STS Authentication End-Of-Life

Cornerstone’s legacy authentication framework for APIs, Session Token Service (STS) is scheduled for end-of-life which will occur with the February ‘21 Release.

Cornerstone stopped supporting STS as of the February ’20 release when STS authentication was deprecated and reached its end-of-service life. The STS endpoint is still available, but Cornerstone will not fix any defects or enhance this endpoint. End-of-life means the service will be taken down on that date.

No new STS Tokens may be generated after the February ’21 release, and authorization requests may begin failing at any time. Customers, partners, and vendors MUST modify code for existing API integrations to use OAuth 2.0 as soon as possible.

OAuth 2.0 is an industry standard authentication and authorization protocol for APIs. Learn more about Cornerstone’s OAuth 2.0 - Client Credential Grant Flow, which was generally available as of the August ’19 Release and OAuth 2.0 - Granular Scopes which was available with the February ’20 Release. This deprecation does NOT impact SOAP APIs. These will continue to use basic authentication like they do today. It also does NOT impact xAPIs at this time.


The following are NOT currently impacted:

  • xAPIs