Technical blog
SAP Cloud ALM - Scopes and working with API

created by ChatGPT 4o

Jiri Fridrich
May 14, 2025
Integration
SAP Cloud ALM provides API to perform actions such as read or create various objects - Projects, Tasks, Defects etc. Visit SAP Accelerator Business Hub and search for 'SAP Cloud ALM' to get to individual services provided by the API.
What can be sometimes frustrating is when you encounter authentication or authorization issues. This blog post should help you understand the official SAP documentation and give you a small example on how to overcome these obstacles.
Let's say we want to read and create Tasks in SAP Cloud ALM. Then we follow this documentation on the SAP Accelerator Business Hub and we can see we have GET / POST / PATCH / DELETE options.
This documentation on SAP Help will tell us how to construct the URL:
https://<customer-tenant>.<region>.alm.cloud.sap/api/calm-tasks/v1/tasks
And finally, this documentation on SAP Help describes how to set properly authorized credentials for our client.
Equipped with this information, let's get to it!
In BTP Cockpit, locate to your SAP Cloud ALM subbaccount and in Instances and Subscriptions select 'Create'

We are creating a new Instance. For the demonstration purpose, we create an Instance to work with Tasks only. We name it sap-cloud-alm-create-task.

The most important part - we need to authorize this Instance for a restricted scope of activities. The list of all available API scopes is listed here. We are authorizing the Instance to read and write Tasks. Don't forget to fill the 'xsappname' attribut the same as the Instance name!

Create your Instance and now we need to assign Service Bindings, which is the actual credentials. Let's create one. We will call it postman-call and we will use these credentials to call SAP Cloud ALM from Postman.

Don't fill any json and continue with 'Create'.

OAuth2 credentials were generated for us. Now go to Postman and use these credentials. Select OAuth 2.0 as the Auth Type and configure the token mechanism.


The token which we will obtain is authorized as per the scope we set up in the Instance configuration. We can try various operations to ensure that we are able to create a Task, but not able to view a Project.


Hopefully this short guide will help you to put together the pieces. The functionality is well documented, but may be a little scattered around various places.