The Integration Intelligence Platform fuses SAP configuration data with deep custom ABAP code analysis to build an audit-defensible inventory of every IDoc, RFC, SOAP, OData, ODP, RAP, and file flow in your landscape — including the integrations no configuration table ever knew existed. Classified by Clean Core level and SAP API Policy v4/2026 compliance risk. Delivered in 2 weeks.
SAP has rewritten the rules governing how third parties — and AI agents — access SAP systems. Four converging shifts make 2026 the year integration visibility becomes mandatory.
SAP will deploy mandatory security patches that technically block all unauthorized ODP-RFC calls for SAP-to-non-SAP scenarios. Every replication pipeline, ETL connector, and bespoke extraction routine relying on ODP-RFC fails on day one. Approved alternatives — Table CDC, ODP OData, SLT, Business Data Cloud — require fundamental rearchitecting.
Third-party applications are explicitly prohibited from accessing internal, private, or undocumented SAP APIs — including the legacy RFCs and BAPIs the consulting community has relied on for decades. The burden of proof rests on the enterprise consumer to verify every integration endpoint qualifies as Published. No universal grace period exists.
SAP prohibits the use of its APIs for "interaction with semi-autonomous or generative AI systems that plan, select, or execute sequences of API calls" outside SAP-endorsed pathways. The compliant path is the Agent2Agent (A2A) protocol — your AI agents formulate tasks; an SAP-internal agent (like Joule) executes them. Direct API sequencing triggers throttling and termination.
An autonomous AI agent that creates 10,000 purchase documents or invoices incurs Digital Access fees on every single creation event. Sales, Purchase, Invoice, Service & Maintenance, Manufacturing, Quality, Time documents carry a 1.0× multiplier; Financial and Material documents are charged per line item. AI innovation strategy must couple to continuous financial modeling.
Boards, CIOs, and compliance leads are asking the same three questions right now. Most enterprises can't answer #2 — which makes #1 and #3 guesswork.
Which of your integrations rely on Non-Published APIs that v4/2026 prohibits? Which pipelines break the day ODP-RFC is blocked? What's your Digital Access licensing exposure when AI starts creating documents at machine speed? Without a complete inventory, you cannot quantify exposure — and you cannot defend it under audit.
Most SAP environments accumulate hundreds — often thousands — of IDoc message types, RFCs, SOAP endpoints, OData services, ODP extractors, and file-based flows over decades of operation. The configuration lives scattered across SM59, WE20, SOAMANAGER, SICF, FILE, SPTH — and a great deal of it isn't in configuration at all. It's buried in Z-code. The platform builds a single, queryable graph from both sources.
Which Z-programs invoke deprecated interfaces? Which custom RFCs scrape SAP-internal tables in ways v4/2026 prohibits? Which programs open file handles to flat-file integration directories nobody documented? The platform parses ABAP source to find every CALL FUNCTION, HTTP_CLIENT, OPEN DATASET, and TRANSFER — classifies each endpoint by Clean Core Level (A/B/C/D), and ties each to a recommended target architecture (RFC → RAP service, ODP-RFC → Business Data Cloud, scraping → ORD-compliant ingestion).
Configuration-only tools see what someone declared. The integrations that hurt under audit are the ones nobody declared — the hand-rolled RFC call, the legacy file-drop, the HTTP client buried in a 2009 Z-program. We discover both.
The declared integration surface — RFC destinations, IDoc partner profiles, SOAP service bindings, OData services, ODP extractors, file-directory mappings, and RFC-enabled function modules. This is the integration story SAP's own configuration tables tell.
Deep ABAP source analysis surfaces the integrations no configuration table reveals — undocumented RFC call sites, hand-rolled REST and SOAP clients, file I/O integrations, batch input entry points, and message channel hand-offs. Every endpoint is resolved against package, ownership, and source-system metadata.
Every call site found in code is reconciled with the configuration view — orphan calls (code without config) and stale config (config without callers) both surface as queryable graph properties. No integration hides.
Every integration scenario in SAP — from a 1980s IDoc to a 2026 RAP service binding — reduces to one foundational pattern. The platform makes that pattern queryable at every level of abstraction.
The reified flow is the integration — carrying volume, lifecycle, audit trail, and SLA semantics as properties. The three fan-out edges name the actors and the mechanism. One more hop lands on the business object that flows through. The same shape applies seven times — once per mechanism family.
The platform models all eight SAP integration mechanism families and overlays v4/2026 compliance risk on every endpoint.
| Mechanism | Era | What's Mapped | v4/2026 Risk |
|---|---|---|---|
| API_RFC Remote Function Calls |
Legacy → still core | BAPIs, custom Z-RFCs, destinations (SM59), call sites | Conditional — Published-API check required |
| API_IDOC IDoc message + basic types |
Legacy → still core | MSGTYP (2,395) + IDOCTYP (2,248), Partner Profiles (WE20) | Low — ALE remains supported |
| API_SOAP SOAP web services |
Mid-era | ICF service paths, handler classes, SOAMANAGER bindings | Conditional — Published-API check required |
| API_ODATA OData Gateway services |
Modern | IWSV/IWSG (ECC), SRVD (S/4), entity sets, exposure paths | Low — cloud-friendly default |
| API_ODP Operational Data Provisioning |
Legacy | Extractors, contexts, queue subscribers | HIGH — Banned July 2026 for cross-platform |
| API_RAP_SERVICE RAP service bindings |
Modern (S/4) | Service definitions, bindings, backing CDS views | Low — the path forward |
| FILE_DIR File-based flows |
Cross-era | FILE + SPTH configurations, EDI gateways, batch transfers | Low — operational only |
| System Actors Sender / receiver typing |
All | SYST hierarchy (SAP ECC, SAP S/4, External), EDI partners | — |
SAP's Clean Core framework classifies every custom extension into four tiers. The platform tags every endpoint and every custom Z-object with its Clean Core level — making technical-debt blast radius visually queryable.
Side-by-side BTP or on-stack ABAP Cloud extensions using only publicly released interfaces. Gold standard. Maximum upgrade stability.
Extensions using stable Classic APIs and documented SAP frameworks. Highly stable. Acceptable for legacy transition.
Access to internal SAP objects that are unreleased. Tracked via SAP changelogs. Notable risk of failure during upgrades.
System modifications, non-recommended objects, implicit enhancements. Direct violation of Clean Core principles. Priority for immediate remediation.
After a 2-week engagement, your team has the artifacts to defend audits, scope migrations, and modernize with intent.
A complete catalog of every integration endpoint, its Published-API status, and its v4/2026 compliance posture — ready for SAP audit, internal review, or regulator inquiry.
Every CALL FUNCTION, HTTP_CLIENT instantiation, and OPEN DATASET site in your Z-namespace surfaced and joined to the configuration view — including the orphan calls no admin tool would ever find.
Endpoints ranked by exposure, impact, and effort. Clean Core Level D items flagged for urgent attention. Modernization paths for every legacy mechanism.
Forecast of licensable document creation under current integration patterns — and under AI-amplified scenarios — so your CFO is never blindsided in a true-up.
The integration black box becomes visible. Know which flows survive the migration unchanged, which need refactoring, which retire entirely.
Identify which AI workflows must route through A2A protocol vs. SAP-internal agents. Avoid Section 2.2.2 violations before they trigger throttling.
The graph is not a one-time deliverable. It's a continuously updated knowledge graph — synced to your SAP system — that grows with every change.
In 2 weeks, you go from "we think we know" to a defensible, visual integration inventory — built on Graphmantix e360°.
Book a 20-Minute Call →Or email jocon@graphmantix.com