Hi — this is a SuccessFactors-side issue, not a Power Automate one.
The error code "ESAPRC_3" and the message text "Tenant-Configured
UserAgent AllowList" both come from SAP SuccessFactors' OData API
security layer.
What changed:
— Someone (an SF admin, or a recent SF release that enabled it by
default) turned on the User-Agent allowlist for OData calls in
your SF tenant.
— That allowlist doesn't include the User-Agents that Power Automate
and Logic Apps send, which are "microsoft-flow/1.0" and
"azure-logic-apps/1.0".
— Result: every flow call to SuccessFactors OData is now blocked with
Forbidden / "Access to OData is disabled".
The fix has to happen on the SuccessFactors side. You (or whoever
admins SF in your org) needs to:
Step 1 — Open SuccessFactors Admin Center → search for "Manage API
Center" or "Manage OData API Settings" (the exact tile name depends
on your SF release).
Step 2 — Find the "User Agent Allowlist" / "Allowed User-Agents" /
"API Allow Listing" setting (under API Limits or API Access).
Step 3 — Add these two User-Agent strings to the allowlist:
— microsoft-flow/1.0
— azure-logic-apps/1.0
Step 4 — Save. Within a few minutes the OData calls from your flow
will be accepted again.
If you don't have SF admin rights, raise it with whoever owns SF in
your organisation and share the error text — they'll recognise it
immediately. This is a common gotcha after SF tenants enable the
allowlist as a security hardening step.
A few notes:
— Nothing changed on the Power Automate side, your flow design is
correct.
— The User-Agent values are case-sensitive, paste them exactly.
— If your flow uses the "SAP OData" connector vs a custom HTTP
action, the User-Agent is the same in both cases — both routes
are blocked by this setting.
Hope this gets you unblocked.