Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to solve the error "CSRF token validation failed” when calling an API?

Go to solution
Kelly_Hannel
Product and Topic Expert
Product and Topic Expert

on ‎2021 Jan 05 6:22 AM

151,707

The error "CSRF token validation failed” is raised when you try to access an API via Postman.

You want to know how to resolve this error.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Kelly_Hannel
Product and Topic Expert
Product and Topic Expert
‎2021 Jan 05 6:49 AM

Hello Community,

In order to solve the error "CSRF token validation failed” you need to fetch the the CSRF token.

To do it, please follow the below steps:

1- Using GET go to Headers tab and add:

KEY = x-csrf-token VALUE = fetch

2- Press send.

3- The token will be generated at Header tab. Then you need copy the token and change for the field value "fetch".

Please refer to the image "CSRF" attached.

4- After that you will be able to use the POST method.

Hope it helps!

Show replies
Show replies
srikanthvadla
Explorer
‎2021 Nov 23 6:14 PM
0 Likes

Thanks Kelly ! May i know the reason why we need to do that, is it due to an update in PostMan version ? I have create many odata services before but i did not face this issue before. Can you please help to understand little more ?

Marco6
Explorer
‎2024 Jul 14 6:36 PM
0 Likes

Thank you, I also resolved the issue.
In my case, the error started after applying authentication policies to my test API.
II applied the parameters at the header level, there were a couple of failures, but then the error disappeared.

Answers (4)

Answers (4)

MauricioSantos
Newcomer
‎2024 Apr 03 12:25 PM

Changing the Default CSRF Protection Mechanism

To change the default CSRF protection mechanism, proceed as follows:

  1. Go to transaction SICF.

  2. Navigate to the ICF node for your service.

  3. Double-click your service node.

  4. On Service Data choose GUI Configuration.Caution

  5. Enter the following values:

    • Parameter Name~CHECK_CSRF_TOKEN

    • Parameter Value0/1 (disable/enable)

      Compatiblity Mode for SP02 - HTTP Handler in SICF (node sdata)

      ( Default : X-Requested-With, to enable XSRF check use, ~CHECK_CSRF_TOKEN=1)

      The request handler is /IWFND/CL_SDATA_ODATA_APP.

      Standard Mode - HTTP Handler in SICF (node odata)

      ( Default: XSRF check, to disable and switch to X-Requested-With, use ~CHECK_CSRF_TOKEN=0)

      The request handler is /IWFND/CL_SODATA_HTTP_HANDLER.

  6. Choose Continue and save your settings.

Show replies
Show replies
madalinaghinescu
Discoverer
‎2025 Aug 01 11:24 AM
0 Likes
In my case, this solution worked. From POSTMAN side, no need to add a new parameter. The token validation can be adjusted from the back-end service.
khabir_komm_one
Discoverer
‎2025 Oct 08 9:56 AM
0 Likes

I have also faced the same problem with our new S/4HANA System. I have disabled CSRF Token for a specific OData service in SICF by following the SAP Note.

https://me.sap.com/notes/2751277/en-US

https://help.sap.com/docs/SAP_NETWEAVER_740/68bf513362174d54b58cddec28794093/b35c22518bc72214e100000...

 

Show replies
Show replies
gunnare
Explorer
‎2023 Nov 17 11:01 AM
0 Likes

Nice! Thank you for posting this solution

Show replies
Show replies
former_member810551
Discoverer
‎2022 Jun 28 6:54 PM
0 Likes

I am getting a error "CSRF token validation failed" using a Tcode: /n/IWFND/GW_CLIENT

Do you have any ideia to fix?

Thanks a lot

Rodolfo.

Show replies
Show replies
vikram_putta
Explorer
‎2023 Feb 10 10:30 AM

Hi Rodolfo,

could you please let me know how did you solve the error "CSRF token validation failed" in SAP Gateway?

i'm also facing the same error even though i have csrf-token in my post request. Your inputs will be very helpful.

Thanks

Vikram

Ask a Question