2511864 - Validity of the keypair generated via SuccessFactors for OAuth in OData API

This KBA explains the "Validity(Days)" field when generating a X.509 certificate in SuccessFactors "Manage OAuth2 Client Applications" tool, which plays an important part in deciding the number of days the certificate would be valid for.

• SAP SuccessFactors HXM Suite
  • OData API

1. Can we leave the field blank while generating the X.509 certificate?
   Yes, when the field is left blank, the validity defaults to 365 days.
   
   
2. Can we specify our own period of validity?
   Yes, SuccessFactors provides flexibility, allowing you to specify the number of days according to your requirements.
   
   
3. Can we generate our own X.509 certificate and use it?
   Yes, this flexibility is provided in SuccessFactors.

Note: To ensure compatibility with legacy behavior, the checkbox "Enable validity check" is available. If unchecked, SuccessFactors API will not check for certificate expiry. If checked, SuccessFactors API will reject expired certificates based on the time period provided in the "Validity(Days)" field (defaulting to 365 days if unspecified).

So, if "Enable validity check" is unchecked, even when a key pair from an expired certificate reaches the API, it will be accepted.

X.509, key pair, oauth, odata, valid, Enable validity check , KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , Problem