Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Problem Doing ODATA Request with XCSRF Token

zaunaro
Explorer

‎2025 Jan 29 1:43 PM - edited ‎2025 Jan 29 1:51 PM

705

Hello everyone, 

I want to call an ODATA Endpoint of my RAP Service in my On Premise System, which is exposed via Cloud Connector in BTP
First, I have to fetch the 'x-csrf-token' via axios.get. Therefore, I encoded my username and password and add it to basic authentication. I receive a token from the response headers. With that token in the header I request my Entity, but after that I always get an error:  401 Not authorized

 

 

const axios = require("axios");

const sTokenUrl = "https://MYSYSTEMURL:MYPORT/sap/opu/odata/sap/MYSERVICE";
const sBase64UserNamePassword = "USERNAME:PASSWORD"; // This is Base64Encoded
const sServiceUrl = "https://MYSYSTEMURL:MYPORT/sap/opu/odata/sap/MYSERVICE/MYENTITY"

const oTokenResponse = await axios.get(sTokenUrl, {
            headers: {
                "x-csrf-token": "fetch",
                Authorization: `Basic ${sBase64UserNamePassword}`,
                Accept: "*/*",
                "Cache-Control": "no-cache",
                "Accept-Encoding": "gzip, deflate, br",
                Connection: "keep-alive",
            },
            withCredentials: true,
        });

const aCookies = oTokenResponse.headers["set-cookie"];
const sAuthToken = oTokenResponse.headers["x-csrf-token"];
const oHeaders = {
   "X-Csrf-Token": sAuthToken, 
   Accept: req.headers.accept,
   "Content-Type": req.headers["content-type"] ?? "application/json",
   "Cookie": aCookies.join(";")
};
try {
   const response = await axios.get(sServiceUrl, { headers: oHeaders });
} catch (oError) {
    console.log("Request Error:", oError.message);                   
}

 

 

If I do the same thing with Postman, it works. Can anybody help me with that ? 

Thanks
Daniel

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

zaunaro
Explorer
‎2025 Jan 30 11:54 AM
0 Likes

I found the answer. 

It was the change from axios to https. I did the request as following. Now it works for me.

const oHeaders = {
   "X-Csrf-Token": sAuthToken,
   Accept: req.headers.accept,
   "Content-Type": req.headers["content-type"] ?? "application/json",
   Cookie: aCookies.join(";"),
};

const response = await makeHttpsRequest({
                        method: "GET",
                        hostname: new URL(sUrl).hostname,
                        path: new URL(sUrl).pathname,
                        headers: oHeaders,
                    });

const makeHttpsRequest = (options, postData = null) => {
    return new Promise((resolve, reject) => {
        const req = https.request(options, res => {
            let data = "";
            res.on("data", chunk => (data += chunk));
            res.on("end", () => {
                resolve({
                    status: res.statusCode,
                    headers: res.headers,
                    data: data,
                });
            });
        });

        req.on("error", err => reject(err));
        if (postData) req.write(postData);
        req.end();
    });
};

 

Show replies
Show replies
Ulrich_Schmidt1
Product and Topic Expert
Product and Topic Expert
‎2025 Jan 30 8:20 AM
0 Likes

Best is probably to activate the ICM trace on backend side, here you can sometimes see details of why it is responding with 401. And the Traffic Trace in the SCC can also help, then you see the complete HTTP request and can compare what is different between Postman and axios.

Show replies
Show replies
zaunaro
Explorer
‎2025 Jan 30 11:51 AM
0 Likes
Thanks, I did this already. I found out if I switched from axios to https.
Ask a Question