...
For the API RFC the user requires only the API Access privilege.
HTTP Destination (non-PROD):
Based on the security architecture of the Boomi system, the execute privilege is required as well as the proper assignment of the user to the corresponding processes that are going to be tested.