diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
index b701b9bf96..f7211fef13 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java
@@ -26,6 +26,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+import org.wso2.carbon.webapp.authenticator.framework.authorizer.WebappTenantAuthorizer;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
@@ -44,6 +45,8 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
             return;
         }
 
+
+
         WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
         if (authenticator == null) {
             String msg = "Failed to load an appropriate authenticator to authenticate the request";
@@ -51,6 +54,11 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
             return;
         }
         AuthenticationInfo authenticationInfo = authenticator.authenticate(request, response);
+        if (isManagedAPI(request) && (authenticationInfo.getStatus() == WebappAuthenticator.Status.CONTINUE ||
+                authenticationInfo.getStatus() == WebappAuthenticator.Status.SUCCESS)) {
+            WebappAuthenticator.Status status = WebappTenantAuthorizer.authorize(request, authenticationInfo);
+            authenticationInfo.setStatus(status);
+        }
         if (authenticationInfo.getTenantId() != -1) {
             try {
                 PrivilegedCarbonContext.startTenantFlow();
@@ -77,6 +85,11 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
         return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));
     }
 
+    private boolean isManagedAPI(Request request) {
+        String param = request.getContext().findParameter("managed-api-enabled");
+        return (param != null && Boolean.parseBoolean(param));
+    }
+
     private boolean isContextSkipped(Request request) {
         String ctx = request.getContext().getPath();
         if (ctx == null || "".equals(ctx)) {
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/WebappTenantAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/WebappTenantAuthorizer.java
new file mode 100644
index 0000000000..e6a55eba89
--- /dev/null
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/WebappTenantAuthorizer.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.webapp.authenticator.framework.authorizer;
+
+import org.apache.catalina.connector.Request;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+
+/**
+ * This class represents the methods that are used to authorize requests based on the tenant subscription.
+ */
+public class WebappTenantAuthorizer {
+	private static final String SHARED_WITH_ALL_TENANTS_PARAM_NAME = "isSharedWithAllTenants";
+	private static final String PROVIDER_TENANT_DOMAIN_PARAM_NAME = "providerTenantDomain";
+
+	public static WebappAuthenticator.Status authorize(Request request, AuthenticationInfo authenticationInfo) {
+		String tenantDomain = authenticationInfo.getTenantDomain();
+		if (tenantDomain != null && isSharedWithAllTenants(request) || isProviderTenant(request, tenantDomain)) {
+			return WebappAuthenticator.Status.CONTINUE;
+		}
+		return WebappAuthenticator.Status.FAILURE;
+	}
+
+	private static boolean isSharedWithAllTenants(Request request) {
+		String param = request.getContext().findParameter(SHARED_WITH_ALL_TENANTS_PARAM_NAME);
+		return (param == null || Boolean.parseBoolean(param));
+	}
+
+	private static boolean isProviderTenant(Request request, String requestTenantDomain) {
+		String param = request.getContext().findParameter(PROVIDER_TENANT_DOMAIN_PARAM_NAME);
+		return (param == null || requestTenantDomain.equals(param));
+	}
+}