Skip to Content

How to fetch X-CSRF-Token


I am trying to read the X-CSRF-Token from GW read service without success. Any idea? As far as I know sap.ui.model.odata.ODataModel does not have the provision to pass the header data. So I tried with OData from datajs library, but the response header is always blank. I am able to get the X-CSRF-Token when I run the service uisng firefox REST client.

Here is the code I am using.



"Content-Type": "application/x-www-form-urlencoded",





Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Jun 01, 2012 at 03:34 AM

    Hi Abhilash

    I dont have the latest version of Gateway and from your question I am not sure what format you are requesting, but on the previous version to do an xml POST looks like.

    var request =
    { headers: {"X-Requested-With": "XMLHttpRequest",
    "Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
    "Content-Type": "application/atom+xml",
    "DataServiceVersion": "2.0" },
    requestUri: serviceURI,
    method: "POST",
    user: "developer",
    password: "ch4ngeme",
    data: contactEntry }; //The post request, passing the callback functionOData.request( request,
    function (data) { //Success Callback"New contact saved successfully.", sap.ui.commons.MessageBox.Icon.SUCCESS,
    "Contact Saved", sap.ui.commons.MessageBox.Action.OK);
    function (err) {
    //Error Callback:


    I believe to retrieve the CSRF token you have to do a GET first and for this would assume you use

    Content-Type: application/atom+xml

    Then once you have the token in the POST replace the header value pair "X-Requested-With": "XMLHttpRequest" for the X-CSRF-Token pair

    hope it helps

    Cheers JSP

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 15, 2013 at 06:46 AM


    I am using JSON model in my application. When I am applying the above code for Odata model, it's working fine.But in JSON model I am getting the following error.

    CX_SXML_PARSE_ERROR/001560AA0E081DEB8CA398CC1690D406Error while parsing an XML stream206B32E3A013F1A29B1D20CF30C48576

    How to pass the CSRF token through GET request and how to get that token in POST request in jSON model to do create Opearation.

    Please follow the below thread for more details

    Please help me to solve this issue.



    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Nov 25, 2013 at 06:25 PM

    Hi Abhilash,

    I am able to fetch the token number from the HTML application deployed on Tomcat of my machine.

    When the same application is deployed on another Tomcat, the Success code is OK but the token number is always blank.

    What could be the issue here?

    I tried with datajs and ajax, but nothing happened.

    Any help would be appreciated.



    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.