cURL example for SuccessFactors API (ODATA) including Oauth login

Here a few examples how to cURL to query SuccessFactors (SF) API odata.

There a few blogs out with how to use Postman for Odata queries and updates but here a few example how to use cURL.

We use this to test SuccessFactors API integration with out software.

Any curl should do (WSL, macOS, linux)

Below are example for Basic authentication and also for how to use it via Oauth 2.0 authentication.

Please drop a comment if you have any questions or suggestion.

Basic Auth:

## parameters
baseURL='https://apisalesdemo8.successfactors.com'
user='sfadmin'
compID='SFCPART000099'
 pass="MySFpasswordHere"
## simple query 
curl -u "$user@$compID:$pass" $baseURL'/odata/v2/User?$top=5&$format=json&&$select=country%2ClastName%2CuserId'
##with filter jq formatting
curl -s -u "$user@$compID:$pass" $baseURL'/odata/v2/User?$top=3&$format=json&&$select=country%2ChireDate%2ClastName%2CuserId&$filter=userId%20eq%20%27600002%27' | jq .

## Date example 1
curl -u "$user@$compID:$pass" $baseURL'/odata/v2/User?$top=3&$format=json&&$select=country%2ChireDate%2ClastName%2CuserId&$filter=lastModified%20ge%20%272022-05-31T00%3A22%3A08.252Z%27'

## Date example 2 (just date no time)
curl -u "$user@$compID:$pass" $baseURL'/odata/v2/User?$top=3&$format=json&&$select=country%2ChireDate%2ClastName%2CuserId&$filter=lastModified%20ge%20%272022-05-31%27'

## Date example Error, (report hireDate not filterable)
curl -u "$user@$compID:$pass" $baseURL'/odata/v2/User?$top=3&$format=json&&$select=country%2ChireDate%2ClastName%2CuserId&$filter=hireDate%20ge%20datetime%272022-05-31T00%3A22%3A08.252Z%27'

###Query: SAPSystemConfiguration object
curl -u "$user@$compID:$pass" $baseURL'/odata/v2/SAPSystemConfiguration?$format=json&$select=lastModifiedDateTime%2CexternalCode%2CcreatedBy%2ClastModifiedBy%2CcreatedDateTime&$inlinecount=allpages&paging=client&customPageSize=128'

 

OAuth 2.0:

Instead of Basic Authentication, below examples uses OAuth2 SAML Bearer Assertion Token.

Note: SAP states: 

Do not use the /oauth/idp API to generate SAML assertions. This approach is unsecure and has been deprecated. For more information, see the Related Information section.

 

Info how to generate the app in SF see here:

https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/d599f15995d348a1b45ba5603e2aba9b/d9a9545305004187986c866de2b66987.html

https://blogs.sap.com/2022/05/31/how-to-use-oauth2-saml-bearer-assertion-to-integrate-sfsf-applications-with-sap-po-cpi/

https://blogs.sap.com/2017/03/05/how-to-initiate-an-oauth-connection-to-successfactors-employee-central/

###SF curl with OAuth example
apikey='MzU5N-------Removed------------3OTVlYw'
userid='sfadmin'
companyID="SFCPART000099"
urlBase='apisalesdemo8.successfactors.com'
tokenurl="https://$urlBase/oauth/token"
##from cert, downloaded from SF if generated in GUI of SF create app. 
private_key='TUlJRXZRSUJBREFOQmdrc----removed---1NGQ1BBUlQwMDAwMjc=' 

##get Base64 encoded SAML assertion
samlassb64=$(curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=$apikey&user_id=$userid&token_url=$tokenurl&private_key=$private_key" https://$urlBase/oauth/idp )
##view XML use below
#samlass=$(echo $samlassb64| base64 --decode)
#echo $samlass


## Request a User Token using the SAML Assertion
accessToken=$(curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "company_id=$companyID&client_id=$apikey&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=$samlassb64" $tokenurl | jq .access_token)


##validate
curl -s -X GET -H "Authorization: Bearer $accessToken"  https://$urlBase/oauth/validate | jq .

##use in call
curl -s -X GET -H "Authorization: Bearer $accessToken"  "https://$urlBase/"'odata/v2/User?$top=3&$format=json&&$select=country%2ChireDate%2ClastName%2CuserId&$filter=userId%20eq%20%27600002%27' | jq .

 

Enjoy, Tilo

 

Scroll to Top