Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

C4C OData CSRF token in the body/Payload?

sheshukumar
Explorer

on ‎2019 Aug 23 1:42 PM

0 Likes
2,267

Hello Expoerts,

We are integrating Nice Incontact and C4C systems. NIce Incontact will update a Service Ticket Status and assign the Agent via OData service is the requirement but unfortunately InContact is unable to read/get the X-CSRF-TOKEN in its headers when we test in postman or eclipse java code is able to read/see the same.

So there is a limitation in Nice Incontacts. We are looking for alternate work around that is if C4C can send the token in the body of the HTTP request/Payload NiceIncontact can read it. I am trying the URL

I am trying token URL with post method and along with parameters(in below screen shot) but it is throwing an exception for assertion value. could you please suggest me how can I achieve this. No idea how to generate assertion value

error-screen-shot-odata.png

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

vishvam290
Member
‎2022 Feb 18 7:32 AM
0 Likes

Hi Everyone,

I am also having same problem!

We are building one chatbot for GRC system.

For that I have created some Odata services to expose some data. While integrating chatbot with SAP GRC system, With Chatbot developer is not able to fetch X-Csrf-Token from the header due to some restrictions.

Is there any workaround possible in which I can provide them X-Csrf-token in body??

I tried to disable X-Csrf-token. But I am not able to test that in POSTMAN. It always ask X-Csrf-Token.

Please suggest me some work around. I have checked lot of threads but could not find anything.

Thanks in advance.

Regards,

Vishvam

Show replies
Show replies
sheshukumar
Explorer
‎2019 Aug 27 3:40 PM
0 Likes

Hi Anthony,

yes, they have to.

Incontact is able to performe the Get/Query of C4C and fetching the details. But unable to fetch the X-CSRF-Token in the response body even it is being sent in the HTTP Header of the request(X-CSRF-Toknen = fetch). it is strange because I am able to get it in the java code, postman, soap ui but not in the InContact.

Thanks,

Sheshukumar.

Show replies
Show replies
anthonyx_uliano
Participant
‎2019 Aug 23 2:15 PM
0 Likes

HI sheshukumar.guntuka - Have you spoken to InContact? Handling of the Token can be tricky. Here's a blog post that shares some insight.

https://blogs.sap.com/2014/07/11/issues-with-csrf-token-and-how-to-solve-them/

Specifically for third party clients, here's an excerpt from that blog post that may help:

3rd issue – You are using external REST client for testing modify operation

If you do not provide the token, you will receive 403 HTTP Forbidden response with following message “CSRF token validation failed”.

In this case, you need to first fetch CSRF token, adding header parameter X-CSRF-Token : Fetch, read its content from response parameter x-csrf-token and add it manually to header of your testing modify request.

Show replies
Show replies
sheshukumar
Explorer
‎2019 Aug 23 2:20 PM
0 Likes

Thank you Anthony for quick repply.

The issue is InContact is unable to read the x-csrf-token from the response header of the Get Request. There is a limitation to read the response headers. InContact developer is also checking with Product Team also requesting if there is any way to read to get this token in the response body instead of Headers so I thought it is better to ask experts in the forum.

Thanks,

Sheshukumar Guntuka

anthonyx_uliano
Participant
‎2019 Aug 23 2:28 PM
0 Likes

They have to fetch the X-CSRF-Token first, right?

Ask a Question