Probe Report — api.sap.com

api.sap.com C · 60/100

16 passed 16 warnings 0 failed audit-mnfn3yjs

SSL / TLS Valid HTTPS · 509ms

x402 discovery /.well-known/x402.json (non-JSON) · 504ms

Agent discovery /.well-known/agent.json not valid JSON · 1030ms

llms.txt Found (648 chars) · 490ms

security.txt Found · 536ms

CORS headers No CORS header (OK if server-to-server only) · 534ms

Security headers 2/5 — missing critical: x-content-type-options, content-security-policy · 559ms

Response time 315ms avg · 315ms

MCP server /mcp/info responds · 541ms

API endpoints 4 endpoints found

Error handling Returns 200 for unknown paths · 568ms

x402 compliance No x402 payment gates found · 580ms

Rate limiting No rate-limit headers (may still be rate-limited server-side) · 601ms

Documentation /docs found · 606ms

robots.txt AI crawlers No AI crawler directives (GPTBot, ClaudeBot, etc.) · 1000ms

AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 604ms

OpenAPI spec /openapi.json found but invalid JSON · 611ms

Privacy / GDPR /privacy found (646 chars) · 636ms

Status / Health /status found · 641ms

EU AI Act disclosure /.well-known/model-card.json found (646 chars) · 638ms

Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 646 chars) · 643ms

A2A Protocol (Google) agent.json found but invalid JSON · 667ms

DNSSEC DNSSEC active (2 DNSKEY records on api.sap.com)

CAA Records 2 CAA record(s) found on api.sap.com

DMARC / SPF DMARC p=reject

Auth maturity No authentication detected — open API or check failed

API versioning /v1

Human oversight /agent/stop — active (EU AI Act Art. 14) · 749ms

Content-Type API paths return HTML: /v1/ returns HTML

Wallet trust No wallet address found in x402 or agent.json

ERC-8004 on-chain No EVM wallet found to verify on-chain registration

16 issues to fix

Warning — 16

Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

2/5 — missing critical: x-content-type-options, content-security-policy

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

No AI crawler directives (GPTBot, ClaudeBot, etc.)

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 646 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DMARC / SPF needs attention

DMARC p=reject

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

API paths return HTML: /v1/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit

🎖️ Your API qualifies for the Probe trust badge

Footer seal

README badge

Footer HTML — paste in your site footer:

<a href="https://getprobe.xyz/report/audit-mnfn3yjs" target="_blank" rel="noopener"><img src="https://getprobe.xyz/api/badge?domain=api.sap.com&style=seal" alt="Verified by Probe" width="120" height="140"></a>

README Markdown:

[![Probe](https://getprobe.xyz/api/badge?domain=api.sap.com)](https://getprobe.xyz/report/audit-mnfn3yjs)

2026-04-01 06:03:32 UTC · getprobe.xyz