Skip to Content
May 12 at 09:19 PM

X-CSRF-Token Validation Failed when saving data to on-prem BW4HANA


I have an iFlow that I want to be able to POST data to BW4HANA. Before trying to POST data, I did a GET on the endpoint, and was able to get the schema. From this, I am pretty sure the connectivity to BW4HANA is setup correctly.

Once I knew that the GET worked, I added a step to fetch the X-CSRF-Token using the endpoint http://bhx-https:443/sap/bw4/v1/push/dataStores/zar_o001. The token is returned, and is stored in the header as expected.

After that, I added another call to BW4HANA, but this time doing a POST to the endpoint http://bhx-https:443/sap/bw4/v1/push/dataStores/zar_o001

This call returns a 403 error, and the payload contains the following message:

CSRF token validation failed

Below are the details on the iFlow, and the logs that I have saved from the Cloud Integration trace logs.

In addition, I am able to call BW4HANA via Postman successfully.

We are on the Neo version of Cloud Integration as well, as that can make a difference.

Any suggestions on what the issue may be?

I have found a couple of similar posts online, but the solutions offered do not help:

· X-CSRF Token Validation Failed when save data in BW4 HANA Data Store | SAP Community

· CSRF token validation failed | SAP Community

iFlow Details

One of the suggestions I saw online was to use On Integration Flow or On Exchange for the HTTP Session Reuse. I have tried both, and the results are unchanged.


Get X-CSRF-Token (step works)

HTTP GET Connection to BW that gets the token



Some of the blogs/articles that I have seen online showed similar screenshots, but they had entries for the headers to return. I am assuming an older version of Cloud Integration was being used, since I don’t have those options.

HTTP POST connection to BW that posts the data (NOT working)



Error Logs

Here are the error logs from the trace that was running.

I saved the three attachments below, as well as the complete log. They are attached to this question.


If you look at the two header logs, the X-CSRF-Token exists before and after the call to BW4HANA. The body log has the error message, and the message log has all of the details.