SAP
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion b/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/sap_cloud_sdk/destination/certificate_client.py‎
Lines changed: 21 additions & 6 deletions b/‎src/sap_cloud_sdk/destination/certificate_client.py‎
Lines changed: 21 additions & 6 deletions
diff --git a/‎src/sap_cloud_sdk/destination/client.py‎
Lines changed: 21 additions & 6 deletions b/‎src/sap_cloud_sdk/destination/client.py‎
Lines changed: 21 additions & 6 deletions
diff --git a/‎src/sap_cloud_sdk/destination/fragment_client.py‎
Lines changed: 21 additions & 6 deletions b/‎src/sap_cloud_sdk/destination/fragment_client.py‎
Lines changed: 21 additions & 6 deletions
diff --git a/‎src/sap_cloud_sdk/destination/user-guide.md‎
Lines changed: 44 additions & 9 deletions b/‎src/sap_cloud_sdk/destination/user-guide.md‎
Lines changed: 44 additions & 9 deletions
@@ -1,6 +1,6 @@
 [project]
 name = "sap-cloud-sdk"
-version = "0.9.0"
+version = "0.10.0"
 description = "SAP Cloud SDK for Python"
 readme = "README.md"
 license = "Apache-2.0"
 
@@ -206,13 +206,18 @@ def get_subaccount_certificate(
 
     @record_metrics(Module.DESTINATION, Operation.CERTIFICATE_CREATE_CERTIFICATE)
     def create_certificate(
-        self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        certificate: Certificate,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Create a certificate.
 
         Args:
             certificate: Certificate entity to create.
             level: Scope where the certificate should be created (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the certificate is created in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an empty body.
@@ -225,7 +230,7 @@ def create_certificate(
         body = certificate.to_dict()
 
         try:
-            self._http.post(f"{API_V1}/{coll}", body=body)
+            self._http.post(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -235,13 +240,18 @@ def create_certificate(
 
     @record_metrics(Module.DESTINATION, Operation.CERTIFICATE_UPDATE_CERTIFICATE)
     def update_certificate(
-        self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        certificate: Certificate,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Update a certificate.
 
         Args:
             certificate: Certificate entity with updated fields.
             level: Scope where the certificate exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the certificate is updated in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an Update object (e.g., {"Count": 1}),
@@ -255,7 +265,7 @@ def update_certificate(
         body = certificate.to_dict()
 
         try:
-            self._http.put(f"{API_V1}/{coll}", body=body)
+            self._http.put(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -265,13 +275,18 @@ def update_certificate(
 
     @record_metrics(Module.DESTINATION, Operation.CERTIFICATE_DELETE_CERTIFICATE)
     def delete_certificate(
-        self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        name: str,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Delete a certificate.
 
         Args:
             name: Certificate name.
             level: Scope where the certificate exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the certificate is deleted in the
+                subscriber context; otherwise the provider context is used.
 
         Raises:
             HttpError: Propagated for HTTP errors.
@@ -280,7 +295,7 @@ def delete_certificate(
         coll = self._sub_path_for_level(level)
 
         try:
-            self._http.delete(f"{API_V1}/{coll}/{name}")
+            self._http.delete(f"{API_V1}/{coll}/{name}", tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
 
@@ -421,13 +421,18 @@ def get_destination(
 
     @record_metrics(Module.DESTINATION, Operation.DESTINATION_CREATE_DESTINATION)
     def create_destination(
-        self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        dest: Destination,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Create a destination.
 
         Args:
             dest: Destination entity to create.
             level: Scope where the destination should be created (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the destination is created in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an empty body.
@@ -440,7 +445,7 @@ def create_destination(
         body = dest.to_dict()
 
         try:
-            self._http.post(f"{API_V1}/{coll}", body=body)
+            self._http.post(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -450,13 +455,18 @@ def create_destination(
 
     @record_metrics(Module.DESTINATION, Operation.DESTINATION_UPDATE_DESTINATION)
     def update_destination(
-        self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        dest: Destination,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Update a destination.
 
         Args:
             dest: Destination entity with updated fields.
             level: Scope where the destination exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the destination is updated in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an Update object (e.g., {"Count": 1}),
@@ -470,7 +480,7 @@ def update_destination(
         body = dest.to_dict()
 
         try:
-            self._http.put(f"{API_V1}/{coll}", body=body)
+            self._http.put(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -480,13 +490,18 @@ def update_destination(
 
     @record_metrics(Module.DESTINATION, Operation.DESTINATION_DELETE_DESTINATION)
     def delete_destination(
-        self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        name: str,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Delete a destination.
 
         Args:
             name: Destination name.
             level: Scope where the destination exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the destination is deleted in the
+                subscriber context; otherwise the provider context is used.
 
         Raises:
             HttpError: Propagated for HTTP errors.
@@ -495,7 +510,7 @@ def delete_destination(
         coll = self._sub_path_for_level(level)
 
         try:
-            self._http.delete(f"{API_V1}/{coll}/{name}")
+            self._http.delete(f"{API_V1}/{coll}/{name}", tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
 
@@ -191,13 +191,18 @@ def list_subaccount_fragments(
 
     @record_metrics(Module.DESTINATION, Operation.FRAGMENT_CREATE_FRAGMENT)
     def create_fragment(
-        self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        fragment: Fragment,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Create a fragment.
 
         Args:
             fragment: Fragment entity to create.
             level: Scope where the fragment should be created (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the fragment is created in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an empty body.
@@ -210,7 +215,7 @@ def create_fragment(
         body = fragment.to_dict()
 
         try:
-            self._http.post(f"{API_V1}/{coll}", body=body)
+            self._http.post(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -220,13 +225,18 @@ def create_fragment(
 
     @record_metrics(Module.DESTINATION, Operation.FRAGMENT_UPDATE_FRAGMENT)
     def update_fragment(
-        self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        fragment: Fragment,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Update a fragment.
 
         Args:
             fragment: Fragment entity with updated fields.
             level: Scope where the fragment exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the fragment is updated in the
+                subscriber context; otherwise the provider context is used.
 
         Returns:
             None. Success responses from the Destination Service return an Update object (e.g., {"Count": 1}),
@@ -240,7 +250,7 @@ def update_fragment(
         body = fragment.to_dict()
 
         try:
-            self._http.put(f"{API_V1}/{coll}", body=body)
+            self._http.put(f"{API_V1}/{coll}", body=body, tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
@@ -250,13 +260,18 @@ def update_fragment(
 
     @record_metrics(Module.DESTINATION, Operation.FRAGMENT_DELETE_FRAGMENT)
     def delete_fragment(
-        self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT
+        self,
+        name: str,
+        level: Optional[Level] = Level.SUB_ACCOUNT,
+        tenant: Optional[str] = None,
     ) -> None:
         """Delete a fragment.
 
         Args:
             name: Fragment name.
             level: Scope where the fragment exists (subaccount by default).
+            tenant: Subscriber tenant subdomain. When provided, the fragment is deleted in the
+                subscriber context; otherwise the provider context is used.
 
         Raises:
             HttpError: Propagated for HTTP errors.
@@ -265,7 +280,7 @@ def delete_fragment(
         coll = self._sub_path_for_level(level)
 
         try:
-            self._http.delete(f"{API_V1}/{coll}/{name}")
+            self._http.delete(f"{API_V1}/{coll}/{name}", tenant_subdomain=tenant)
         except HttpError:
             raise
         except Exception as e:
 
@@ -36,6 +36,41 @@ cert = certificate_client.get_subaccount_certificate("my-cert", access_strategy=
 dest = client.get_subaccount_destination("my-destination", access_strategy=AccessStrategy.SUBSCRIBER_FIRST, tenant="tenant-subdomain")
 fragment = fragment_client.get_subaccount_fragment("my-fragment", access_strategy=AccessStrategy.SUBSCRIBER_FIRST, tenant="tenant-subdomain")
 cert = certificate_client.get_subaccount_certificate("my-cert", access_strategy=AccessStrategy.SUBSCRIBER_FIRST, tenant="tenant-subdomain")
+
+# Fragment write operations with tenant (subscriber context)
+new_fragment = Fragment(name="my-fragment", properties={"URL": "https://api.example.com"})
+fragment_client.create_fragment(new_fragment, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+fragment_client.update_fragment(new_fragment, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+fragment_client.delete_fragment("my-fragment", level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+
+# Fragment write operations without tenant (provider context)
+fragment_client.create_fragment(new_fragment, level=Level.SUB_ACCOUNT)
+fragment_client.update_fragment(new_fragment, level=Level.SUB_ACCOUNT)
+fragment_client.delete_fragment("my-fragment", level=Level.SUB_ACCOUNT)
+
+# Destination write operations with tenant (subscriber context)
+new_dest = Destination(name="my-dest", type="HTTP", url="https://api.example.com")
+client.create_destination(new_dest, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+client.update_destination(new_dest, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+client.delete_destination("my-dest", level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+
+# Destination write operations without tenant (provider context)
+client.create_destination(new_dest, level=Level.SUB_ACCOUNT)
+client.update_destination(new_dest, level=Level.SUB_ACCOUNT)
+client.delete_destination("my-dest", level=Level.SUB_ACCOUNT)
+
+# Certificate write operations with tenant (subscriber context)
+from sap_cloud_sdk.destination import create_certificate_client
+from sap_cloud_sdk.destination._models import Certificate
+new_cert = Certificate(name="my-cert.pem", content="base64-encoded-content", type="PEM")
+certificate_client.create_certificate(new_cert, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+certificate_client.update_certificate(new_cert, level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+certificate_client.delete_certificate("my-cert.pem", level=Level.SUB_ACCOUNT, tenant="tenant-subdomain")
+
+# Certificate write operations without tenant (provider context)
+certificate_client.create_certificate(new_cert, level=Level.SUB_ACCOUNT)
+certificate_client.update_certificate(new_cert, level=Level.SUB_ACCOUNT)
+certificate_client.delete_certificate("my-cert.pem", level=Level.SUB_ACCOUNT)
 ```
 
 ## Concepts
@@ -65,9 +100,9 @@ class DestinationClient:
     def list_subaccount_destinations(self, access_strategy: AccessStrategy = AccessStrategy.SUBSCRIBER_FIRST, tenant: Optional[str] = None, filter: Optional[ListOptions] = None) -> PagedResult[Destination]: ...
 
     # V1 Admin API - Write operations
-    def create_destination(self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def update_destination(self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def delete_destination(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
+    def create_destination(self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def update_destination(self, dest: Destination, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def delete_destination(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
 
     # V2 Runtime API - Destination consumption with automatic token retrieval
     def get_destination(self, name: str, level: Optional[Level] = None, options: Optional[ConsumptionOptions] = None, proxy_enabled: Optional[bool] = None) -> Optional[Destination | TransparentProxyDestination]: ...
@@ -83,9 +118,9 @@ class FragmentClient:
     def get_subaccount_fragment(self, name: str, access_strategy: AccessStrategy = AccessStrategy.SUBSCRIBER_FIRST, tenant: Optional[str] = None) -> Optional[Fragment]: ...
     def list_instance_fragments(self) -> List[Fragment]: ...
     def list_subaccount_fragments(self, access_strategy: AccessStrategy = AccessStrategy.SUBSCRIBER_FIRST, tenant: Optional[str] = None) -> List[Fragment]: ...
-    def create_fragment(self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def update_fragment(self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def delete_fragment(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
+    def create_fragment(self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def update_fragment(self, fragment: Fragment, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def delete_fragment(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
 ```
 
 ### Certificate Client
@@ -98,9 +133,9 @@ class CertificateClient:
     def get_subaccount_certificate(self, name: str, access_strategy: AccessStrategy = AccessStrategy.SUBSCRIBER_FIRST, tenant: Optional[str] = None) -> Optional[Certificate]: ...
     def list_instance_certificates(self, filter: Optional[ListOptions] = None) -> PagedResult[Certificate]: ...
     def list_subaccount_certificates(self, access_strategy: AccessStrategy = AccessStrategy.SUBSCRIBER_FIRST, tenant: Optional[str] = None, filter: Optional[ListOptions] = None) -> PagedResult[Certificate]: ...
-    def create_certificate(self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def update_certificate(self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
-    def delete_certificate(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT) -> None: ...
+    def create_certificate(self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def update_certificate(self, certificate: Certificate, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
+    def delete_certificate(self, name: str, level: Optional[Level] = Level.SUB_ACCOUNT, tenant: Optional[str] = None) -> None: ...
 ```
 
 ### Models