We all know that if we want to consume SAP OData service to perform some write operation on server, that is, create, update or delete, it's necessary to get a CSRF token first and then append it as header field of the actual OData service call.
Previously I test such scenario using Postman, and I have to always do the following things manually:
1. fetch a valid CSRF token from server by specifying HTTP header field x-csrf-token's value as "fetch":
2. append this token to the header field of the second HTTP post request:
Then one of my colleagues inspired me: can all these boring steps could be finished automatically with a single click?
Yes! It could be just achieved by a little scripting in Postman itself.
1. Click this icon to open Environments maintain screen:
Create a new environment named "TokenSuite" and a variable "csrftoken" within it:
2. In the first token retrieve HTTP request, write the following simple script to parse the token from HTTP response and set it to the environment variable just created in previous step:
var token = postman.getResponseHeader("x-csrf-token");
console.log("token:" + token);
postman.setEnvironmentVariable("csrftoken", token);
3. In the second HTTP post request, just specify the actual value of token using grammar {{csrftoken}}:
Now click run button:
Collection Runner window is opened. Just press "Run CSRF token test":
And the two requests could be run one by one, the token retrieved by first request was automatically used in the second HTTP post request. Very convenient, isn't it?