SAP Knowledge Base Article - Public

3146142 - How to import terminal Time Events via REST API for SAP SuccessFactors Time Tracking Clock In Clock Out

Symptom

This KBA provides detailed steps on how to set up REST API between Terminal and Clock In Clock Out.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."  

Environment

  • SAP SuccessFactors HCM Suite
  • SAP SuccessFactors Time Tracking - Clock In Clock Out

Resolution

There are three tasks to complete to set up connections between Terminal and Clock In Clock Out:
  1. Creating API Key to Create OAuth Token
  2. Creating OAuth Token
  3. REST API for Sending Time Events from Terminal to Clock In Clock Out

For more information about OAuth2 authentication, please refer to the Help Documentation: Authentication Using OAuth 2.0

1. Creating API Key to Create OAuth Token
To access the Manage OAuth2 Client Applications tool, please ensure the login user has Permission: Manage Integration Tools - Manage OAuth2 Client Applications. 

1.1 Click Register Client Application

1.2 Enter the following required fields: 

  • Application Name: Clock In Clock Out Time Events import
  • Application URL: the API Server URL of the company, this could be checked in the Provisioning - "View the list of all Tenant URLs" or in KBA 2215682 - SuccessFactors API URLs and external IPs. 
  • Bind to Users: Ticked
  • User IDs: TECHNICAL_USER_CICOTERMINAL_9D3F8AC1

1.3 Click on Generate X.509 Certificate

1.4 Enter the Common Name and click Generate Button.
The Common Name (CN) should be the company name. If this was not provided, then re-registration is required.

1.5 Click Download Button and open the downloaded Certificate.pem file, then click register button. 

1.6 Open the OAuth2 Client Application again, API Key has been generated. 

2. Creating the OAuth2 token

2.1 Create the POST API call to generate the SAML assertion. 

  • Method: POST
  • URL: <API-SERVER-URL>/oauth/idp
  • Add below keys in the Request Body
    KeyValue
    client_id

    <API-KEY> Generated in Manage OAuth2 Client Applications

    company_id<Compand ID>
    token_url<API-SERVER-URL>/oauth/token
    user_idTECHNICAL_USER_CICOTERMINAL_9D3F8AC1
    private_keyOpen the downloaded Certificate.pem file, copy the content between "BEGIN ENCRYPTED PRIVATE KEY"----- and -----"END ENCRYPTED PRIVATE KEY". 

Click send and copy the SAML assertion from the response.  

2.2 Generate OAuth Token

  • Method: POST
  • URL: <API-SERVER-URL>/oauth/token.
  • Add below keys in the Request Body
    KeyValue
    client_id

    <API-KEY> Generated in Manage OAuth2 Client Applications

    company_id<Compand ID>
    grant_type

    urn:ietf:params:oauth:grant-type:saml2-bearer

    assertion<SAML_ASSERTION> Response Body from the last step

Click Send and copy the access_token from the Response. 

3. Push Time Events using REST API

  • Method: POST
  • URL: <API-SERVER-URL>/rest/timemanagement/timeeventprocessing/v1/TimeEvents
  • In Authentication tab, paste the Bearer Token from the last step. 
  • Expected media type: JSON
  • Add below key to the Request Header
    HeaderRequiredValues
    AuthorizationYesNote

    Paste the OAuth token taken from the previous step Creating OAuth Token before following the steps in this topic.

    Content-TypeYes

    application/json

    AcceptYes

    application/json

    Note: When this request header is selected, the default response is in JSON format. If you want the response in XML format, ensure to pass the value as application/xml.
  • Add below sample to the Request Body

[
    {
        "id": "1",
        "assignmentId": "valid userid",
        "terminalId": "1",
        "typeCode": "01",
        "timestamp": "2025-04-13T08:30:00+0530",
        "timeTypeCode": "WORK"
    },
    {
        "id": "2",
        "assignmentId": "valid userid",
        "terminalId": "1",
        "typeCode": "02",
        "timestamp": "2025-04-13T17:30:00+0530",
        "timeTypeCode": "WORK"
    }
]

Note: 

  • Even though employees may not have replicated by adding to the clock in clock out group in job info, just add any employee Id with a Clock In and date and time then post it to the API.
  • Even if this resulted in validation failure, it could ensure that the integration works with SuccessFactors.
  • Accept is a way of letting the service know that it excepts always json format.
    • When using Accept as 'application/json', the response will be available in json.
    • When adding Accept as 'application/xml', then the response changes to XML.

Restrictions:
A maximum of 1000 time events can be sent with one API call in bulk mode.
The number of time events that can be sent for a single user is limited to 200. Please refer to more details in KBA 3364562.

See Also

Keywords

tms, time sheet, sf, time event, cico, punch, clock in clock out, clock, terminal, rest api, oauth, REST, import, upsert, upload, send, attendance, biometric, punch in, authentication, token, oauth2, integration , KBA , LOD-SF-TTR-CIO , Clock In/ Clock Out , How To

Product

SAP SuccessFactors HCM Suite all versions ; SAP SuccessFactors Time Tracking all versions