs—long used in many integrations—now falls outside SAP’s stated guidelines, raising questions about the long-term viability of existing architectures.
At the center of the debate is explicit language from the German ERP giant governing AI usage. The policy states: “except through and within the limits of SAP-endorsed architectures, data services, or service-specific pathways expressly identified and intended for such purposes, SAP prohibits API use for: (a) interaction or integration with (semi-) autonomous or generative AI systems that plan, select, or execute sequences of API calls.”
For enterprise teams, the implications extend beyond compliance. AI-driven automation increasingly depends on orchestrating workflows across multiple systems, often requiring a large number of API calls. By restricting how autonomous or generative AI tools interact with SAP environments, the policy could force organizations to redesign their agent-based automation, data pipelines and integration layers.
Industry observers say the policy effectively excludes non-SAP apps at the center of AI-enabled ERP workflows. Developers may need to route AI interactions through SAP-controlled services, such as its Business Technology Platform, rather than connecting third-party tools directly. This introduces new architectural considerations for CIOs and automation leaders, particularly those investing in multi-platform AI strategies.
The update also raises operational questions around undocumented APIs. While not officially supported, these interfaces have historically been used to bridge gaps in SAP’s integration coverage. With the new policy reinforcing a “clean core” approach in which only published APIs are permitted, organizations may need to refactor integrations to align with supported pathways or risk losing support coverage.
For partners and independent software vendors, the shift could affect product roadmaps. Solutions that rely on deep SAP integration or high-volume data access may need to be revalidated against the new constraints or even scrapped, particularly if they incorporate AI-driven automation or analytics capabilities.
SAP has positioned the policy as a measure to protect system performance, security and data integrity. The company has emphasized that governance over API usage is necessary to prevent large-scale data extraction and ensure stable operation of mission-critical ERP systems.
Still, the timing underscores a broader industry tension: as AI agents move from experimental tools to operational systems, control over data access is becoming a strategic battleground. For enterprises running SAP, the immediate task is practical—identifying which integration patterns remain supported—while the longer-term question is how tightly AI innovation will be coupled to platform vendor ecosystems.
