Description

Access to APIs based on HTTP Basic Authentication will reach end of maintenance on June 2, 2023 and will be deleted on November 20, 2026.See More

Detailed Description

HTTP Basic Authentication for APIs in SAP SuccessFactors HCM suite is being deprecated due to security concerns, as user ID and password are passed over the network in text format. The feature will reach end of maintenance on June 2, 2023 and will be completely deleted on November 20, 2026. SAP encourages migration to more secure authentication methods such as OAuth 2.0 and OpenID Connect (OIDC). An exception exists for Basic Authentication provided as part of the integration add-on 3.0 for SAP ERP HCM and SAP SuccessFactors HCM suite, which will continue to receive maintenance.

Impact Assessment

Organizations using HTTP Basic Authentication to access SAP SuccessFactors APIs must plan migration to OAuth 2.0 or OpenID Connect before the end of maintenance date of June 2, 2023, and complete migration before the deletion date of November 20, 2026. After June 2, 2023, SAP will no longer fix bugs or deliver patches for Basic Authentication, and after November 20, 2026, the feature will no longer be available for productive use. The exception for integration add-on 3.0 for SAP ERP HCM and SuccessFactors HCM suite means some integrations may continue to function, but direct API access using Basic Auth must be migrated.

Test Recommendations