Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Validity of CSRF Token

Go to solution
SAPSupport
Employee
Employee

on ‎2024 May 28 5:17 PM

2,805

Dear SAP,

When using the POST commands to the BP API (or any other API) we see that the CSRF token doesn't seem to expire. I can't find any documentation on how long the CSRF token should stay valid. We need to know this in order to allow correct integration flows. 

Can you provide information on how long the CSRF tokens are valid in S/4 Cloud environments?


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
‎2024 May 28 5:17 PM
0 Likes

Dear Customer,

 

By default the CSRF token remains valid for 24 hours (86400 seconds), however the validity is bound to the security session, which depends on the system parameter http/security_session_timeout value. In S/4HANA Cloud the http/security_session_timeout value is 30 minutes. 

The token request is for 24 hours but it is still tied to the security session as specified. So, the validity is only 30 minutes on cloud by default. 

 

Kind regards.

Show replies
Show replies
Jeroen_Zijderveld
Active Participant
‎2024 May 29 7:32 AM
0 Likes
Thanks for this. Although we can use the same CSRF in Postman for several hours we will abide to the 30 minutes for our operational integration flows.

Answers (0)

Ask a Question