Skip to Content

Getting 403 forbidden for POST during Forward task in BPM

Dec 20, 2017 at 12:43 AM


avatar image

Hi All,

I am trying to access BPM OData Service and i am able to fetch the task successfully. Now i wanted to forward a particular task in custom UI5 app to another user, When i try to POST a request for Forward task i am getting a 403 forbidden error.

First i am calling the Get service to fetch the X-CSRF-TOKEN and i am passing the same in the Post call. But still i am getting the 403 forbidden error. All the required roles are assigned correctly. Please find below the code for Post call

forwardTask : function(token) {

var username ="";

var password ="";

var instanceId = "";

var userId = "";


type : 'POST',

async: false,

url : "proxy/https/host:port/bpmodata/tasks.svc/Forward?InstanceID='"+ instanceId + "'&SAP__Origin='NA'" +"&ForwardTo='" + userId + "'&$format=json" ,

contentType : "application/atom+xml",

beforeSend: function (xhr){

xhr.setRequestHeader('Authorization', "Basic " + btoa(username+":"+password));

xhr.setRequestHeader('Access-Control-Allow-Origin', "*");

xhr.setRequestHeader('Accept', "application/json");

xhr.setRequestHeader('X-CSRF-Token', token);


success : function(data, oResponse, XMLHttpRequest) {



error : function(oerror) {"Call Failed");




i am calling the tasks.svc Get call for fetching X-CSRF-token


Kindly let me know what am i missing in my scenario.

Thanks and Regards,


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Ankit Maskara
Dec 20, 2017 at 02:48 AM

At the outset, check two things - Does the front end user have role to forwad the task to another user. You can cross confirm this in backend as well by using T-code SWIA and doing a admin forward. Secondly put an external breakpoint and see from where and what exact error is occuring.

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Thanks Ankit for your response. The user has the required roles to forward the task. Also i could able to Post successfully from Postman but not from UI. Thanks!!!


External debug result ?


Do you refer to the developer tools ?




Yes both. Check browser developer tools and also put external breakpoint in backend and see. It may be some error with RFC execution.

Arjun Biswas Dec 20, 2017 at 06:03 AM

Hi Saravanan Sugumar,

This error ma occur if the credentials are incorrect or if you have not implemented the CREATE_ENTITY method in your DPC_EXT class of your OData.


Arjun Biswas.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Arjun Biswas,

Thanks for your comment. The OData i am calling is SAP Standard BPM Service not custom. The credentials are correct and i am able to read the task without any problem. I am getting forbidden when i POST a request to BPM server for forwarding the task.