SAP Knowledge Base Article - Public

2511864 - Validity of the keypair generated via Successfactors for the OAuth


This is a know how KBA on the field "Validity(Days)" field, which plays an important part in deciding the number of days the OAuth would be valid for.


SAP SuccessFactors HXM Suite


Question: Can we leave the field blank while generating the X.509 certificate?

Answer: Yes, when the field is left blank system defaults the validity to 365 days

Question: Can we use our own period of validity?

Answer: Yes, Successfactors provides the flexibility to give the number of days as per the need to suit your requirement

Question: Can we generate our own X.509 certificate and use it?

Answer: Yes, this flexibility is provided in Successfactors


To make it compatible for legacy behavior, we have the checkbox "Enable validity check", if unchecked, then it will not check for expiry, if checked, then you may input time period, if not specified this is defaulted to 365 days.

That is to mean, if customer does not enable the checkbox, then the keypair will not be checked for expiry (rather won't expire). If enabled, the keypair will be checked, the default 1 year is for the situation whereby customer enabled "Enable validity check" option but has not specified the time period.



  • Validity of keypair generated using OAuth 
  • Validity of the X.509 certificate uploaded to Successfactors
, KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , Problem


SAP SuccessFactors HCM Core all versions