cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Getting 403 forbidden when trying to return with cart via OCI

Go to solution
Vindir
Discoverer

on ‎2025 Feb 27 7:54 AM

0 Kudos
1,084

Hi everyone,

We are using S4 hana 

We are trying to set up external purchasing catalogs via Open Catalog Interface. The plan is to make them available to the end users via the My purchase requisitions- New app. The punch out works as expected. The external catalog creates an html form as described in the OCI documentation. 

The form is submited to the HOOK_URL.

SAP then gives a 403 forbidden error. I can only assume that we have missed to get some sort of prerequisit in place. I find some mentions about setting up RFC-connections for this but cant find enough info to understand exactly how to set those up to support this. If that is even the reason for tis error.

Have anyone encountered something similiar and have any suggestions for a solution?

 

Example from documentation:

<form action="HOOK_URL" method="post" target="_top">
<input type="hidden" name="~caller" value="CTLG" />
<!-- Item 1 -->
<input type="hidden" name="NEW_ITEM-DESCRIPTION[1]" value="Article number 1">
<input type="hidden" name="NEW_ITEM-QUANTITY[1]" value="1">
<input type="hidden" name="NEW_ITEM-UNIT[1]" value="EA">
<input type="hidden" name="NEW_ITEM-PRICE[1]" value="250">
<input type="hidden" name="NEW_ITEM-PRICEUNIT[1]" value="1">
<input type="hidden" name="NEW_ITEM-CURRENCY[1]" value="EUR">
<input type="hidden" name="NEW_ITEM-LEADTIME[1]" value="10">
<input type="hidden" name="NEW_ITEM-VENDORMAT[1]" value="5433334">
<input type="hidden" name="NEW_ITEM-MANUFACTCODE[1]" value="AN1">
<input type="hidden" name="NEW_ITEM-EXT_QUOTE_ID[1]" value="">
<input type="hidden" name="NEW_ITEM-EXT_PRODUCT_ID[1]" value="">
<input type="hidden" name="NEW_ITEM-EXT_SCHEMA_TYPE[1]" value="UNSPSC">
<input type="hidden" name="NEW_ITEM-SERVICE[1]" value="X" />
<input type="hidden" name="NEW_ITEM-EXT_CATEGORY_ID[1]" value="43100100">
<input type="hidden" name="NEW_ITEM-MATGROUP[1]" value="43100103">
<input type="hidden" name="NEW_ITEM-PARENT_ID[1]" value="">
<input type="hidden" name="NEW_ITEM-ITEM_TYPE[1]" value="">
<!-- Item 2 -->
<input type="hidden" name="NEW_ITEM-DESCRIPTION[2]" value="Article Number 2">
<input type="hidden" name="NEW_ITEM-QUANTITY[2]" value="1">
<input type="hidden" name="NEW_ITEM-UNIT[2]" value="EA">
<input type="hidden" name="NEW_ITEM-PRICE[2]" value="250">
<input type="hidden" name="NEW_ITEM-PRICEUNIT[2]" value="1">
<input type="hidden" name="NEW_ITEM-CURRENCY[2]" value="EUR">
<input type="hidden" name="NEW_ITEM-LEADTIME[2]" value="10">
<input type="hidden" name="NEW_ITEM-VENDORMAT[2]" value="5433335">
<input type="hidden" name="NEW_ITEM-MANUFACTCODE[2]" value="AN2">
<input type="hidden" name="NEW_ITEM-EXT_QUOTE_ID[2]" value="">
<input type="hidden" name="NEW_ITEM-EXT_PRODUCT_ID[2]" value="">
<input type="hidden" name="NEW_ITEM-EXT_SCHEMA_TYPE[2]" value="UNSPSC">
<input type="hidden" name="NEW_ITEM-EXT_CATEGORY_ID[2]" value="43100100">
<input type="hidden" name="NEW_ITEM-SERVICE[2]" value="X" />
<input type="hidden" name="NEW_ITEM-MATGROUP[2]" value="43100103">
<input type="hidden" name="NEW_ITEM-PARENT_ID[2]" value="">
<input type="hidden" name="NEW_ITEM-ITEM_TYPE[2]" value="">
<center>
<input type="submit" value="Åter till S4 Hana" id="submit1" name="submit1">
<br>
</center>
</form>

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

timea_sap
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 28 7:50 AM
0 Kudos

Hi Vindir,

Try to maintain the value of the HOOK_URL parameter in the call structure with the path of ICF service of OCI catalog.

It should look like this (replace host and port with your data): https://<fiorilaunchpadhost:port>/sap/bc/rest/sap/oci_catalog

If you have access to SAP KBAs, check this one for more details: https://me.sap.com/notes/2375333

Best regards,

Timea

Show replies
Show replies
Vindir
Discoverer
‎2025 Mar 04 6:50 AM
0 Kudos
Thanks for your tip. Unfortunately the HOOK_URL is unique each time since it is adding an event ID to that url. We did however find the solution it was simply a service that neede to be turned on that was never amentioned in any documantation.
Vindir
Discoverer
‎2025 Mar 04 6:52 AM
0 Kudos
The service was called oci_catalog if anyone has the same issue
rajeshps
Participant
‎2025 Jun 10 3:38 PM
0 Kudos
@Vindir : Where did you activate this oci_catalog service in S4? is it possible for supplier to configure HOOK URL to an API?
rajeshps
Participant
‎2025 Jun 10 3:51 PM
0 Kudos
@Vindir / @Timea where did you turned on /enabled the service. How does the supplier site knows where to send the punch out data if its configured https://<fiorilaunchpadhost:port>/sap/bc/rest/sap/oci_catalog
timea_sap
Product and Topic Expert
Product and Topic Expert
‎2025 Jun 11 12:31 PM
0 Kudos
@rajeshps The transaction for the service is SICF. The HOOK_URL value has to be configured in the call structure of the catalog, with the correct Fiori server name and port. This will be used to return to the Fiori app from the external catalog.
rajeshps
Participant
‎2025 Jun 11 1:00 PM
0 Kudos
@Timea / @Vindir Is it possible for supplier to configure api for OCI return path just to safeguard security? what is the data format coming from supplier to sap?
rajeshps
Participant
‎2025 Jun 11 1:13 PM
0 Kudos
@Vindir / @Timea : Is it possible to use BTP Integration suite for OCI and CXML b2b commerce punch out flow. Or it should be direct to SAP S4? Please help with latest documenation on OCI and cxml. Unable to find it please. Thankyou much in advance

Answers (0)

Ask a Question