How to get a x-csrf-token from on-prem System for a POST API

Hi all,

just now the POST call of my API from the API Management is not working, because of the X-CSRF-TOKEN. I want to use the API to add data into a database table. Behind the API is an O-Data service.

My first step was to create an API provider with the target on prem system. This works without problems and I used it when I was creating my API.

The next step was to create my REST-API with the desired O-Data service. After I created the API, I created some policies. These are based on the following article: https://blogs.sap.com/2021/09/18/csrf-token-handling-in-sap-api-management/

And my service callout policy looks like this:

As a path, I use the API Base Path from the same API:

The GET-Request works fine and gives me Data from the Database.

The POST-Request sends the error: "{

"fault":{
"faultstring":"Unresolved variable : servicecallOutResponse.header.x-csrf-token",
"detail":{
"errorcode":"entities.UnresolvedVariable"
}
}
}"

The HTTP-Error Code is 500.

Unfortunately I don't know why this behavior occurs so feel free to answer.

Best regards,

Max