Skip to Content
Technical Articles

2H 2020 announcement: Planned Retirement of HTTP Basic Authentication (SFAPI/ODATA API)

Hello SAP community,

With the 2H 2020 Release of SAP SuccessFactors application, we are announcing the sunset (planned retirement) of HTTP Basic Authentication for API calls (both SFAPI & OData).


Share the information with customers and partners, so new custom development integrations can already starting use OAuth instead of HTTP Basic Authentication (username/password).


Key Dates for Replacement

  • End of Development Phase: As of the 2H 2020 release, no enhancement will be made for HTTP Basic Authentication.

  • End of Maintenance: By 2H 2021, we’ll stop the maintenance for HTTP Basic Authentication.

  • Replacement Date: By 2H 2022, you’ll no longer be able to use HTTP Basic Authentication to access APIs.

Migrating to OAuth

We recommend that you use OAuth to authenticate API users for better security.

For more information, see the Authentication Using OAuth 2.0 topic under SAP SuccessFactors HXM Suite OData API: Developer Guide.

Please check out more details like overview, Frequently asked questions FAQ in the Customer Community blog or the Partner Delivery Community blog.

The SAP SuccessFactors support and engineering team will be answering questions in these communities above.



This blog post shared the announcement and the right channels to get more information.

Thank you!

You must be Logged on to comment or reply to a post.
  • Thank you for the great blog post.

    Is this change limited to SuccessFactors’ API or sooner or later other solutions’ API will be changed  in the same way?

  • Great news,  since 2010 OAuth is growing every years, Successfactors API Access leaks this authentication and we asked a lot of time.

    Now question is, how about old implementation of Integrations, we must to migrate all them on new version of CPI because Eclipse version is unsupported?

    Thank you

  • Hi Guilherme Soliman ,

    Currently all outbound integration(with Timer event) from Success factor EC to 3rd party, there is only option to use Basic Authentication in standard Success factor Odata adapter in SAP CPI.

    We can’t use OAuth SAML Bearer assertion there because it is only working with Principal Propagation.

    Is there any plan add any other authentication type in SAP CPI standard adapter like Oauth Client Credential etc. rather than only OAuth SAML Bearer assertion??


    Also I have checked the updated Odata API developer guide found that for Integration Purpose Basic Auth is the good option. So basic authentication will be there for Integration purpose?



    • Dear Souvik Sinha

      Thanks for your message.

      During this release 2nd Half year 2020, only this announcement was made. All the CPI standard packages delivered by SAP from EC to 3rd party integration will be adapted and published before the replacement date (2nd Half of year 2022).

      If you are using standard packages in CPI you do not need to be worried now. CPI standard packages upgrades will be avaliable in future and prior the replacement date.

      If you are using custom developed artifacts in CPI or Boomi, please evaluate to migrate to OAuth during these 2 next years.


      • Thanks Guilherme Soliman for the update.

        Currently only OAuth SAML Bearer assertion authentication is supported in standard Successfactor Odata api adapter in CPI other than basic Auth. It will not cover all type of scenario like if the integration is starting with Time based Event and sending data to 3rd party etc.

        My concern is whether is SAP is going to release any other OAuth authentication type like Oauth Client credential etc for Employee Central?




      • I’m trying to use this option and we are blocked with this error: while trying to invoke the method of a null object loaded from local variable 'principalToken'


        Can you explain us how it works?




        We tried to fill the fields with values coming from same connection in SCP but it doesn’t work.

        We need more documentation about this auth method.


        – Audience:
        – Client Key: <API Key>  (generated after OAuth2 credential save and viewed)
        – Token Service URL:  (datacenter of your SF)
        – Target System Type: SuccessFactors
        – Company ID: <your company id>

        Addition Parameters

        – SystemUser: ALS_ADMIN  (userid of your SSFF)
        – nameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified


        We removed default information because they are not present on scp connection information.


        Could you create a good tutorial to make it works?