SAP Knowledge Base Article - Public

3373597 - BTP IP range - Workzone to Successfactors


401 error in Workzone when an unknown IP range is removed from IP Restriction Tool in Admin Center


SAP SuccessFactors Integration

Reproducing the Issue

You are activating SF cards in your Workzone instance and in the developer console of our web browser, you were getting errors.

Those error messages contained a notification that there was an issue reaching an IP address. For instance was one of them, you then allow-listed that IP address but you then got another error in the developer console asking you to open, etc.

You then checked Regions and API Endpoints Available for the Cloud Foundry Environment. However, the IP addresses that are problematic ( are nowhere to be found in that documentation.


For the API Requests to microservices with external OAuth. API Gateway will trigger an internal API /rest/internal/platform/asapi/v1/JWTToken to get the JWT token and then access the microservice with the JWT token.

That's why our internal Server IP 10.60.165.x is used for authentication and gets 401 due to IP Restriction.


The workaround is to retrieve these IP range configurations in the IP Restriction tool in Admin Center. 


401 error, BTP, Workzone, IP Restriction Tool, JWTToken, JWT Token, Regions and API Endpoints Available for the Cloud Foundry Environment , KBA , LOD-SF-INT-API , API & Adhoc API Framework , Problem


SAP SuccessFactors HCM suite all versions