CSRF Token Validation Failed in POST API

ganapathiiii · ‎2024 Dec 26

Hi Experts,

I am getting error "CSRF Token Validation Failed" in POST request API of my SAP system since I'm generating CSRF token using GET request and pass the same to POST request in same SAP testing client.

I am able to generate CSRF token successfully through below code using get_header_field thru GET request. Also, I' m passing the same token to get_header_field thru POST request with my successful authendication. However, getting an error as "CSRF Token Validation failed"

Please advise where I am doing wrong. Also, I am able to post successfully via POSTMAN with same data and Basic Authentication using POSTMAN GET and POST request in the same testing client.

My Code:

lv_url = |http://MyURL|.

    " Create HTTP client instance
    CALL METHOD cl_http_client=>create_by_url
      EXPORTING
        url                = lv_url
      IMPORTING
        client             = lo_http_client.

* create the URI for the client.

  l_query = lv_url.

  CALL METHOD cl_http_utility=>set_request_uri

    EXPORTING

      request = lo_http_client->request

      uri     = l_query.

* update the HTTP Method

  CALL METHOD lo_http_client->request->set_method

    EXPORTING

      method = lo_http_client->request->co_request_method_get.

*set Content type

  CALL METHOD lo_http_client->request->if_http_entity~set_content_type

    EXPORTING

      content_type =  'application/json'.

lo_http_client->authenticate(   username = 'username' "iv_username'
                                password = 'password'
                                client   = '900'
                                language = 'E' ).
* set header field for fetching X-CSRF token

  CALL METHOD lo_http_client->request->set_header_field

    EXPORTING

      name  = 'X-CSRF-Token'

      value = 'Fetch'.

 lo_http_client->send(

      EXCEPTIONS

        http_communication_failure = 1

        http_invalid_state         = 2 ). "Send the HTTP request

  lo_http_client->receive(

    EXCEPTIONS

      http_communication_failure = 1

      http_invalid_state         = 2

      http_processing_failed     = 3 ). "receive the response

****GET x-csrf TOKEN from earlier response

CALL METHOD lo_http_client->response->get_header_field

  EXPORTING

    name  = 'X-CSRF-Token'

  RECEIVING

    value = l_token.

data : lv_http_status type i,
       lv_status_text type string.
    " Check for successful response
  lo_http_client->response->get_status( IMPORTING
     CODE   =     lv_http_status             " HTTP Status Code
     REASON =     lv_status_text             " HTTP status description
).
* Set X-CSRF- Token in the new request.

CALL METHOD lo_http_client->request->set_header_field

  EXPORTING

    name  = 'X-CSRF-Token'

    value = l_token.

*lo_http_client->set_csrf_token( l_token ) ,  .

* update the HTTP Method

CALL METHOD lo_http_client->request->set_method

  EXPORTING

    method = lo_http_client->request->co_request_method_post.

****content type

CALL METHOD lo_http_client->request->set_content_type

  EXPORTING

    content_type = 'application/json'.

l_body = '{"MANDT":"900","ID":"0000000002","CUST_NAME":"POST_METHOD","INV_NO":"1234567890"}'.

lo_http_client->request->set_cdata( DATA = l_body ).

* create Body for the HTTP Post request

CALL METHOD lo_http_client->request->set_cdata

  EXPORTING

    data = l_body.

lo_http_client->send(

    EXCEPTIONS

      http_communication_failure = 1

      http_invalid_state         = 2 ). "Send the HTTP request

lo_http_client->receive(

  EXCEPTIONS

    http_communication_failure = 1

    http_invalid_state         = 2

    http_processing_failed     = 3 ). "receive the response

l_result = lo_http_client->response->get_cdata( ).

WRITE : / L_RESULT.

CSRF Token Validation Failed in POST API

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (0)