SAP Knowledge Base Article - Public

3022498 - Unauthorized response when using 3 legged OAuth flow for API access token in SAP Analytics Cloud (SAC) & SAP Digital Boardroom


When accessing the URL <Tenant>/api/v1/stories a http 401 unauthorized response is returned, which prevents returning the result set from the SAC API.


  • SAP Analytics Cloud (Enterprise) 2021.3.2

Reproducing the Issue

  1. Go to System, Administration and click on the App Integration tab.
  2. Get the token URL under the first panel.
  3. From Postman Environment, create a new Post request to the token URL.
  4. Under the Authorization tab, select the type as OAuth 2.0.
  5. Under the Configure New Token, select the grant type as Authorization Code.
  6. Ensure all the form fields are entered: Callback URL, Auth URL, Access Token URL, Client ID & Secret.
  7. Click on the orange button called Get New Access Token.
  8. Afterwards a pop up window will appear prompting a login.
  9. Get the access token from the response.
  10. Create a new Get request to <Tenant>/api/v1/stories
  11. Do not include Authorization bearer in the headers tab, instead click on the authorization tab and select the type as Bearer Token and input the string value in the input field to the right.
  12. After firing the request, observe the body response as unauthorized. 


The Groups SAML Attribute has not been applied which is causing the authorization issue.

SAC started to enforce “Groups” SAML attribute presence, there it no longer works without Groups attribute, starting December 2020.


  • When creating an OAuth Client for 3 legged authorization the purpose must be selected for Interactive Usage.
  • Set the Groups SAML Attribute to Value = sac as per the prerequisite of Enabling a Custom SAML Identity Provider

See Also

Your feedback is important to help us improve our knowledge base.


SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, api, oauth, idp , KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem


SAP Analytics Cloud 1.0