Skip to Content

How to fetch CSRF token in Cloud Foundry for CAI BOT?

We have a CAI bot that successfully performs GET operations to read the OData API.

We now want to perform CRUD operations, like CREATE and UPDATE to POST the data to the OData API.

We have connected our Service API to our CAI platform using Cloud Foundry proxy, but to perform the above mentioned CRUD operations, we need to create a Node.js application in Cloud Foundry and Fetch the CSRF token.

Is this the right approach? If so, can we get some information on how to achieve this?

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    Posted on Jun 10 at 08:21 AM

    Hi Priyanka,

    yes, for now you would need to use some service to make the GET request for fetching the CSRF token and return it in the body in order to use it with an API service configuration in the SAP Conversational AI platform, as response headers cannot be accessed directly.

    An option to make the response headers available directly in the SAP Conversational AI platform is currently in development, but there is no clear timeline yet when it will be released.

    UPDATE: That option is now available - see and look for the "Include headers" checkbox in the "Response" tab of the API service configuration.


    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 06 at 05:18 AM


    We are facing the same issue for the GET request with the node.js app.

    Can you please share the documentation on the same.


    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 20 at 06:16 AM

    Hi Jonas Brand

    I followed the approach of "include headers". Please have a look at the attached screenshot. I get following error even after I provide a valid csrf token in POST call. Seems, the issue something related to session. How do I solve this issue. Thanks for your help in-advance.

    "Error while processing request. Server response with an error CSRF token validation failed and response headers [Content-Type:\"text/plain; charset=utf-8\", Content-Length:\"28\", x-csrf-token:\"Required\", c4c-odata-response-time:\"42  ms\", Date:\"Thu, 20 Aug 2020 05:38:04 GMT\", Connection:\"close\", Set-Cookie:\"sap-usercontext=sap-client=116; path=/;HttpOnly;Secure\", \"MYSAPSSO2=AjQxMDMBABhLADgATwBHAEYATABaAEUASQBPAEEAIAACAAYxADEANgADABBMADgASwAgACAAIAAgACAABAAYMgAwADIAMAAwADgAMgAwADAANQAzADgABQAEAAAACAYAAlgACQACRQD%2fAPowgfcGCSqGSIb3DQEHAqCB6TCB5gIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHGMIHDAgEBMBkwDjEMMAoGA1UEAxMDTDhLAgcgFAYVEAU3MAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA4MjAwNTM4MDRaMCMGCSqGSIb3DQEJBDEWBBTtU8eikrYvt2vucEAc%21f85P0ybvTAJBgcqhkjOOAQDBC4wLAIUL96jpQaIsrgraHx3jh7vaLotYtkCFHXbKvYWV4PW94e9hQ2UoWWgtZ9G; path=/; secure; HttpOnly;HttpOnly;Secure\", \"SAP_SESSIONID_L8K_116=e0N5-AxfqmtbGqDiUtUBNlEvlHLipxHqvgkAFj59ask%3d; path=/; secure; HttpOnly;HttpOnly;Secure\", Strict-Transport-Security:\"max-age=31536000 ; includeSubDomains\"] and status code 403 FORBIDDEN"

    Add a comment
    10|10000 characters needed characters exceeded

    • See comment from Saurabh Kabra below - a CSRF token is always only valid in combination with the session cookie - so you have to pass the "Cookie" header as well (that you get from the "set-cookie" header of the GET request usually). Make sure in case there are multiple headers returned by your service, you might need to access them as array elements with "{{api_service_response.default.headers.x-set-cookie.0}}".


  • Posted on Aug 20 at 05:07 PM


    This is due to missing session context information when you are making a POST call from CAI to C4C. C4C will validate each request with CSRF Token against a unique session/cookie ID which is not being passed in your scenario. Once passed it should work.

    for more details,Pls check where I explained why it happens and how this will be fixed.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.