STS Authentication End-Of-Life to Occur With The February '21 Release

Cornerstone's legacy API authentication framework for APIs, Session Token Service (STS), is scheduled for end-of-life which is targeted to occur with the February '21 Release.

Cornerstone stopped supporting STS as of the February '20 release when STS authentication was deprecated and reached its end-of-service life. The STS endpoint is still available, but Cornerstone will not fix any defects or enhance this endpoint. End-of-life means the service will be taken down on that date. Any requests to the endpoint will start to fail starting February '21. Clients, partners, and vendors MUST modify code for their existing API-based integrations to use OAuth 2.0 before the February '21 Release.

OAuth 2.0 is an industry standard authentication and authorization protocol for APIs. Learn more about Cornerstone’s OAuth 2.0 - Client Credential Grant Flow, which is generally available as of the August ’19 Release and OAuth 2.0 - Granular Scopes which was available with the February ’20 Release. This deprecation does NOT impact SOAP APIs. These will continue to use basic authentication like they do today. It also does NOT impact xAPIs at this time.


The following are NOT currently impacted:

  • xAPIs