SAP Knowledge Base Article - Public

3480995 - SAP CPQ call to regenerate JWT Token Signing Keys


You have received an email from us, regarding the regeneration of JWT Token Signing Key within the Trusted Applications in your tenant, desirable by the end of August 2024, failing which all your integrations with SAP CPQ will be affected from our 2411 SAP CPQ release in November this year.




  • From 2405 CPQ release, generating JWT Token Signing Key within the Trusted Applications administration is now 128 characters long.
  • This is done to ensure that the length of the JWT secret is satisfying minimum of security and this will be required for security patch that is planned to be deployed in near future.


Please regenerate JWT Token Signing Key for all existing records with JWT Assertion Grant enabled, by following the below steps:

  1. Navigate to CPQ Setup
  2. Go to Security
  3. Go to Trusted Applications
  4. Edit an existing record
  5. Expand the 'JWT Assertion Grant' section
  6. Click on Generate New JWT Token Signing Key under the JWT Token Signing Key field
  7. Save.

Note: Please make sure to update the related external applications with this newly generated key from CPQ.

If you still have any concerns regarding this, please reply on the email that you received from us, or you can also reach out to Nikola Maric <>.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

See Also

As of 2405: Increasing the Minimum Character Length for Generating Secrets for JWT Token Signing Key | SAP Help Portal

Generate JWT Assertion Grant Type | SAP Help Portal


JWT Token Signing Key, regenerate, Trusted Applications, integrations, 2411 release,  , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , How To


SAP CPQ all versions