Skip to Content
avatar image
Former Member

Getting 403 forbidden for POST during Forward task in BPM

Hi All,

I am trying to access BPM OData Service and i am able to fetch the task successfully. Now i wanted to forward a particular task in custom UI5 app to another user, When i try to POST a request for Forward task i am getting a 403 forbidden error.

First i am calling the Get service to fetch the X-CSRF-TOKEN and i am passing the same in the Post call. But still i am getting the 403 forbidden error. All the required roles are assigned correctly. Please find below the code for Post call

forwardTask : function(token) {

var username ="";

var password ="";

var instanceId = "";

var userId = "";


type : 'POST',

async: false,

url : "proxy/https/host:port/bpmodata/tasks.svc/Forward?InstanceID='"+ instanceId + "'&SAP__Origin='NA'" +"&ForwardTo='" + userId + "'&$format=json" ,

contentType : "application/atom+xml",

beforeSend: function (xhr){

xhr.setRequestHeader('Authorization', "Basic " + btoa(username+":"+password));

xhr.setRequestHeader('Access-Control-Allow-Origin', "*");

xhr.setRequestHeader('Accept', "application/json");

xhr.setRequestHeader('X-CSRF-Token', token);


success : function(data, oResponse, XMLHttpRequest) {



error : function(oerror) {"Call Failed");




i am calling the tasks.svc Get call for fetching X-CSRF-token


Kindly let me know what am i missing in my scenario.

Thanks and Regards,


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Dec 20, 2017 at 02:48 AM

    At the outset, check two things - Does the front end user have role to forwad the task to another user. You can cross confirm this in backend as well by using T-code SWIA and doing a admin forward. Secondly put an external breakpoint and see from where and what exact error is occuring.

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 20, 2017 at 06:03 AM

    Hi Saravanan Sugumar,

    This error ma occur if the credentials are incorrect or if you have not implemented the CREATE_ENTITY method in your DPC_EXT class of your OData.


    Arjun Biswas.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Arjun Biswas,

      Thanks for your comment. The OData i am calling is SAP Standard BPM Service not custom. The credentials are correct and i am able to read the task without any problem. I am getting forbidden when i POST a request to BPM server for forwarding the task.