Is it possible to bind a user ID with the API key in OAuth?
- SAP SuccessFactors SFAPI
- SAP SuccessFactors OData API
Current Behavior: As of 1H 2021 release, API User ID cannot be bound with an API Key (client_id) created for OAuth.
To address security concerns regarding API userId misuse to generate OAUTH access token and trigger API call, SuccessFactors development team is going to enhance the current behavior to bind the userId with the API Key. Note that this feature release version has been identified as 2H 2021 if all goes as expected. If there is any deviation, this KBA will be updated accordingly.
SFAPI OAUTH, ODATA OAUTH, security vulnerability, bind, user id, userid, user_id, technical user, api, api key, api_key, apikey, client id, client_id, clientid, sf, successfactors, concern, , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-API , API & Adhoc API Framework , Product Enhancement