SAP Knowledge Base Article - Public

2975404 - How to manage the security change to using random password generation on SuccessFactors APIs

Symptom

From October 2020, customers will not be able to create a new API Option Profile with the default insecure password in Admin Center -> Add API Option Profile page, as the following options will be removed:

    • Use the Username
    • Use the UserID
    • Use the email address

Customers wish to understand what options are available to handle this via API

Environment

SAP SuccessFactors HXM Suite

Resolution

There are two available options to handle this scenario via API: random passwords and providing the password of your choice inside the payload

  1. OPTION 1: Random password

    • SFAPI: Use the RANDOWM_PWD and the sendWelcomeMessage parameters, so as to create a random PW and send an email the user's email account:

      <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
      <Body>
      <upsert xmlns="urn:sfobject.sfapi.successfactors.com">
      <type>User</type>
      <sfobject>
      <type>User</type>
      <username>testTest</username>
      <externalId>1234567</externalId>
      <status>active</status>
      <email>test@sap.com</email>
      </sfobject>
      <processingParam>
      <name>defaultPasswordField</name>
      <value>RANDOM_PWD</value>
      </processingParam>
      <processingParam>
      <name>sendWelcomeMessage</name>
      <value>true</value>
      </processingParam>
      </upsert>
      </Body>
      </Envelope>

    • OData: use the API Option Profile and include the parameter apiOptionProfileID in the OData POST url:




  2. OPTION 2: Provide the initial password of your choice inside the payload <password>yourpwd</password>

    • SFAPI: Sample payload:

      <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
      <Body>
      <upsert xmlns="urn:sfobject.sfapi.successfactors.com">
      <type>User</type>
      <sfobject>
      <type>User</type>
      <username>testTest</username>
      <externalId>1234567</externalId>
      <status>active</status>
      <email>test@sap.com</email>
      <password>initial123</password>
      </sfobject>
      </upsert>
      </Body>
      </Envelope>


    • OData: POST call on https://[API URL]/odata/v2/upsert? with e.g. Body:

      {"__metadata": {"uri": "User('testTest')","type": "SFOData.User"},"password": "initial123"}

See Also

  1. Customer Community post -> Changes to Default Password Generation Coming October 9, 2020 Weekend
  2. Partner Community post -> Proactive Partner Update - Default Password Generation Changes Coming October 9, 2020 Weekend
  3. KBA (Platform) -> 2932190 - Changes to Default Password Generation in BizX Users
  4. KBA (Employee Central) -> 2931642 - SAP SuccessFactors Employee Central: Default Password Generation
  5. Jam Group -> Changes to SAP SuccessFactors HXM Suite Default Password Generation

Keywords

apiOptionProfileID, OData, SFAPI, random password, RANDOWM_PWD, sendWelcomeMessage,  , KBA , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HXM Core 2005