Skip to Content
avatar image
Former Member

NW 7.5 PI REST Adapter X-CSRF-Token

We are using the NW PI 7.5 REST adapter with POST method for IDM v2 API's. These API's require X-CSRF-Token to be passed as a parameter. So currently we do a get, token come back in the dynamic header, parse that out, then pass it to the POST.

The issue is the POST is a different session and therefore requires a new token, so we get a 403 Forbidden. Is there a way to issue a GET during the POST for the X-CSRF-Token similar to how OAUTH works with the REST adapter?

I have seen some posts that refer to passing a cookie that references the token during the get, but I am not sure how that is done.

Thanks, Andrew

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Aug 10, 2017 at 01:07 PM

    Hello Andrew and Vikas,

    With the patch given in SAP Note 2461114 the new feature of cookie handling in REST adapter is provided.

    Best regards,

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks Vadym, we have implemented a solution through ABAP, but we will try the new module parameter to see if it resolves the problem.

  • Aug 10, 2017 at 06:55 AM

    Having the same issue. Doing GET in udf to fetch x-csrf and then passing it to header of POST in rest receiver channel. As the session is different then getting 403 forbidden.

    Is there a way in PI to maintain cookie or set x-csrf authorization.



    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      Did you manage to achieve this? We have the same problem..

      And one more question maybe, to do a GET in an UDF, did you use the SystemAccessor and LookupService with a communication channel like normal REST lookup? If yes, how did you access the Header level of the response? Is this even possible?

      Thanks in advance,

      Andreea Mutascu

  • Aug 10, 2017 at 01:23 PM


    I guess the note suggested by Vadym should resolve your issue.

    You can have a look in the newly added feature in REST adapter - OAuth 2.0 Grant type Flow as well.



    Add comment
    10|10000 characters needed characters exceeded