From 59e6d7f471a216429c9aa42ad82d29b1c4e9d476 Mon Sep 17 00:00:00 2001
From: Benjamin Krencker <54358901+bkrencker@users.noreply.github.com>
Date: Fri, 14 Jun 2024 08:46:06 +0200
Subject: [PATCH 1/2] Update concepts-26572ad.md

Documented security constraints of Scheduler Service.

There was a big discussion on this limitation with BTP Scheduler Team, CAP Team and expert from XSSEC library on a SAP OSS Ticket.

Customers of BTP Scheduler Service should be aware of this limitation, as it is currently not mentioned in the documentation.

If you have any questions, Alexandar was working on the SAP OSS Ticket Case 472642/2024 "Calls for Public CAP-API using BTP Scheduler not working"

Best regards,
Ben
---
 docs/20---Concepts/concepts-26572ad.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/20---Concepts/concepts-26572ad.md b/docs/20---Concepts/concepts-26572ad.md
index d54c06d..3c18857 100644
--- a/docs/20---Concepts/concepts-26572ad.md
+++ b/docs/20---Concepts/concepts-26572ad.md
@@ -158,6 +158,16 @@ You can use the service with multitenant applications developed in the context o
 
 
 
+</dd>
+</dl>
+
+**Security**
+
+</b></dt>
+<dd>
+
+The service has to be bound to the calling application in the same Cloud Foundry Space. Otherwise or when calling public APIs, an invalid authorization header (JWT token) will be sent which can lead to technical problems (e.g. for CAP applications).
+
 </dd>
 </dl>
 

From c2d7c95bd1627f9d83119d33761f0072077b17d2 Mon Sep 17 00:00:00 2001
From: Dragomir Anachkov <dragomiranachkov@gmail.com>
Date: Mon, 17 Jun 2024 10:29:35 +0300
Subject: [PATCH 2/2] Update docs/20---Concepts/concepts-26572ad.md

Commiting the change as discussed with @bkrencker
---
 docs/20---Concepts/concepts-26572ad.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/20---Concepts/concepts-26572ad.md b/docs/20---Concepts/concepts-26572ad.md
index 3c18857..aa05a4a 100644
--- a/docs/20---Concepts/concepts-26572ad.md
+++ b/docs/20---Concepts/concepts-26572ad.md
@@ -166,7 +166,9 @@ You can use the service with multitenant applications developed in the context o
 </b></dt>
 <dd>
 
-The service has to be bound to the calling application in the same Cloud Foundry Space. Otherwise or when calling public APIs, an invalid authorization header (JWT token) will be sent which can lead to technical problems (e.g. for CAP applications).
+You have to bind the Job Scheduling service instance to the application in the same Cloud Foundry space. When the service calls an endpoint, the request always contains the Authorization header (JWT token). To validate this token, make sure that your application is bound to the Job Scheduling service instance.
+
+For more information, see [Binding Service Instances to Applications](https://help.sap.com/docs/btp/sap-business-technology-platform/binding-service-instances-to-applications?version=Cloud).
 
 </dd>
 </dl>