Introduction

SAP SuccessFactors is a SaaS solution for Human Resource Management, the tool is part of the SAP suite from 2011 and it provides features that support different HR processes.

As part of a business requirement, you may need to integrate the SAP SuccessFactors information with other Data Sources, and for that, you can use the Denodo Platform. SAP SuccessFactors provides an ODATA API v2 that you can use to connect Denodo to SuccessFactors to retrieve data from it.

In this document, we will explain how to access the SAP SuccessFactors API from Denodo and use an example of retrieving users' information using this API like a REST API. 

Accessing the API

Oauth connection

According to the technical article of the SAP community OAuth connection to SuccessFactors Employee Central to access the API we have to follow these steps: we need to register an OAuth2 Client and then generate a SAML assertion to request a user token using this assertion. The referenced document provides more insight into how the process works. In this document, we will explain how to achieve this using Denodo.

Generate a SAML assertion

First, we need to generate a SAML assertion. To do that, we have to create a Delimited file Data Source (ds_saml_assertion) because this API endpoint returns a response with just a single text value. To create the Data Source go to the Server Explorer and then to New > Data source > FILES > Delimited file.

In the dialog to create the Data Source:

1. Data route: HTTP client.
2. HTTP method: POST
3. Base URL: https://<server>/oauth/idp. Here, we need to specify our API server.
4. Check “Post body”.
5. Content type: text/plain.
6. Post body:

client_id=<client_id>&user_id=<api_user>&token_url=<token_url>&private_key=<private key>. In the Post body we have to indicate the next parameters:

1. client_id: this is the API Key.
2. user_id: Interface User ID to call the API.
3. token_url: https://<server>/oauth/token. Here, we need to specify our API server.
4. private_key: this is the private key from the X.509 certificate.

7. Finally, we need to create an HTTP Header so we click on “HTTP headers” and we create a header with tname “Content-Type” and value “application/x-www-form-urlencoded”. Also, we set a comma as “Column Delimiter” and click on “Save”.

SAML Base view

After creating the Data Source ds_saml_assertion we need to create a Base View to obtain the assertion. So, we click on “Create Base View”. From this Base View we will get the assertion that we will need it in the next step.

Request a User Token using the SAML Assertion

In order to get a bearer token to access the API, we have to create a JSON Data Source, because the request that we have to use returns the response in JSON format. To create it, go to the Server Explorer and then to New > Data source > FILES > JSON.

1. Data route: HTTP client.
2. HTTP method: POST
3. Base URL: https://<server>/oauth/token. Here, we need to specify our API server and also, this URL is the token url that we have used before.
4. Check “Post body”.
5. Content type: text/plain.
6. Post body:

company_id=<company_id>&client_id=<client_id>&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=@assertion

In the Post body we have to establish the next parameters:

1. company_id: SuccessFactors Company ID.
2. client_id: this is the API Key
3. assertion: this is the SAML assertion that we can get from bv_saml_assertion. We will use it later as an interpolation variable with the assertion of that view.

7. Finally, we need to create an HTTP Header so we click on “HTTP headers” and create a header with the name “Content-Type” and value “application/x-www-form-urlencoded”. Then, click on “Save”.

Base view

After creating the Data Source ds_bearer_token we can create a Base View to get the token. So, we click on “Create Base View”, introduce the assertion value for the interpolation variable and confirm the next steps.

JOIN View

With the purpose of automating the process of introducing an assertion each time that we want to get the access token, we can make a join view with the views bv_saml_assertion and bv_bearer_token in order to associate the assertion with the assertion parameter. Click on the Base View that retrieves the assertion (bv_saml_assertion) and go to Create > Join.

1. We have to make an inner join where the join conditions are: bv_saml_assertion.assertion = bv_bearer_token.assertion

3. Finally, from the output section, we can remove all the fields except the field access_token which contains the bearer token.
   

We get the result shown in the screenshot.

Using the API

Data Source

Now, we are going to use the API to retrieve users' information. So, first, we need to create a JSON Data Source. Go to the Server Explorer and then to New > Data source > FILES > JSON.

1. Data route: HTTP client.
2. HTTP method: GET.
3. Base URL: https://<server>/odata/v2/User?$format=json. Here, we need to specify our API server.
4. Finally, we need to create a HTTP Header so we click on “HTTP headers” and we create a header with name “Authorization” and value “Bearer @bearer_token”. Then, click on “Save”.
   

Base View

We have to create a Base View to retrieve the information of the users. From the Data Source click on “Create Base View” and introduce the interpolation variable which is the Bearer token that we have obtained in the previous join view.

Join View

Once the user Base View is created, we can make a join view to associate the bearer token parameter with the bearer token that we can obtain from the previous join view. Click on the access token join view and go to Create > Join.

1. We have to make an inner join where the join conditions are:
   iv_access_token.acces_token = bv_sap_user.bearer_token.

2. Finally, we remove the token fields from the output section.

Final result

Finally, we will create a Flatten View from the Join View to get the results flattened. From the join view Create > Flatten. There, click on the results field to flatten the array.

In our example, we are going to remove from the output some fields that we are not interested in. You can select the fields in the output section and there you check the field that you want to remove and finally click on “Remove”. We have selected the fields shown in the screenshot below.

If we execute the view we obtain the result shown in the image. The values for some of the columns are masked. You can obtain information about the users like the ID of the user, the last name, the login method, the email, etc.

References

OAuth connection to SuccessFactors Employee Central

2613670 - What are the available APIs for SuccessFactors?

SAP SuccessFactors API documentation