SAP Open Connectors

Authorization Headers, Organization Secret, and User Secret

Note: you can now utilize bearer token-based authorization rather than the Org and User Secret authorization described in this article. Select your preferred method on your User Profile page under Authorization; see Authentication for additional information.

Authenticate your account by including your User Secret and either your Organization Secret, Connector Instance Token, or both in the Authorization header of API requests. 

Always refer to the Authorization parameters of the API docs for each request, but in general:

  • Platform API Requests: Include the User Secret and Organization Secret.
  • Connector API Requests: Include the User Secret and Connector Instance Token.
  • Some API requests require all three.

Pass the authorization parameters as part of an Authorization parameter, for example:

curl -X GET \ \
  -H 'authorization: User sAfK7LJGNz5ZHcNrvdJvLI=f03WbTbH6aRKc0HJ3oOIi, Organization 58168435e3b9959a929eb04b6218b9a2, Token yCCtl7Pqx0E4Qf6MBFXxT+/QcbogS1q1Deyw+1vSW=A3' \
  -H 'Content-Type: application/json' 

When you create an account with us, we assign you an Organization Secret and a User Secret. An Organization is a customer account of SAP (/organizations), while a user  (/user) is an individual within an organization. The User and Organization secrets represent your account with SAP Open Connectors.

Finding Your Secrets and Token

To find your Organization and User Secret open the profile menu on the lower left side of the page.

To find your Connector Instance Token:

  • Go to the Instances page and look at the Token column.
  • Navigate to the connector card, and then click View Token.
  • Make a GET /instances or GET /instances/{id} request and look for token in the response.

If you need to reset your user token, see Manage Security Settings.