3728832 - Intermittent authorization errors when accessing SuccessFactors API

• Intermittent ETL failures occur when extracting data from various SuccessFactors API endpoints integrated with an external dashboarding platform.
• The error message displayed is: “The request has been refused. Verify that the logged-in user has appropriate permissions.”
• When the same request is re-run, it typically completes successfully without any changes to permissions or configuration.

SAP SuccessFactors HCM

• Odata API

1. Run the ETL process in the external dashboarding platform integrated with SuccessFactors.
2. Observe that for certain endpoints, the error message "The request has been refused. Verify that the logged-in user has appropriate permissions" is thrown.
3. Re-run the same request without making any changes to permissions or configurations.
4. Observe that the request completes successfully and produces data.

The Oauth token is expired, and the server returns a 403 response as expected behavior.

Refer to the guide on requesting an access token:  Requesting an Access Token | SAP Help Portal 

1. If an access token has already been requested with the same SAML assertion and the token has not expired, the server will return the same token by default with the remaining time indicated in the expire_in field.
2. Use the parameter new_token=true to force the server to generate a new access token valid for 24 hours.

Authentication Using OAuth 2.0 | SAP Help Portal

successfactors, odata api, etl failures, authorization error, request refused, permissions error, oauth token, 403 error, new_token=true, intermittent issue, api endpoints, data extraction, splashbi integration, "The request has been refused. Verify that the logged-in user has appropriate permissions." , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , How To