cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

403 Forbidden issue in SMP 3.0 OData POST

Go to solution
Former Member

on ‎02-13-2015 9:16 PM

0 Kudos

Hello experts,


I was able to follow Marvin Hoffman’s excellent tutorial in 3 parts. Also, many posts from Jitendra Kansal were very helpful in this task. I’m using SMP 3.0, installed in a local server. The database is HSQLDB. I was also able to create a hybrid app using SAPUI5 with PhoneGap for iOS, where via Javascript I connect to SMP and read the database.


Here is a Postman print screen with a successfull GET method, that also works via Javascript in the app.



I have an issue with the POST method. I always get a 403 (Forbidden) response. As pointed out in the posts, I collected the cookies in the GET operation and send in the POST.



I’m not sure if there is an issue with the formation of the POST, or if there’s a configuration missing on SMP.


Thanks in advance for your help,


Luciano Sclovsky

Tags edited by: Jitendra Kansal (Moderator)

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

midhun_vp
Active Contributor
‎02-14-2015 6:30 AM
0 Kudos

Hi Luciano,

403 forbidden HTTP status code happens when the server refuses to take action for the request. A reason could be that you are not passing the X-CSRF-TOKEN with the header.

Make a GET request first, it should get the X-CSRF-TOKEN in the response. Pass this value for the POST operation in the header.

Regards, Midhun

SAP Technology RIG

Show replies
Show replies
bjoernw
Employee
Employee
‎02-16-2015 9:13 AM
0 Kudos

Just to add some detail to what Midhun and Jitendra are saying. When you send the GET request, you need to include the following header: "X-CSRF-Token: fetch" in order to retrieve the token. This is the token you need for the POST operation.

Former Member
‎02-23-2015 5:39 PM
0 Kudos

Hello Midhun,

I was missing the Authorization, X-CSRF-Token and the X-SMP-APPCID headers. I also included the XML payload (in the app I use JSON). Bellow is the working POST.

Thank you,

Luciano

Former Member
‎02-23-2015 5:39 PM
0 Kudos

Thanks, Bjoern! Your answer was also helpful.

Answers (1)

Answers (1)

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎02-14-2015 7:56 AM
0 Kudos

Before making any POST/PUT/delete request you have to get the value of the X-CSRF-TOKEN in GET request.As Midhun already pointed out, i dont see any header called "X-CSRF-TOKEN" getting passed in GET request.

Which SMP 3.0 SP you are working on? Is it SP03 or S04 or SP05? Dont you need to pass any payload in POST request? I can see that you are trying with OData service which has been exposed via Integration gateway, can you tell us what is the backend for that service? Is it not SOAP WS?

Regards,

JK

Show replies
Show replies
Former Member
‎02-23-2015 1:15 PM
0 Kudos

Hello Jitendra,

Sorry for the delay, since I was off last week. Thank you for your answers. I'm using SMP 3.0.3 SP03.

I'll proceed with the investigation with the feedback you, Midhun and Bjoern sent. I will send my update later today, along with the answers to your other questions.

Best regards,

Luciano

Former Member
‎02-23-2015 5:45 PM
0 Kudos

Jitendra,

I found this other post from yours that was very helpful. I followed it to fix my issue. Thanks!

I attached an image of the solution above, answering Midhun.

Regarding the OData service, I had already done it before just like you did it in your post.

Regards,

Luciano

Ask a Question