SAP Knowledge Base Article - Public

3043111 - [1H 2021] SFAPI supports OAuth - SAP SuccessFactors Integrations

Symptom

With the 1H 2021 SAP SuccessFactors release, SFAPI started supporting OAUTH authentication.

How does that work?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

  • SAP SuccessFactors HXM Suite
    • SFAPI

Resolution

As Basic Authentication sunset has been announced in 2H 2020 for SFAPI and OData API, OAuth mode for SFAPI has been introduced in 1H 2021 Release so that you can start migrating your existing integrations to OAuth. Refer to the guide page Authentication Using OAuth 2.0.

Important Points:

  1. SFAPI entities (except CompoundEmployee API) have already been deprecated and soon will be decommissioned too (date not planned yet), we recommend you to move your custom integrations which uses SFAPI entities to OData API and start using OAuth authentication available for OData API to save efforts or else when SFAPI decommissioning would be announced, you would have to add more efforts to migrate from SFAPI to OData API. 
  2. If your custom integration uses CompoundEmployee API, you can use SFAPI OAuth for CompoundEmployee API calls.
  3. For all standard integrations provided by SAP where SFAPI or CompoundEmployee API entities are used, SAP is responsible for changing them from basic authentication to OAuth. No action is required from your side until the package is adjusted and new parameters have been exposed to configure the OAuth specific information.

In order to manually test OAuth in SFAPI, the access token which has been generated has to be passed in the Header of the request as below:
Parameter: Authorization
Value: Bearer <ACCESS_TOKEN>

Examples on usage:

  1. SOAP UI:



  2. Wizdler:



    Check KBA for more information: 2320264 - How to make an SFAPI call to test the functionality

  3. Postman:

    Auth tab


    Body tab

The result of these calls should be a sessionId value, for example in Postman:

The sessionId would then be used in the subsequent calls (query or Upsert, for example).

See Also

2978172 - OAUTH authentication mode in DELL boomi for SuccessFactors Connector (SuccessFactors-Partner Connector)

3031657-How to generate SAML assertion for SAP SuccessFactors API using SAP provided offline tool?

Keywords

OAUTH, SAML, BOOMI, CPI, Basic Authentication, SFAPI, OAuth2 , KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , Product Enhancement

Product

SAP SuccessFactors HCM suite all versions

Attachments

Pasted image.png
Pasted image.png