diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java
index bb2673f86c..9c6035811a 100644
--- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java
+++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/BaseSteps.java
@@ -321,6 +321,19 @@ public void iHaveValidSubscription() throws Exception {
         headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_IDP_HOST);
         headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Basic NDVmMWM1YzgtYTkyZS0xMWVkLWFmYTEtMDI0MmFjMTIwMDAyOjRmYmQ2MmVjLWE5MmUtMTFlZC1hZmExLTAyNDJhYzEyMDAwMg==");
 
+        HttpResponse httpResponse = httpClient.doPost(Utils.getTokenEndpointURL(), headers, "grant_type=client_credentials&scope=" + Constants.API_CREATE_SCOPE,
+                Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED);
+        sharedContext.setAccessToken(Utils.extractToken(httpResponse));
+        sharedContext.addStoreValue("accessToken", sharedContext.getAccessToken());
+    }
+
+    @Given("I have a valid subscription without api deploy/undeploy permission")
+    public void iHaveValidSubscriptionWithAPICreateScope() throws Exception {
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put(Constants.REQUEST_HEADERS.HOST, Constants.DEFAULT_IDP_HOST);
+        headers.put(Constants.REQUEST_HEADERS.AUTHORIZATION, "Basic NDVmMWM1YzgtYTkyZS0xMWVkLWFmYTEtMDI0MmFjMTIwMDAyOjRmYmQ2MmVjLWE5MmUtMTFlZC1hZmExLTAyNDJhYzEyMDAwMg==");
+
         HttpResponse httpResponse = httpClient.doPost(Utils.getTokenEndpointURL(), headers, "grant_type=client_credentials",
                 Constants.CONTENT_TYPES.APPLICATION_X_WWW_FORM_URLENCODED);
         sharedContext.setAccessToken(Utils.extractToken(httpResponse));
diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/JWTGeneratorSteps.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/JWTGeneratorSteps.java
index d211cb974e..dffad65113 100644
--- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/JWTGeneratorSteps.java
+++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/api/JWTGeneratorSteps.java
@@ -23,6 +23,8 @@
 import java.util.Date;
 import java.util.UUID;
 
+import org.wso2.apk.integration.utils.Constants;
+
 public class JWTGeneratorSteps {
 
     private final SharedContext sharedContext;
@@ -47,7 +49,7 @@ public void generateTokenFromIdp1(String kid) throws IOException, CertificateExc
                 .expirationTime(new Date(new Date().getTime() + 60 * 1000))
                 .jwtID(UUID.randomUUID().toString())
                 .claim("azp", UUID.randomUUID().toString())
-                .claim("scope", "default")
+                .claim("scope", Constants.API_CREATE_SCOPE)
                 .build();
         SignedJWT signedJWT = new SignedJWT(
                 new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(kid).build(),
@@ -74,7 +76,7 @@ public void generateTokenFromIdp1WithOrganization(String organization) throws IO
                 .expirationTime(new Date(new Date().getTime() + 60 * 1000))
                 .jwtID(UUID.randomUUID().toString())
                 .claim("azp", UUID.randomUUID().toString())
-                .claim("scope", "default")
+                .claim("scope", Constants.API_CREATE_SCOPE)
                 .claim("organization", organization)
                 .build();
         SignedJWT signedJWT = new SignedJWT(
diff --git a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java
index fb04807f74..8c543c8b03 100644
--- a/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java
+++ b/test/cucumber-tests/src/test/java/org/wso2/apk/integration/utils/Constants.java
@@ -27,6 +27,7 @@ public class Constants {
     public static final String DEFAULT_API_DEPLOYER = "api/deployer/1.0.0/";
     public static final String ACCESS_TOKEN = "accessToken";
     public static final String EMPTY_STRING = "";
+    public static final String API_CREATE_SCOPE = "apk:api_create";
     public static final String SPACE_STRING = " ";
     public static final String SUBSCRIPTION_BASIC_AUTH_TOKEN =
             "Basic NDVmMWM1YzgtYTkyZS0xMWVkLWFmYTEtMDI0MmFjMTIwMDAyOjRmYmQ2MmVjLWE5MmUtMTFlZC1hZmExLTAyNDJhYzEyMDAwMg==";
diff --git a/test/cucumber-tests/src/test/resources/tests/api/deployment.feature b/test/cucumber-tests/src/test/resources/tests/api/deployment.feature
index 1827a5b30c..d039c27963 100644
--- a/test/cucumber-tests/src/test/resources/tests/api/deployment.feature
+++ b/test/cucumber-tests/src/test/resources/tests/api/deployment.feature
@@ -1,4 +1,12 @@
 Feature: API Deployment
+  Scenario: Deploying an API without api create scope
+    Given The system is ready
+    And I have a valid subscription without api deploy/undeploy permission
+    When I use the APK Conf file "artifacts/apk-confs/cors_API.apk-conf"
+    And the definition file "artifacts/definitions/cors_api.yaml"
+    And make the API deployment request
+    Then the response status code should be 403
+    
   Scenario: Deploying an API
     Given The system is ready
     And I have a valid subscription
@@ -17,6 +25,12 @@ Feature: API Deployment
     Then the response status code should be 400
     And the response body should contain
       |"#/corsConfiguration/corsConfigurationEnabled: expected type: Boolean, found: String"|
+  
+  Scenario Outline: Undeploy an API without api create scope
+    Given The system is ready
+    And I have a valid subscription without api deploy/undeploy permission
+    When I undeploy the API whose ID is "<apiID>"
+    Then the response status code should be 403
 
   Scenario Outline: Undeploy an API
     Given The system is ready