on 09-05-2018 8:17 PM - last edited on 02-04-2024 9:45 AM by postmig_api_4
Hi Folks,
I have a Hybris system 1709 provisioned through CAL. There is no Hybris related data populated. So I am trying to create a contact.
I am using the API_MKT_CONTACT_SRV service.
I am doing a Get with the X-csrf-token=fetch in the Header.
Then I am posting a contact using a PUT using the returned x-csrf-token:
http://myIP:myPort/sap/opu/odata/sap/API_MKT_CONTACT_SRV;v=0002/Contacts
Here is the JSON I am using from How to import Contact Data via OData Services to SAP Hybris Marketing by johannes.hirling
{
"batchParts": {
"batchChangeSet": {
"batchChangeSetPart": {
"method": "PUT",
"ContactOriginData": {
"ContactOriginData": {
"LastName": "Test",
"FirstName": "Tom",
"EmailAddress": "JHI_001@test.com",
"Country": "US",
"ContactPostalCode": "60611",
"ContactOrigin": "SAP_ERP_CONTACT",
"ContactID": "JHI_001",
"CityName": "Chicago",
"BirthDate": "2000-12-13",
"OriginDataLastChgUTCDateTime": "0000-00-00T00:00:00"
}
}
}
}
}
}
Here I am passing the x-csrf-token
Response header:
Any help would be appreciated.
Thanks,
Jay
Hi Jay,
see the response on https://blogs.sap.com/2018/04/02/how-to-import-contact-data-via-odata-services-to-sap-hybris-marketi...
For the csrf validation error.
With the response you get the token and cookie. both need to be submitted with the request.
set-cookie →SAP_SESSIONID_E4T_100=ZhvXja66yahG23SyyydcmPcLgySx1hHou4kCAAobqKg%3d; path=/; secure; HttpOnly
x-csrf-token →AGh8wYvtk8wGDRez5W6w-Q==
Example POST Request
POST /sap/opu/odata/sap/API_MKT_CONTACT_SRV/$batch HTTP/1.1
Host:<host>
x-csrf-token: AGh8wYvtk8wGDRez5W6w-Q==
Content-Type: multipart/mixed;boundary=batch
Cookie: SAP_SESSIONID_E4T_100=ZhvXja66yahG23SyyydcmPcLgySx1hHou4kCAAobqKg%3d
--batch
Content-Type: multipart/mixed; boundary=changeset_1
--changeset_1
content-type: application/http
content-transfer-encoding: binary
PUT ContactOriginData(ContactID='JHI_000',ContactOrigin='SAP_HYBRIS_CONSUMER') HTTP/1.1
Accept: application/json
Sap-Cuan-RequestTimestamp: '2018-06-01T13:00:00'
Sap-Cuan-SourceSystemType: POSTMAN
Sap-Cuan-SourceSystemId: EXT
Content-Type: application/json
{
"OriginDataLastChgUTCDateTime" : "2018-06-01T13:00:00",
"CityName" : "Chicago",
"Country" : "US",
"EmailAddress" : "DonDummy@test.com",
"FirstName" : "Don",
"LastName" : "Dummy",
"IsConsumer" : false,
"IsContactPerson" : true,
"Language" : "EN",
"MobileNumber" : "+49119201412191"
}
--changeset_1--
--batch--
hope this helps.
br,
johannes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi johannes.hirling ,
Thanks for your answer. We were able to get the POST/PUT to work from the SAP Gateway client using HTTP when we disabled the csrf token functionality for the service in SICF - ~CHECK_CSRF_TOKEN = 0. However, when we took out the csrf disablement, we are running into issues again. We were using HTTP and for the csrf token to be returned, then we need to use HTTPS. But since our server is the CAL provided instance, the certificate is self signed and not in the client trust store. So the quest continues to get this to work. I will update this.
Thanks,
Jay
Hi johannes.hirling - It's all working now. We had to export the self signed certificate from the server and import it into the client certificate store on the system. Then we were able to get this working from both the SAP Netweaver Gateway client and also from Postman in the way your described. So the main issue was the CAL provisioned Hybris system not having the SSL set up in place. Once this is set up, then it works like a charm.
Thanks for your help.
Regards,
Jay
Anyone running into this issue, please make sure your SSL setup has been done correctly on your SAP system. By default, you need HTTPS working for using the x-csrf-token functionality. So you need the server certificate installed in the client certificate store.
If you want to test the functionality without HTTPS and csrf tokens, simply go the service in SICF and then set the ~CHECK_CSRF_TOKEN = 0.
Please check out the excerpt in SAP note - 1896961 - HTTP/HTTPS Configuration for SAP NetWeaver Gateway
Using HTTP
Necessary settings for CSRF token handling when HTTP is used
To protect Cross-Site Request Forgery attacks(CSRF or XSRF), SAP NW Gateway also supports CSRF token handling and returns a CSRF token if required by the OData consumer (HTTP/HTTPS client). On the other hand, this CRSF token must also be protected. Therefore, by default this token will only be sent if HTTPS is used. Default settings: The instance profile parameter "login/ticket_only_by_https" is set to 1. When using HTTP you have to ask your system administrators to set the instance profile parameter "login/ticket_only_by_https" to 0. Otherwise, the SAP NW Gateway hub system does not provide a CSRF token and the next modify operation such as POST, PUT, MERGE or DELETE will be terminated with HTTP status code 403 because of an invalid CSRF token.
Ensure that this setting is only made for internal test systems because it is a high security risk!
Deactivate "Redirect HTTP to HTTPS" to use HTTP
Normally, if an SAP NW Gateway hub system is configured to support SSL because of security reasons, your system administrators will also configure it to automatically redirect all HTTP requests to HTTPS to secure your system fully. The redirect setting is done by the instance profile parameter "icm/HTTP/redirect_xx". If you want to use HTTP for tests, you have to ask your system administrators to remove this redirect setting.
Do not forget to set the instance profile parameter "login/ticket_only_by_https" to 0 as mentioned above.
Regards,
Jay
User | Count |
---|---|
7 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.