docs: Add note that service-operator-access credentials are not for API access (#603)

danielforsap · Daniele · web-flow · commit 9afbf5fe5b64 · 2026-02-02T22:49:33.000+02:00
* docs: Add note that service-operator-access credentials are not for API access

Clarify that service-operator-access credentials are intended exclusively for

technical communication between the BTP Service Operator and Service Manager,

and should not be used for direct API calls. Users requiring direct API access

should use the subaccount-admin plan instead.

* Update README.md

---------

Co-authored-by: Daniele &lt;daniel.koracl@sap.com&gt;
diff --git a/README.md b/README.md
@@ -88,6 +88,7 @@ Example binding with X.509 certificate:
     "sm_url": "https://service-manager.cfapps.eu10.hana.ondemand.com"
 }
 ```
+**Note**: The `service-operator-access` credentials are intended exclusively for technical communication between the BTP Service Operator and Service Manager. They are not designed for direct API access. If you need to call Service Manager APIs directly, create a separate Service Manager instance with the `subaccount-admin` plan and use those credentials instead.
 
 - Add the SAP BTP Service Operator Helm chart repository:
 
@@ -168,6 +169,7 @@ stringData:
 
 **Note**: To rotate the credentials between the BTP service operator and Service Manager, you have to create a new binding for the `service-operator-access` service instance, and then execute the setup script again with the new set of credentials. Afterward, you can delete the old binding.
 
+
 [Back to top](#table-of-contents)
 
 ### Using Custom Certificate Authorities
