SAP Knowledge Base Article - Public

3046598 - SuccessFactors SFAPI/ODATA API OAUTH: API User ID binding with API Key (client_id)


Is it possible to bind a user ID with the API key in OAuth?


  • SAP SuccessFactors SFAPI
  • SAP SuccessFactors OData API


Current Behavior: As of 1H 2021 release, API User ID cannot be bound with an API Key (client_id) created for OAuth.

To address security concerns regarding API userId misuse to generate OAUTH access token and trigger API call, SuccessFactors development team is going to enhance the current behavior to bind the userId with the API Key. Note that this feature release version has been identified as 2H 2021 if all goes as expected. If there is any deviation, this KBA will be updated accordingly.


SFAPI OAUTH, ODATA OAUTH, security vulnerability, bind, user id, userid, user_id, technical user, api, api key, api_key, apikey, client id, client_id, clientid, sf, successfactors, concern, , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-API , API & Adhoc API Framework , Product Enhancement


SAP SuccessFactors HXM Suite all versions