cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to fetch backend System x-csrf-token value using API tool

former_member598993
Member

on ‎12-21-2018 8:47 AM

0 Kudos

Hi All, I got a requirement where i need to POST Data using x-csrf-token value coming from HCI Application .

My Technical Flow looks like below..

POSTMAN ---API---SAP CPI ---S/4 HANA Odata Service

When i am trying to fetch the x-csrf-token value using below End point URL by GET Method

https://<APIHostName>:<port>/v1/ContractReplication/SalesContractSet

I got 200 response with x-csrf-token value.

When i use the above x-csrf-token value for POST Method on same URL, i am getting 403 forbidden error. Please help me out how to fetch the proper x-csrf-token value using API Tool.

Show replies
Show replies
krish96
Explorer
‎01-11-2019 10:46 AM
0 Kudos

Hi Uday

Can I get to know which API service you are using?

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

jtidalgo
Explorer
‎05-17-2019 5:27 AM
0 Kudos

Hello Uday,

Are you able to fetch the CSRF token from Postman? I have the same requirement, except that I need to use the SAP Netweaver OData service. I don't know if there was a recent update with Postman that the token does not appear anymore.

Show replies
Show replies
ElijahM
Advisor
Advisor
‎05-22-2019 10:32 AM

X-CSRF-Token is a non-standard header field, you will need to manually assign it within POSTMAN if you are directly engaging with a CSRF enabled system.

For utilizing API Management to maintain the CSRF token, it is recommended that you persist the token information in a short-lived cache in order to avoid repeated requests, however you will need to ensure the Cache does not outlive the token lifetime. When used in conjunction with CPI you must ensure that CPI is configured in a way to handle the token and cookie information passed by the request (in this case APIM) else you may find that the disjoint of information causes the CSRF Token to be mishandled by the backend.

former_member585901
Explorer
‎05-02-2019 3:51 PM
0 Kudos

Hello Uday,

I managed to have a service call out operation in API to fetch the csrf token and extracted the cookie and the token from the response of the service call out and set the same to the request attributes for the post request. So, technically, it will be only one request from the sender and the API makes to calls in the same API to fetch the token and update using the same token if the HTTP request verb is POST.

POSTMAN -> API (fetch token and set the token & Cookie) -> CPI -> S/4 HANA.

But, in my case, it is working sometimes and sometimes not. I'm struggling to understand where is it going wrong. If you managed to solve your problem in a different way, please share the solution. Thanks.

Regards,

Anil Kumar VEEPURI

Show replies
Show replies
Ask a Question