Symptom
This KBA provides detailed steps on how to set up REST API between Terminal and Clock In Clock Out.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
- SAP SuccessFactors HCM Suite
- SAP SuccessFactors Time Tracking - Clock In Clock Out
Resolution
- Creating API Key to Create OAuth Token
- Creating OAuth Token
- REST API for Sending Time Events from Terminal to Clock In Clock Out
For more information about OAuth2 authentication, please refer to the Help Documentation: Authentication Using OAuth 2.0.
1. Creating API Key to Create OAuth Token
To access the Manage OAuth2 Client Applications tool, please ensure the login user has Permission: Manage Integration Tools - Manage OAuth2 Client Applications.
1.1 Click Register Client Application
1.2 Enter the following required fields:
- Application Name: Clock In Clock Out Time Events import
- Application URL: the API Server URL of the company, this could be checked in the Provisioning - "View the list of all Tenant URLs" or in KBA 2215682 - SuccessFactors API URLs and external IPs.
- Bind to Users: Ticked
- User IDs: TECHNICAL_USER_CICOTERMINAL_9D3F8AC1
1.3 Click on Generate X.509 Certificate
1.4 Enter the Common Name and click Generate Button.
The Common Name (CN) should be the company name. If this was not provided, then re-registration is required.
1.5 Click Download Button and open the downloaded Certificate.pem file, then click register button.
1.6 Open the OAuth2 Client Application again, API Key has been generated.
2. Creating the OAuth2 token
2.1 Create the POST API call to generate the SAML assertion.
- Method: POST
- URL: <API-SERVER-URL>/oauth/idp
- Add below keys in the Request Body
Key Value client_id <API-KEY> Generated in Manage OAuth2 Client Applications
company_id <Compand ID> token_url <API-SERVER-URL>/oauth/token user_id TECHNICAL_USER_CICOTERMINAL_9D3F8AC1 private_key Open the downloaded Certificate.pem file, copy the content between "BEGIN ENCRYPTED PRIVATE KEY"----- and -----"END ENCRYPTED PRIVATE KEY".
Click send and copy the SAML assertion from the response.
2.2 Generate OAuth Token
- Method: POST
- URL: <API-SERVER-URL>/oauth/token.
- Add below keys in the Request Body
Key Value client_id <API-KEY> Generated in Manage OAuth2 Client Applications
company_id <Compand ID> grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion <SAML_ASSERTION> Response Body from the last step
Click Send and copy the access_token from the Response.
3. Push Time Events using REST API
- Method: POST
- URL: <API-SERVER-URL>/rest/timemanagement/timeeventprocessing/v1/TimeEvents
- In Authentication tab, paste the Bearer Token from the last step.
- Expected media type: JSON
- Add below key to the Request Header
Header Required Values Authorization Yes Note
Paste the OAuth token taken from the previous step Creating OAuth Token before following the steps in this topic.
Content-Type Yes application/json
Accept Yes application/json
Note: When this request header is selected, the default response is in JSON format. If you want the response in XML format, ensure to pass the value as application/xml. - Add below sample to the Request Body
[
{
"id": "1",
"assignmentId": "valid userid",
"terminalId": "1",
"typeCode": "01",
"timestamp": "2025-04-13T08:30:00+0530",
"timeTypeCode": "WORK"
},
{
"id": "2",
"assignmentId": "valid userid",
"terminalId": "1",
"typeCode": "02",
"timestamp": "2025-04-13T17:30:00+0530",
"timeTypeCode": "WORK"
}
]
Note:
- Even though employees may not have replicated by adding to the clock in clock out group in job info, just add any employee Id with a Clock In and date and time then post it to the API.
- Even if this resulted in validation failure, it could ensure that the integration works with SuccessFactors.
- Accept is a way of letting the service know that it excepts always json format.
- When using Accept as 'application/json', the response will be available in json.
- When adding Accept as 'application/xml', then the response changes to XML.
Restrictions:
A maximum of 1000 time events can be sent with one API call in bulk mode.
The number of time events that can be sent for a single user is limited to 200. Please refer to more details in KBA 3364562.
See Also
- SAP Help Portal Documentation: REST API for Sending Time Events from Terminal to Clock In Clock Out
- SAP Help Portal Documentation: Authentication Using OAuth 2.0
- SAP Community Blog: Clock In Clock Out in SAP SuccessFactors Time Tracking – Overview and How-To Guide
- SAP Community Blog: SAP SuccessFactors Time Tracking Integration Considerations for 3rd party clock vendors
- KBA 3145716 - No more Time Events are integrated from the External Terminal to SAP SuccessFactors Clock In Clock Out
- KBA 3153554 - How to start Clock In Clock Out Implementation and Integration with Terminal Vendors?
- KBA 3364562 - The maximum number of time events for a user in a request should not be greater than 200
- KBA 3205292 - FAQ - Frequently Asked Questions regarding Import and Export of Time Events
- KBA 3449507 - FAQ - Frequently Asked Questions regarding data import in SF Time Tracking and SF EC Time Sheet
- KBA 3236897 - IDP: SAP SuccessFactors Time Tracking - Clock In Clock Out Configuration and Integration Considerations
Keywords
tms, time sheet, sf, time event, cico, punch, clock in clock out, clock, terminal, rest api, oauth, REST, import, upsert, upload, send, attendance, biometric, punch in, authentication, token, oauth2, integration , KBA , LOD-SF-TTR-CIO , Clock In/ Clock Out , How To