Has anyone been able to get web service calls from SDK to a standard C4C oData API (e.g. ServiceRequestCollection) working?
I'm writing an MDR that needs to modify objects in a different deployment units - i.e. I can't update directly in code. As suggested in this helpful blog, I can achieve what I need by making a webservice call instead. Since SOAP is being deprecated I'd prefer to use oData.
I can make GET calls just fine using oData, however, when it comes to a modifying call - that requires the CSRF token and session cookie, I find my call is failing, saying that token validation has failed.
Here is some sample code: (I have hardcoded the token/cookie, but in reality I fetch these first with a GET call)
var ScenarioName = "C4CODataAPI_CommScen"; var ServiceName = "C4CODataAPI"; var HttpMethod = "POST"; var HttpResource = "$batch"; var ContentType = "multipart/mixed; boundary=batch"; var Body = "--batch Content-Type: application/http\n Content-Transfer-Encoding: binary\n GET ServiceRequestCollection?$top=1 HTTP/1.1\n\n --batch--"; var HeaderParameter : collectionof NameAndValue; var HeaderParameterEntry : NameAndValue; HeaderParameterEntry.Name = "x-csrf-token"; HeaderParameterEntry.Value = "lxdAgQuW512LixupoeJibw=="; HeaderParameter.Add(HeaderParameterEntry); HeaderParameterEntry.Name = "cookie"; HeaderParameterEntry.Value = "SAP_SESSIONID_L3V_184=A3dFEhFeuJ67hrRT134ekgt2HSUM-BHqw54ARt99avs%3d; path=/; secure; HttpOnly"; HeaderParameter.Add(HeaderParameterEntry); var URLParameter : collectionof NameAndValue; var wsResult = WebServiceUtilities.ExecuteRESTService(ScenarioName, ServiceName, HttpMethod, HttpResource, URLParameter, HeaderParameter, ContentType, Body);
I have tried performing the exact same call using an API client tool (Postman) and it works fine. I've even tried fetching the token and cookie using Postman and hard coding them in the ABSL (as above) but it does not work. The reverse situation - fetching the token and cookie in the ABSL code, and then pasting the values retrieved into a Postman request - works fine.
I've also tried pointing the Communication Scenario to a HTTP request inspector (requestbin.fullcontact.com) so I can examine what is coming out of the ABSL call - and that looks fine too (though I can't examine the cookie header for some reason)
If anyone with experience of the above has any pointers, it would be appreciated. I have a support request for the above but no feedback yet.