2080170 - How to stop the API Administrator password expiring

• How to stop the API Administrator password expiring?
• Password Policy Exceptions not working for common users;

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors HCM Suite

If you are using API, prevent API user password from expiring, thus preventing future issues with your integrations. This feature allows you to do this for individual user exceptions and does not affect the global password aging policy applied to all other users.

1. Go to Password & Login Policy Settings;
2. Click on Set API Login Exceptions:
   
   
   
   
3. Click on "Add". Complete this screen for the API account and set age to -1 so the password never expires. All fields are mandatory:
   
    
   
   Note: The "IP address restrictions" field needs to receive the IP adresses from where the API user sends its calls. The source of these calls depends on your scenario. It could be your middleware - Boomi, HCI/CPI - or any other application which sends the API calls. It's up to the customer to identify and provide the the proper IP addresses. If you don't want any IP restrictions, you can set the IP address restrictions as "1.1.1.1-255.255.255.255" as a workaround. This would allowlist every possible IP.
   
   
4. Save and you will see this as per this example:

      Password Policy Exceptions not working for common users;

Be aware that the Set API login exceptions will only work if the user has already authenticated in an odata API. If you are placing a common user that has never logged in an odata API, the common user will respect the Password Policy defined for all users. To avoid confusion it is suggested to use a specific account to make API calls instead of using a common user for that. Otherwise you might fall in the situatuation where the api user is asked to reset the password after X days even though you have set the API login exception to -1.

Please review the help portal guide Configuring Password and Login Policy and SFAPI Setup for further details.

2420640 - Passwords: Configuring Password & Login Policy Settings - SuccessFactors Platform
2251980 - Invalid IP format error when setting API Login Exceptions
2161058 - Error in SuccessFactors API: "Attempted login from unauthorized ip"
Configuring Password and Login Policy
SFAPI Setup

ip range, api request, success, factors, specific, user, system, login policy, api user, Authentication failed. Attempted login from unauthorized ip: , KBA , sf employee central , sf api , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-INT , Integrations , How To