Skip to Content

How to fetch X-CSRF-Token


I am trying to read the X-CSRF-Token from GW read service without success. Any idea? As far as I know sap.ui.model.odata.ODataModel does not have the provision to pass the header data. So I tried with OData from datajs library, but the response header is always blank. I am able to get the X-CSRF-Token when I run the service uisng firefox REST client.

Here is the code I am using.



"Content-Type": "application/x-www-form-urlencoded",





Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    Jun 01, 2012 at 03:34 AM

    Hi Abhilash

    I dont have the latest version of Gateway and from your question I am not sure what format you are requesting, but on the previous version to do an xml POST looks like.

    var request =
    { headers: {"X-Requested-With": "XMLHttpRequest",
    "Accept": "application/atom+xml,application/atomsvc+xml,application/xml",
    "Content-Type": "application/atom+xml",
    "DataServiceVersion": "2.0" },
    requestUri: serviceURI,
    method: "POST",
    user: "developer",
    password: "ch4ngeme",
    data: contactEntry }; //The post request, passing the callback functionOData.request( request,
    function (data) { //Success Callback"New contact saved successfully.", sap.ui.commons.MessageBox.Icon.SUCCESS,
    "Contact Saved", sap.ui.commons.MessageBox.Action.OK);
    function (err) {
    //Error Callback:


    I believe to retrieve the CSRF token you have to do a GET first and for this would assume you use

    Content-Type: application/atom+xml

    Then once you have the token in the POST replace the header value pair "X-Requested-With": "XMLHttpRequest" for the X-CSRF-Token pair

    hope it helps

    Cheers JSP

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 15, 2013 at 06:46 AM


    I am using JSON model in my application. When I am applying the above code for Odata model, it's working fine.But in JSON model I am getting the following error.

    CX_SXML_PARSE_ERROR/001560AA0E081DEB8CA398CC1690D406Error while parsing an XML stream206B32E3A013F1A29B1D20CF30C48576

    How to pass the CSRF token through GET request and how to get that token in POST request in jSON model to do create Opearation.

    Please follow the below thread for more details

    Please help me to solve this issue.



    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 25, 2013 at 06:25 PM

    Hi Abhilash,

    I am able to fetch the token number from the HTML application deployed on Tomcat of my machine.

    When the same application is deployed on another Tomcat, the Success code is OK but the token number is always blank.

    What could be the issue here?

    I tried with datajs and ajax, but nothing happened.

    Any help would be appreciated.



    Add comment
    10|10000 characters needed characters exceeded