Skip to Content
author's profile photo Tobias Trenz
0
Tobias Trenz
Jan 15, 2021 at 01:51 PM

ABAP HTTP Post Request

4068 Views

Hello everybody,

I try to make a Post to a API URL which works perfect with Postman.

First I make the GET to Fetch the X-CSRF-Token, this works but if I try to copy this Token in the Header of the Post Request, I get a 403 Error as status_code.

I try the following Code:


REPORT YTT_TEST.

*----------------------------------------------------------------------*
*Selection-Screen
*----------------------------------------------------------------------*
PARAMETERS: p_name TYPE string DEFAULT 'TEST'.
PARAMETERS: p_pass TYPE string DEFAULT 'TEST123' LOWER CASE.



DATA lo_client TYPE REF TO if_http_client.

DATA lo_response TYPE REF TO if_rest_entity.

DATA lv_response TYPE string.

DATA lv_token TYPE string.

DATA lv_session TYPE string.

DATA lv_xcrf TYPE string.

DATA lv_http_status TYPE string.

DATA gc_content_type_form TYPE string VALUE 'application/json; charset=utf-8'.

DATA gc_url TYPE string VALUE <URL>.



*----------------------------------------------------------------------*
*At Selection Screen Output
*----------------------------------------------------------------------*
AT SELECTION-SCREEN OUTPUT.
LOOP AT SCREEN.
IF screen-name = 'P_PASS'.
screen-invisible = 1.
MODIFY SCREEN.
ENDIF.
ENDLOOP.

"======================Getting CSRF token ==========================================

START-OF-SELECTION.

cl_http_client=>create_by_url(

EXPORTING

url = gc_url

IMPORTING

client = lo_client

EXCEPTIONS

OTHERS = 4 ).


lo_client->authenticate( username = p_name
password = p_pass ).

lo_client->request->set_content_type( content_type = gc_content_type_form ).



lo_client->request->set_method( if_http_request=>co_request_method_get ).




lo_client->request->set_header_field(

EXPORTING

name = 'X-CSRF-Token' " Name of the header field

value = 'Fetch' ).



lo_client->send(

EXCEPTIONS

http_communication_failure = 1

http_invalid_state = 2

http_processing_failed = 3

http_invalid_timeout = 4

OTHERS = 5 ).





lo_client->receive(

EXCEPTIONS

http_communication_failure = 1

http_invalid_state = 2

http_processing_failed = 3

OTHERS = 4 ).





lv_token = lo_client->response->get_header_field('X-CSRF-Token').

lv_session = lo_client->response->get_header_field('set-cookie').



lo_client->close( ).

FREE lo_client.

"===========================end of Getting CSRF token ====================================





"=========================validation CSRF token with Post request=========================



cl_http_client=>create_by_url(

EXPORTING

url = gc_url

IMPORTING

client = lo_client

EXCEPTIONS

OTHERS = 4 ).

lo_client->authenticate( username = p_name
password = p_pass ).

lo_client->request->set_content_type( content_type = gc_content_type_form ).



lo_client->request->set_method( if_http_request=>co_request_method_post ).


lo_client->request->set_header_field(

EXPORTING

name = 'X-CSRF-Token' " Name of the header field

value = lv_token ).

*lv_xcrf = lo_client->request->get_header_field('X-CSRF-Token' ).

lo_client->request->set_form_field(

EXPORTING

name = 'Cookie' " Name of form field

value = lv_session ).





lo_client->send(

EXCEPTIONS

http_communication_failure = 1

http_invalid_state = 2

http_processing_failed = 3

http_invalid_timeout = 4

OTHERS = 5

).



lo_client->receive(

EXCEPTIONS

http_communication_failure = 1

http_invalid_state = 2

http_processing_failed = 3

OTHERS = 4 ).



lv_http_status = lo_client->response->get_header_field( '~status_code' ).

lv_response = lo_client->response->get_header_field('~status_reason' ).

lv_xcrf = lo_client->response->get_header_field('x-csrf-token' ).



WRITE :/ 'Status:', lv_http_status.

WRITE :/ 'Response:', lv_response.

WRITE :/ 'CSRF-Token:', lv_xcrf .