User credentials to access SAP Live Link 365’s portal are managed by SAP’s Cloud Identity service. The Cloud Identity service provides a secure method for credential self-management and password resets.
SAP Live Link 365’s APIs use OAuth2 over HTTPS. The OAuth2 credentials are self-managed in the Live Link portal. Developers maintain their own key and secret, which is never stored or transmitted in plain text.
OAuth2 is an authorization framework allowing third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, it can be a website or a mobile application for example. OAuth2 uses short-lived tokens for API authentication, reducing the risk of credentials being compromised and limiting the impact of a compromise.