Skip to Content

SAP SuccessFactors Employee Central OData APIs provides two types of authentications:-

  • Basic Authentication
  • OAuth 2.0 Authentication.

Using OAuth authentication, users can securely consume Employee central OData API using a registered OAuth client id and valid OAuth token. This concept can then be extended to provide single sign on features while consuming the SAP SuccessFactors Employee Central OData APIs.

SAP SuccessFactors Connectivity  policy templates available in SAP API Business Hub facilitates easy and secure consumption of SAP SuccessFactors APIs. In this blog, the usage of SAP SuccessFactors Connectivity policy templates for User Management from SAP SuccessFactors is covered in detailed.

Pre Requisites

  1. SAP Cloud Platform API Management ( ref link for trial access)
  2. SAP SuccessFactors tenant

Registration of OAuth Client in SAP SuccessFactors

In the blog How to initiate an OAuth connection to SuccessFactors Employee central the concept of OAuth has been explained by Arijit Das along with the detailed steps for setting up OAuth in SAP SuccessFactors.

  • Logon to SAP SuccessFactors and go to Admin Center

  • Search for OAuth in Tools and then select Manage OAuth2 Client Applications

  • Click on Register Client application to register a new OAuth client

 

  • Enter an application name, application URL ( any dummy URL can be provided here).
  • Click on Generate X.509 Certificate to generate a certificate signed by SAP SuccessFactors.
  • Click on Register to register OAuth client.

 

 

  • After registration, an OAuth key is generated. Generated X509 certificate and API Key would be required while applying the SAP SuccessFactors Connectivity policy template to SAP SuccessFactors OData APIs.

 

Discover and Copy SAP SuccessFactors Connectivity policy template

From SAP Cloud Platform API Management, all the APIs and policy templates available in SAP API Business Hub can be discovered via the Discover tab.

  • Logon to your SAP Cloud Platform, API Management account (say https://account.hanatrial.ondemand.com/cockpit).
  • Navigate to the Services tab, search for API Management service tile and click to open SAP API Management service.

 

  • Click on the link Access API Portal to open API Portal.

  • Navigate to the Discover from the hamburger icon

 

  • SAP API Business Hub is integrated into SAP Cloud Platform API Management and therefore all the APIs and Policy templates available in SAP API Business Hub can be easily discovered and consumed in SAP Cloud Platform API Management.
  • Navigate to the All tab, search and select SuccessFactors Connectivity.

 

  • Navigate to the Artifacts tab and select SuccessFactors_OAuth2SAMLAssertion policy template.

 

  • Click on Copy to copy the SAP SuccessFactors Connectivity policy template into SAP Cloud Platform API Management tenant.

 

  • Copied metadata cache policy templates would be available under POLICY TEMPLATES tab of Develop view.

 

Apply SAP SuccessFactors Connectivity policy template to SAP SuccessFactors Employee Central OData APIs

In the blog series Discover, Consume and Manage SAP SuccessFactors APIs the detailed steps to access the User Management OData API and the management of the User Management API via SAP Cloud Platform API Management is covered. In this section steps to apply SAP SuccessFactors connectivity cache to the PLTUserManagement  API Proxy is covered in detail.

  • Click on APIs tab and select PLTUserManagement SAP SuccessFactors OData API.

  • Click on Policies to navigate to the Policy designer view.

 

  • Click on Edit to switch to the editable mode.

 

  • Select Apply from the Policy Template.

 

  • Select the newly copied SuccessFactors_OAuth2SAMLAssertion template from Apply Template dialog.

 

  • Select the config.js file Scripts region and enter details like your SAP SuccessFactors user Id, OAuth Client Id or API Key which was generated during OAuth client registration steps, SAP SuccessFactors company id, X509 Certificate generated during OAuth client registrations.

 

 

  • From the Target endpoint preflow, select the policy getSAMLAssertion and in HTTPTargetConnection->URL provide your SAP SuccessFactors data centers.

 

 

  • Select the policy getOAuthAccessToken and in HTTPTargetConnection->URL provide your SAP SuccessFactors data centers.

 

 

  • Click on Update to save changes in the policy designer.

 

  • Click on Save to apply the changes to the PLTUserManagement API Proxy.

 

Finally testing the flow

  • Select the RESOURCES tab and click on GET operation view all Users from SAP SuccessFactors.

 

  • This would open up the Test Console. Click on Url Params and then user $top value to limit the number of user records returned by SAP SuccessFactors OData API and Click on Send.

 

 

Further Reads

  • API Security Best Practices blog series.
  • Monitor and Analytics blog.
  • Enchanced developer experience blog.

For more blogs on SAP Cloud Platform API Management visit us at SAP Community

 

To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Former Member

    Hi Divya,

     

    I am trying to follow the instruction and set up connectivity to the SuccessFactors but i am getting an error “Unable to copy Policy template SuccessFactors_OAuth2SAMLAssertion”  in the API portal and i am not able to figure out as to what’s the issue; would it be possible for you to recommend probable cause or let me know what might be the issue/missed step/missed configuration

    (0) 
    1. Divya Mary Post author

      Hi Sandeep,

      No configuration is required for copying policy templates from SAP API Business Hub into SAP Cloud Platform API Management tenant.  Try to refresh the page ( in case session might have expired resulting in this error) and copying the template once more.

      If you continue to face issue, kindly raise an incident on component OPU-API-OD-OPS so that our DevOps can provide the corrective action.

      Thanks and Best Regards,

      Divya

      (0) 
  2. Former Member

     

    Hi Divya,

    Thank you for sharing, it’s amazing blog.

    I am curious to know that would this mandate all calls to SF EC APIs to go through this proxy? It would be great to have your insights on this.

    Moreover, I have few scenarios where I have heavy OData calls to EC APIs from groovy script using HttpURLConnection. What would be an ideal way to manage this?

     

    Best regards,

    Harsh B.

    (0) 
    1. Divya Mary Post author

      Hi Harsh,

      Thanks for the kind words and feedback.

      There are benefits of using SAP Cloud Platform API Management to manage your APIs. These benefits are the following :-

      • Applying API Security Best Practices  ( details available in blog series) .
      • Getting insights into API usage ( details available in blog) .
      • Sharing your APIs with your partner/customers and enabling Omni channel access.

      If you have similar use cases then using SAP Cloud Platform API Management would be a good fit.

      Thanks and Best Regards,

      Divya

      (0) 

Leave a Reply