How to Disable X-csrf token for oData Custom Servi...

surajitkundu · ‎06-28-2023

Hi Expert ,

I want to use SAP Business ByDesign oData Custom Service POST and PUT operation only with Basic Authentication .How to avoid X-CSRF token for POST and PUT operation . Can we disable x-csrf token from SAP ByDesign userinterface.

Please give me any reference how to do that .

Thanks

Surajit

HarshalVakil · ‎01-04-2024

Hello Surajit,

if you use the business user with the ODATA services then you must use X-CSRF-Token as leonardo mentioned that is required for the sercurity measure and authenticate for the business user to be able to create / update data in system.

however, if you use technical user that is used in communication arrangement, then you are no longer required to use csrf token. with technical user, system works with the cookies and sessions ids.

You can find the some details here : https://me.sap.com/notes/2978556

Regards,
Harshal

leonardo_felini · ‎01-03-2024

Hello Surajit,

As of now, it is not possible to remove/disable the CSRF token validation in the SAP ByD Odata Services API, as this is a security measure and is required by default. You can check some additional details on the purpose of the token on the blog post below:

https://blogs.sap.com/2014/08/26/gateway-protection-against-cross-site-request-forgery-attacks/

However the token should not be required for every single request. If you are performing a series of POST and PUT requests in a short period of time, the same CSRF token can be used and it should still be valid for some time.

Kind regards,

Leonardo

SAP Support

How to Disable X-csrf token for oData Custom Service to POST and PUT in SAP Business ByDesign

Accepted Solutions (0)

Answers (2)

Answers (2)

is there field for equipment number in P.R and P.O...

Creating P.R with reference to reservation

Re: faglgvtr - Error FAA_POST120 & FAA_POST121

Re: AFS MRP Error

Re: A very strange SQL requirement