Technical Articles
How to use Postman to call SuccessFactors API using OAuth authentication method and SAP Offline SAML Assertion generator.
How to use Postman to call SuccessFactors API using OAuth authentication method.
Introduction:
With the upcoming removal of basic authentication on November 20, 2026, it’s important to start using OAuth as your go-to authentication method for new integration scenarios. This tutorial will guide you through the process of using OAuth authentication method on Postman, a highly valuable tool for integration development.
Additionally, with Deprecation of OAuth IdP API /oauth/idp, we need to use other way to generate SAML assertions. In this tutorial we will use the SAP provided offline SAML assertion generator tool
Reference:
https://launchpad.support.sap.com/#/notes/3239495
This tutorial was created by combining information from various sources and personal experiences. Let’s get started!
Prerequisites:
Familiarity with Postman, SuccessFactors, and Windows OS.
A client has been registered already in SuccessFactors:
Step-by-Step instructions:
- Download Apache Maven from binary files from https://maven.apache.org/download.cgi
Once downloaded, go to your downloads folder and move the file to a more secure folder. For example, I have placed mine in a folder I created on my desktop (C:\Users\HPX360\Desktop\Tutorial).
Extract the zip file.
2. Download and install Java JDK.
Do a google search for “Java JDK downloads”, since the URL depends on where you’re from.
Click the Windows Tab and download the x64 Installer.
Go to your downloads folder and install it.
Take note of the installation folder (C:\Program Files\Java\jdk-19)
3. Set up Environment Variables on your Machine.
Use the search bar beside the windows button and search for “environment”
From the result, choose “Edit the system environment variables”
Click Environment Variables…
Add the JAVA_HOME variable on the user and system variables by clicking the New button
Variable name: JAVA_HOME
Variable value: installation folder of Java JDK you downloaded earlier.
Add the same values to the system variable.
Add your Maven folder location to the Path variable of your machine.
To know the folder location address, in our example, we can go to the folder then right-click on the top part, and click copy address as text.
Example: C:\Users\HPX360\Desktop\Tutorial\apache-maven-3.8.7
In my machine, there is already a Path variable so I just click Edit and then click New then add the maven directory to both user and system variables.
Click OK and another OK to save the variables
3. Download and extract the SAP Provided SAML Generation tool
https://launchpad.support.sap.com/#/notes/3031657
Save it in the tutorial folder and extract the zip file.
4. Set up SAML assertion SAP offline tool.
Inside the folder you extracted earlier, open the SAMLAssertion.Properties file via the notepad editor of your choice.
Change the properties on the file with the ones from your SuccessFactors Tenant and save the file.
tokenUrl = https://<Tenant API URL>/oauth/token
clientID = API Key from the registered client in SuccessFactors
userId = User ID used by the registered client in SuccessFactors
userName = leave it as it is
privateKey = Use the private key you uploaded when you register your client in Successfactors or for this example, we will use the private key we generate from Successfactors.
5. Generate SAML assertion using the SAP offline tool.
Open a command prompt from the search button then click Command Prompt App
Enter cd <<folder where you extracted the SAML offline tool>> then hit Enter.
Example:
Enter the command: mvn compile exec:java -Dexec.args=”SAMLAssertion.properties” and hit Enter
If all steps were setup correctly then you should get an output like the one below:
Copy and paste the generated Assertion on something like a notepad.
6. Postman Setup and API test call
Use the assertion we generated earlier to get the SuccessFactors token.
Make a POST request to https://<Tenant API URL>/oauth/token
Go to Body tab choose raw and enter the value company_id=<SuccessFactors Company Id>&client_id=<SuccessFactors API Key>&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<Assertion we generated earlier>
You will get the token as response. Copy this token.
Create a get request. Use any API call that you usually use for testing.
Go to Headers then add “Authorization” in the Key with value:
Bearer <token we got from the POST response>
Hit send to do the GET request and you will get the desired result. 🙂
Remember that the assertion has an expiry and once expired you need to repeat steps #5 and 6 again.
That’s it for this tutorial! I hope you found it helpful and informative. If you have any questions or need further clarification, please feel free to ask. Your feedback is greatly appreciated! Thank you for your time! Give me an applaud below if you liked this tutorial! ☺
I got this error when generating the saml assertion. is there any step that I miss?
Can you verify the completeness of the private key obtained from SuccessFactors to ensure that no characters have been omitted?
The issue is that you may have used the "Certificate" instead of the "Encrypted Private Key". When reading the guide its kind of misleading in step 4 with the SuccessFactors screenshot "View an existing OAuth Client Application".
Thanks! I have corrected this.
Hi all,
i have the same problem.
I used in the SAML Assertion.properties file:
tokenUrl=https://apisalesdemo2.successfactors.eu/oauth/token
clientId= <API Key>
userId=
#userName will only be considered when userId is null/empty.
userName=
privateKey= <*X.509 Certificate>
It's correct?
Where can I retrieve the private key in SFSF?
Manage OAuth2 Client Applications - In SFSF
Thanks in advance
Raffaella Baroni
Hi Raffaella,
The private key will be only available for download during the first time you register a client on SFSF. If you have not saved this before, then there is no way to get a private key but to register a new client in SFSF.
Regards,
Wes
I am getting the below error 415 Unsupported MediaType when I call through postman for a token.
Please help me to resolve this error.
Thanks
Shivam
Hi Shivam,
Try to add this on the header of the postman call.
Let me know if that works.
Regards,
Wes
Hi Wes,
Can you please shed light on the process of using any offline tool for SAML assertion
1)What are all the available tools to use?
2) where should we install the tool (SF team or Thirdparty)?
3) who will regenrate everytime and how we do it?
Thank You
Usha A
Hi Wes Ancog,
In our project, we have more than 4 third parties, using Oauth authentication to interact with Successfactors, one is Mulesoft and the other are Python Scripts (Mobile applications/ Desktop applications).
So..Now, we have to replace /oauth/idp/ with offline tool. And in SAP KBA notes it is suggested that, we have to use a third party offline tool..which we trust.
Can you please shed light on the below doubts:
Your answers will be more helpful for me and my project.
Thanks a lot.
Hello,
I think you should consult with your SAP partner regarding this matter.
Hi,
We get build success from SAML assertion key tool. We copy the token given to us into postman. Company ID, client ID, key, oauth is all set in the body.
We know we connect properly because if we change the company ID, Successfactors returns an error that the company is invalid. However with the what is provided by the SAML key tool we receive the below error and cannot connect.
Hi Justin,
Not sure, maybe you missed a few steps.
Hi there!
Thanks for the very good tutorial, I have my assertions and they are working 🙂
BUT: where do I need the assertion aside from usage in postman?
as far as I can see, if want to call ODATA API from an iFlow in BTP, I can use
"OAuth2 SAML Bearer Assertion" where I only need the certificate & client Id.
THX
Veronika
Hello Veronika,
There are some instances where client dont want to give password anymore so you need to use this way to test in postman. This is only for testing using postman, system to system connections usually already have built in function for assertion.
Regards,
Wes
Hi,
Thanks for the tutorial, how can i consume this oAuthentication into my UI5 application using BAS?
Thanks,
Ramya T