SAP OAuth Token
Service Name: SAP Cloud Platform
Service Description: SAP OAuth tokens are used for authentication and authorization in SAP Cloud Platform services and applications. These tokens enable secure API access to SAP systems and services, allowing integration between SAP and third-party applications.
Service Address: https://api.sap.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the SAP Cloud Platform level through destination configurations and trust settings.
Secret Access Scope: Grants access to SAP Cloud Platform APIs, services, and resources based on the assigned scopes and permissions.
Secret Revokement URL: https://help.sap.com/docs/btp/sap-business-technology-platform/managing-client-credentials
Secret Example: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYXBfb2F1dGhfY2xpZW50Iiwia XNzIjoic2FwLmNvbSIsImF1ZCI6InNhcF9hcGkiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MTUx NjI0MjYyMn0.SAP_EXAMPLE_TOKEN_SIGNATURE
Suspicious Activity Investigation Instructions:
- Review SAP Cloud Platform audit logs for unusual API calls or access patterns
- Check for unauthorized access attempts from unfamiliar IP addresses
- Monitor for unusual data extraction or modification activities
- Examine token usage patterns for signs of token sharing or misuse
- Verify if the token is being used outside of normal business hours or from unexpected locations
Mitigation Instructions:
- Immediately revoke the compromised OAuth token through the SAP Cloud Platform cockpit
- Generate a new OAuth token with appropriate scopes and permissions
- Update any legitimate applications to use the new token
- Review and adjust token scopes to follow the principle of least privilege
- Enable token rotation policies to automatically expire tokens after a defined period
- Implement additional security measures such as IP restrictions where possible
- Review and update access control policies for the affected SAP services
- Consider implementing multi-factor authentication for sensitive operations