SAP has recently made an important change to how OAuth Tokens are managed for SAP Analytics Cloud (SAC) hosted SAP data centers (Neo).
OAuth Clients are used to allow applications to call the REST APIs of SAC. For example if you wanted to automate the creation of user management you would use the SAC User API, or if you wanted to embed stories in to your application you may want to use the SAC Stories API.
In order to call the API you must use your OAuth Client to retrieve a token that can then be used to authenticate your API calls.
SAC OAuth tokens and refresh tokens can no longer have infinite expiry dates, and now have a maximum of 180 days. In order to eliminate this vulnerability:
Both measures were applied during the week of August 9 2023, any OAuth clients tokens with 180 day lifetimes at that time will be due to expire in early January.
Actions for developers calling the SAC REST APIs:
Key Points
To learn more about managing OAuth Clients with SAC see the following links: