Skip to Content
Technical Articles
Author's profile photo Wes Ancog

How to use Postman to call SuccessFactors API using OAuth authentication method and SAP Offline SAML Assertion generator.

How to use Postman to call SuccessFactors API using OAuth authentication method.


With the upcoming removal of basic authentication on November 20, 2026, it’s important to start using OAuth as your go-to authentication method for new integration scenarios. This tutorial will guide you through the process of using OAuth authentication method on Postman, a highly valuable tool for integration development.



Additionally, with Deprecation of OAuth IdP API /oauth/idp, we need to use other way to generate SAML assertions. In this tutorial we will use the SAP provided offline SAML assertion generator tool




This tutorial was created by combining information from various sources and personal experiences. Let’s get started!



Familiarity with Postman, SuccessFactors, and Windows OS.

A client has been registered already in SuccessFactors:

Application registered in SuccessFactors

Step-by-Step instructions:


  1. Download Apache Maven from binary files from

Once downloaded, go to your downloads folder and move the file to a more secure folder. For example, I have placed mine in a folder I created on my desktop (C:\Users\HPX360\Desktop\Tutorial).

Extract the zip file.




2. Download and install Java JDK.

Do a google search for “Java JDK downloads”, since the URL depends on where you’re from.

Click the Windows Tab and download the x64 Installer.

Go to your downloads folder and install it.

Take note of the installation folder (C:\Program Files\Java\jdk-19)



3. Set up Environment Variables on your Machine.

Use the search bar beside the windows button and search for “environment”

From the result, choose “Edit the system environment variables”

Click Environment Variables…

Add the JAVA_HOME variable on the user and system variables by clicking the New button

Variable name: JAVA_HOME

Variable value: installation folder of Java JDK you downloaded earlier.

User Variable

Add the same values to the system variable.

System Variable

Add your Maven folder location to the Path variable of your machine.

To know the folder location address, in our example, we can go to the folder then right-click on the top part, and click copy address as text.

Example: C:\Users\HPX360\Desktop\Tutorial\apache-maven-3.8.7

In my machine, there is already a Path variable so I just click Edit and then click New then add the maven directory to both user and system variables.

Click OK and another OK to save the variables



3. Download and extract the SAP Provided SAML Generation tool

Save it in the tutorial folder and extract the zip file.


4. Set up SAML assertion SAP offline tool.

Inside the folder you extracted earlier, open the SAMLAssertion.Properties file via the notepad editor of your choice.

Change the properties on the file with the ones from your SuccessFactors Tenant and save the file.

tokenUrl = https://<Tenant API URL>/oauth/token

clientID = API Key from the registered client in SuccessFactors

userId = User ID used by the registered client in SuccessFactors

userName = leave it as it is

privateKey = Use the private key you uploaded when you register your client in Successfactors or for this example, we will use the private key we generate from Successfactors.


Sample File

5. Generate SAML assertion using the SAP offline tool.

Open a command prompt from the search button then click Command Prompt App

Enter cd <<folder where you extracted the SAML offline tool>> then hit Enter.


Location of the SAML offline tool you downloaded earlier
Sample command
Once you hit enter, the current directory will change and you will see a new line like the one above.

Enter the command: mvn compile exec:java -Dexec.args=”” and hit Enter

Sample Command

If all steps were setup correctly then you should get an output like the one below:

Highlighted text is the generated Assertion. Copy and save it.

Copy and paste the generated Assertion on something like a notepad.



6. Postman Setup and API test call

Use the assertion we generated earlier to get the SuccessFactors token.

Make a POST request to https://<Tenant API URL>/oauth/token

Go to Body tab choose raw and enter the value company_id=<SuccessFactors Company Id>&client_id=<SuccessFactors API Key>&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<Assertion we generated earlier>

Sample POST request.

You will get the token as response. Copy this token.

Token will be received from the response. Copy the token.

Create a get request. Use any API call that you usually use for testing.

Go to Headers then add “Authorization” in the Key with value:

Bearer <token we got from the POST response>

Hit send to do the GET request and you will get the desired result. 🙂


Remember that the assertion has an expiry and once expired you need to repeat steps #5 and 6 again.

That’s it for this tutorial! I hope you found it helpful and informative. If you have any questions or need further clarification, please feel free to ask. Your feedback is greatly appreciated! Thank you for your time! Give me an applaud below if you liked this tutorial! ☺

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Ahmad Zainul Abidin
      Ahmad Zainul Abidin

      I got this error when generating the saml assertion. is there any step that I miss?

      Fail to generate SAML Assertion due to IOException : DerValue.getBigIntegerInternal, not expected 48

      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Can you verify the completeness of the private key obtained from SuccessFactors to ensure that no characters have been omitted?

      Author's profile photo Frank Krause
      Frank Krause

      The issue is that you may have used the "Certificate" instead of the "Encrypted Private Key". When reading the guide its kind of misleading in step 4 with the SuccessFactors screenshot "View an existing OAuth Client Application".

      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Thanks! I have corrected this.

      Author's profile photo RAFFAELLA BARONI

      Hi all,

      i have the same problem.

      I used in the SAML file:

      clientId= <API Key>
      #userName will only be considered when userId is null/empty.
      privateKey= <*X.509 Certificate>

      It's correct?

      Where can I retrieve the private key in SFSF?


      Manage OAuth2 Client Applications - In SFSF

      Thanks in advance

      Raffaella Baroni

      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Hi Raffaella,

      The private key will be only available for download during the first time you register a client on SFSF. If you have not saved this before, then there is no way to get a private key but to register a new client in SFSF.




      Author's profile photo Shivam Sharma
      Shivam Sharma
      Hii Wes Ancog,


      I am getting the below error 415 Unsupported MediaType when I call through postman for a token.


      Please help me to resolve this error.




      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Hi Shivam,


      Try to add this on the header of the postman call.

      Let me know if that works.



      Author's profile photo Usharani Alle
      Usharani Alle

      Hi Wes,


      Can you please shed light on the process of using any offline tool for SAML assertion

      1)What are all the available tools to use?

      2) where should we install the tool (SF team or Thirdparty)?

      3) who will regenrate everytime and how we do it?


      Thank You

      Usha A

      Author's profile photo Usharani Alle
      Usharani Alle

      Hi Wes Ancog,

      In our project, we have more than 4 third parties, using Oauth authentication to interact with Successfactors, one is Mulesoft and the other are Python Scripts (Mobile applications/ Desktop applications).

      So..Now, we have to replace /oauth/idp/ with offline tool. And in SAP KBA notes it is suggested that, we have to use a third party offline tool..which we trust.


      Can you please shed light on the below doubts:

      1. what are the third party offline tools available
      2. Do you have any document to follow for a tool
      3. can we use apache maven
      4. Where should we install the tool (in my system or in third parties' (downstreams') system)
      5. who should generate the SAML assertion every time (like every 10mins/ 1 hour/ 24 hours....)
      6.  can we use this blog

      Your answers will be more helpful for me and my project.


      Thanks a lot.

      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author



      I think you should consult with your SAP partner regarding this matter.

      Author's profile photo Justin Almli
      Justin Almli


      We get build success from SAML assertion key tool.  We copy the token given to us into postman.  Company ID, client ID, key, oauth is all set in the body.

      We know we connect properly because if we change the company ID, Successfactors returns an error that the company is invalid.  However with the what is provided by the SAML key tool we receive the below error and cannot connect.


      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Hi Justin,


      Not sure, maybe you missed a few steps.

      Author's profile photo Veronika Schauer
      Veronika Schauer

      Hi there!

      Thanks for the very good tutorial, I have my assertions and they are working 🙂

      BUT: where do I need the assertion aside from usage in postman?

      as far as I can see, if want to call ODATA API from an iFlow in BTP, I can use

      "OAuth2 SAML Bearer Assertion" where I only need the certificate & client Id.


      Author's profile photo Wes Ancog
      Wes Ancog
      Blog Post Author

      Hello Veronika,

      There are some instances where client dont want to give password anymore so you need to use this way to test in postman. This is only for testing using postman, system to system connections usually already have built in function for assertion.



      Author's profile photo Srihari S
      Srihari S


      Thanks for the tutorial, how can i consume this oAuthentication into my UI5 application using BAS?

      Ramya T