SAP BTP (Cloud Foundry, Kyma, CAP)

Destination not found on SAP Business Technology Platform (BTP), what causes it and how to fix

By Sai Kiran Pandrala · Last verified: 2026-06-01 · Source: vendor developer documentation (Stripe Docs, Salesforce Developer Docs, AWS Documentation, Microsoft Learn, Google Cloud Docs, Atlassian Developer, Slack API, Adobe Developer, Apple Developer), developer forums (Stack Overflow, r/webdev, r/devops, r/sysadmin, Stripe Discord, Salesforce Trailblazer Community, AWS re:Post, Atlassian Community), vendor status pages and changelogs

At a glance
Company / ServiceSAP BTP (Cloud Foundry, Kyma, CAP)
CategoryTop 50 Global Companies
Guide typeProcedure
Skill levelIntermediate to advanced
Time15 - 60 minutes including verification

Engineers and integrators running SAP BTP (Cloud Foundry, Kyma, CAP) hit Destination not found on SAP Business Technology Platform (BTP), what causes it and how to fix often enough that there is a stable fix pattern. This page captures it in the order an experienced API consumer would run it during a real production incident.

What destination not found on sap business technology platform (btp), what causes it and how to fix actually involves on SAP BTP (Cloud Foundry, Kyma, CAP)

The Destination not found error on SAP Business Technology Platform (BTP) typically surfaces with the message "BTP destination service Destination not found". The exact code or signature line is what you grep for in the vendor support forum, ServerFault, or Tom's Hardware threads, not the human-readable sentence next to it.

On SAP Business Technology Platform (BTP) this most often comes from one of three causes: an API version pin that drifted, a missing OAuth scope or expired token, or a resource limit (API rate limit, license seat, quota tier, region availability). The fix path differs by which.

The rest of this page is the structured fix path. Start with diagnose, then remediation, then the automation options so you do not have to do this by hand the next time it surfaces. Verify and safety sections at the end are the discipline that keeps the fix from regressing in production.

Diagnose first, fix second

Seventh: run the dedicated diagnostic CLI for whichever subsystem the SAP BTP (Cloud Foundry, Kyma, CAP) signal points at. Salesforce suspected? sfdx force:doctor and sfdx force:limits:api:display for the org limits. Google Cloud suspected? gcloud auth list, gcloud auth print-access-token (verify the token decodes at jwt.io and the audience matches), gcloud projects get-iam-policy. Azure suspected? az upgrade --check, az account show, az role assignment list. AWS suspected? aws sts get-caller-identity (proves which IAM principal the SDK actually picked up), aws iam simulate-principal-policy. Kubernetes suspected? kubectl version, kubectl auth can-i. Each CLI surfaces config that the SDK silently inherits from env vars, profiles, or instance metadata, and 90 percent of "permission denied" reports trace to the SDK picking up a different identity than the engineer assumed. Capture the output of each CLI to a file timestamped against the failing correlation id so the next on-caller does not redo the discovery.

Fifth: replay the failing call against the SAP BTP (Cloud Foundry, Kyma, CAP) sandbox or test environment with curl -v (or Postman with the same Authorization header), then capture the full request and response including headers. Pin the API version explicitly: Stripe-Version header (for example 2024-12-18.acacia), Salesforce v60.0 in the URL path, Apple App Store Connect API v1.X, Slack Web API method name, GitHub REST v3 vs GraphQL v4, LinkedIn Marketing API version header. The version pin is what isolates "their rollout broke me" from "my client SDK is old." Use HTTPie for terminal readability (http --print=HhBb POST), or import the cURL into Postman to inspect against the saved environment. If sandbox passes and prod fails with the same payload and the same API version, you have a prod-only data condition (real customer ids, real currency, real geo) and the fix is to capture that exact prod record and rerun against a sandbox tenant seeded from it.

Start by capturing the exact failure signal in writing before you change a single thing on your SAP BTP (Cloud Foundry, Kyma, CAP) integration. In the browser that is the failing request in DevTools Network tab (right-click, Copy as cURL) plus the JS console error. In the API client that is the response status code (Stripe 402, Twilio 20429, Salesforce INSUFFICIENT_ACCESS_OR_READONLY, Webex 41001, AWS ThrottlingException) and the correlation header (x-request-id, x-amz-request-id, x-ms-correlation-request-id, x-trace-id, X-Salesforce-SFDC-RequestId). On the vendor status page capture the incident ID and timestamp. Screenshot it. Do not paraphrase. Most SAP BTP (Cloud Foundry, Kyma, CAP) support workflows will not even route the ticket without the correlation id - the agent pastes it straight into the internal trace tool and the first response is "we see your request, here is what the backend logged."

Solution-focused remediation path

Before any destructive step on a SAP BTP (Cloud Foundry, Kyma, CAP) integration, slow down and stage rollback. Snapshot the current SDK lockfile, the API version header, the OAuth scope set, the webhook signing secret, and the current IAM policy / permission set to a runbook entry first. Capture the failing correlation id, the vendor incident id if any, and the timestamp window. Photograph (screenshot) the admin console state from two angles: the integration page and the audit log of the last 24 hours. Then do the destructive step (rotate the key, drop a scope, push a new SDK pin) inside a feature flag or a single tenant first, never the whole fleet. Capture the SDK version, the API version, the OAuth scope list, the IAM policy version, and the webhook delivery log snapshot to the runbook before the destructive step. Decision point: if you are on a paid SLA plan, the cheapest correct path is almost always to open a support case via the vendor portal in parallel with the rollback - the support engineer can confirm whether a vendor-side rollout is responsible while you are still staging the change, which avoids a needless code revert if the fix is server-side.

If the SAP BTP (Cloud Foundry, Kyma, CAP) symptom started after an SDK bump, a webhook signing-secret rotation, or an OAuth scope change, treat versioning as the prime suspect. Pin the SDK to the previous known-good in package.json / requirements.txt / Gemfile / Podfile.lock and redeploy: npm install [email protected], pip install boto3==1.34.51, gem "twilio-ruby", "~> 6.9". Pin the API version header explicitly (Stripe-Version: 2024-12-18.acacia, Salesforce v60.0 in the URL, Apple App Store Connect API v1.X). Reproduce the failing call against the vendor sandbox with the pinned client and confirm green; if sandbox is green and prod is red on the same pin, you have a prod-only data condition. Decision point: if the pinned SDK still fails after a clean reinstall (npm uninstall stripe followed by npm install [email protected], pip uninstall boto3 followed by pip install boto3==1.34.51) and you are on a paid plan, open the vendor support portal with the failing correlation id; on the free / community tier the path is the developer forum or Stack Overflow with a minimal reproduction. Save the working SDK lockfile to the runbook so the next rollback is a one-line git revert.

Start by sorting the SAP BTP (Cloud Foundry, Kyma, CAP) failure into one of three buckets, because roughly 80% of cases fall here. Bucket one is auth/config drift: an API key rotated, an OAuth scope dropped, an IAM policy tightened, a tenant moved. Bucket two is SDK or API-version mismatch: client library against deprecated endpoint, Stripe-Version header behind the dashboard default, Salesforce v59 client against a v60 metadata change. Bucket three is rate / quota / billing: Twilio 20429 sustained throughput cap, AWS ThrottlingException at the per-account TPS, Google Ads CAMPAIGN_BUDGET_NOT_ACTIVE, AdSense AD_CLIENT_DISABLED. Pick the bucket first, then act. Before you act, capture a baseline correlation id with curl -v plus the request/response pair so you can prove whether the fix actually moved the needle. Decision point: if the failure is intermittent and you are on a paid Business / Enterprise / Premier plan, open the support portal first - vendor support on an SLA-covered tenant beats hours of speculative debugging on cost and on liability if the failure recurs.

Automate this fix so you do not do it twice

Automate vendor diagnostic + token validation via vendor CLI

On the SAP BTP (Cloud Foundry, Kyma, CAP), regular token + scope snapshots catch silent OAuth scope drift, IAM policy tightening, and expired access keys well before the integration starts 401-ing in prod. Pair vendor CLI health checks (sfdx force:doctor, gcloud auth list, az upgrade --check, aws sts get-caller-identity, kubectl version) with a jwt.io-style decode of the active access token so both vendor-side and client-side issues land in one folder. Run the scheduled task on a control plane node (an EC2 instance, a GitHub Actions runner, or a Cloud Function) under a tightly scoped service account that mirrors prod least-privilege.

# AWS - prove which IAM principal the SDK actually picked up
aws sts get-caller-identity > whoami-SAP BTP (Cloud Foundry, Kyma, CAP).json
aws iam simulate-principal-policy \ --policy-source-arn $(aws sts get-caller-identity --query Arn --output text) \ --action-names s3:PutObject --resource-arns arn:aws:s3:::my-bucket/*
# Salesforce - org limits + doctor
sfdx force:limits:api:display --json > sf-limits-SAP BTP (Cloud Foundry, Kyma, CAP).json
sfdx force:doctor --outputdir ./diag-SAP BTP (Cloud Foundry, Kyma, CAP)
# Google Cloud - active credential + IAM policy
gcloud auth list --format=json > gcp-auth-SAP BTP (Cloud Foundry, Kyma, CAP).json
gcloud projects get-iam-policy $GCP_PROJECT --format=json > gcp-iam-SAP BTP (Cloud Foundry, Kyma, CAP).json
# Azure - role assignments for the signed-in principal
az role assignment list --assignee $(az ad signed-in-user show --query id -o tsv) -o json > azr-iam-SAP BTP (Cloud Foundry, Kyma, CAP).json

Scrape vendor admin audit log + webhook delivery via scheduled job

For the SAP BTP (Cloud Foundry, Kyma, CAP), integration faults usually surface as failed webhook deliveries, audit-log denials, or rate-limit 429 bursts before a full outage. A weekly scheduled job that exports the last 7 days of these events to CSV gives you a paper trail to correlate with SDK bumps, scope changes, and vendor incidents without staring at the admin console live. Register the task via cron (Linux), Windows Task Scheduler (schtasks /create /XML), or a GitHub Actions schedule, then write the CSV to S3 / GCS / OneDrive for retention. Subscribe a SIEM (Splunk, Datadog, Elastic) to the same bucket so audit events from every SAP BTP (Cloud Foundry, Kyma, CAP) tenant converge on a single dashboard without per-tenant scraping.

# Stripe Events via curl (last 7 days)
curl -G https://api.stripe.com/v1/events \ -u sk_live_XXXX: \ --data-urlencode "created[gte]=$(date -d '7 days ago' +%s)" \ --data-urlencode "limit=100" \ -o stripe-events-SAP BTP (Cloud Foundry, Kyma, CAP).json
# Salesforce Setup Audit Trail (sfdx)
sfdx force:data:soql:query \ -q "SELECT CreatedDate, Action, Section, CreatedBy.Name FROM SetupAuditTrail WHERE CreatedDate = LAST_N_DAYS:7" \ -r csv > sf-audit-SAP BTP (Cloud Foundry, Kyma, CAP).csv
# GitHub webhook deliveries (gh CLI)
gh api -X GET "repos/OWNER/REPO/hooks/HOOKID/deliveries" --paginate > gh-webhook-SAP BTP (Cloud Foundry, Kyma, CAP).json

Fleet API key + OAuth credential rotation via vendor CLI

Rotating an API key on one SAP BTP (Cloud Foundry, Kyma, CAP) tenant by hand is fine; rotating across a fleet of tenants is how you end up with twelve different keys, four expired ones, and an unknown blast radius. Drive rotation through the vendor admin CLI or REST under a service account with the rotation scope only, hash the new credential into a secrets manager (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, HashiCorp Vault) with versioning enabled, and roll the consumer fleet one tenant at a time with a health check between each. Pin the API version header during rotation so a coincident vendor rollout does not look like a rotation failure.

# AWS - rotate an IAM access key with the old one still active for cutover
NEW=$(aws iam create-access-key --user-name svc-SAP BTP (Cloud Foundry, Kyma, CAP) --query AccessKey.AccessKeyId --output text)
aws secretsmanager update-secret --secret-id SAP BTP (Cloud Foundry, Kyma, CAP)/api --secret-string "$NEW"
# Deploy + health check, then disable the old key:
aws iam update-access-key --user-name svc-SAP BTP (Cloud Foundry, Kyma, CAP) --access-key-id $OLD --status Inactive
# GitHub - rotate a fine-grained PAT (REST)
gh api -X POST /user/personal-access-tokens \ -f name="SAP BTP (Cloud Foundry, Kyma, CAP)-prod-2026-05-31" -f expires_at="2026-08-31"
# Stripe - regenerate restricted key via CLI
stripe keys regenerate rk_live_XXXX --confirm
# Cycle webhook signing secret last (after consumer cutover)
stripe webhook_endpoints update we_XXXX --enabled-events charge.succeeded

Common pitfalls and what to watch for

SDK upgrades during an active failure are the textbook way to brick a SAP BTP (Cloud Foundry, Kyma, CAP) integration, and the trap catches experienced engineers because the changelog looks like it describes exactly the bug at hand. Never bump a major SDK version while production is on fire, never push a beta SDK unless the vendor changelog ties it to a specific advisory for your symptom, and never roll forward when a rollback is available. Skipping a required API-version migration (Salesforce v60.0 metadata change, Stripe-Version pinning across a major release, Apple App Store Connect API v1.X scope tightening) leaves a known regression path open even after the immediate fix, so check the deprecation timeline on the vendor changelog before deciding to wait. Adobe 213.11 licensing errors and SAP Express RAISE OBJECT_NOT_FOUND on a recently patched tenant are documented examples where an upgrade caused, rather than fixed, the failure.

The other half is trusting the vendor status page verdict by itself. Vendor status pages can miss regional incidents that only hit one POP, the Trust Center will not flag a webhook delivery degradation, and the audit log entries can lag several minutes behind the actual failure. Cross-reference the vendor X/Twitter status handle, Downdetector, the failing correlation id timestamps, and the on-caller symptom narrative before committing to a destructive remediation on SAP BTP (Cloud Foundry, Kyma, CAP).

Verify the fix worked

Safety, rollback, blast radius

FAQ

How long does destination not found on sap business technology platform (btp). what causes it and how to fix typically take on SAP BTP (Cloud Foundry, Kyma, CAP)?
For most SAP BTP (Cloud Foundry, Kyma, CAP) integrations, 15 to 60 minutes including verification. Large fleet rollouts, anything touching API key rotation or webhook signing secret cutover, or cross-region replication can stretch to half a day because you have to wait for OAuth re-consent, secret rollout to consumers, or coordinated maintenance windows.
Is there a rollback path?
Yes for most SAP BTP (Cloud Foundry, Kyma, CAP) changes. Snapshot the SDK lockfile, screenshot the admin console, export the audit log, and stamp the API version header before any change. A few operations are one-way (deleted records past the recycle bin window, payment captures, webhook events older than the retention window). Check the vendor reference for the specific operation before you commit.
Will this affect other integrations in the SAP BTP (Cloud Foundry, Kyma, CAP) tenant?
Often yes. SAP BTP (Cloud Foundry, Kyma, CAP) integrations share OAuth scopes, IAM roles, rate limits, and event buses with the rest of the tenant (one OAuth app holds scopes for many endpoints, one IAM role grants many actions, one tenant rate limit covers all consumers). Use the vendor admin audit log and the API call usage report to enumerate dependencies before changing a shared component.
What if my SDK version or API version header does not match these steps?
Vendor defaults move between releases. The steps in this page reflect mainstream defaults as of 2026-06-01 but the underlying integration patterns do not change as fast. If a path differs on your version, fall back to the vendor's official API reference, status page incident history, or developer changelog - those almost always still work.
Where do I get vendor support if I am still stuck?
If you have a paid Business / Enterprise / Premier plan, open a case with: the exact verbatim error string and error code, the correlation id (x-request-id, x-amz-request-id, X-Salesforce-SFDC-RequestId), the failing request as cURL, your account / org id, the SDK version, and your reproduction steps. The vendor developer forum and Stack Overflow are the no-cost public alternatives - search there first; 80 percent of common SAP BTP (Cloud Foundry, Kyma, CAP) issues already have a working answer voted to the top.

References

Related guides worth a look while you sort this one out: