Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Problem Statement: HTTP 403 Error in SAP CPI IFlow While Calling SAP Public Cloud OData API

Go to solution
Pratibha_Salunke
Discoverer

on ‎2025 Mar 06 12:00 PM

2,284

 

Hello SAP Community,

I have designed an SAP CPI IFlow to call the API_MANAGE_WORKFORCE_TIMESHEET OData service in SAP S/4HANA Public Cloud. However, I am receiving an HTTP 403 Forbidden error when invoking the API.

IFlow Overview:

Pratibha_Salunke_1-1741261428226.png

Steps Implemented:

  1. Get CSRF Token – Successfully fetched via a GET request.
  2. Modify Headers – Added "x-csrf-token" and "Content-Type": "application/json".
  3. Authentication – Using Basic Authentication with a Communication User.
  4. Validated Payload – JSON format is correct as per API metadata.

Issue:

  • The API responds with 403 Forbidden.

Observations:

  1. 403 Forbidden Error – The request is reaching the API but is being denied access.
  2. CSRF Token Retrieved Successfully – Indicates that token handling is correctly implemented.
  3. Basic Authentication Used – The Communication User may lack required roles or permissions.
  4. Headers Properly Set – "x-csrf-token" and "Content-Type": "application/json" are included.
  5. Correct Payload Format – Ensured as per API metadata.
  6. Tested in Postman – Working Fine – The same API call with the same credentials works in Postman but fails in SAP CPI.

Questions:

  1. Are there any additional roles required for the Communication User in SAP S/4HANA Public Cloud?
  2. Does this API require OAuth authentication instead of Basic Authentication when called from CPI?
  3. Are there any specific CPI security settings or firewall restrictions that could be blocking the request?
  4. Is there any difference in authentication behaviour between Postman and SAP CPI when calling this API?
  5. Does CPI require any special configurations for calling public cloud OData APIs (e.g., certificates, destinations, or policies)?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Vinyasha_V
Discoverer
‎2025 Mar 06 3:25 PM
0 Likes

Hi Prathiba, Can you check if the HTTP Session Reuse has been configured to On-exchange or On Integration flow for the configured i-flow ? If it is set to NONE you might have to check this and change this, you would find this option at Runtime Configuration of the Integration flow.

Show replies
Show replies
Pratibha_Salunke
Discoverer
‎2025 Mar 09 5:56 AM
0 Likes
Thank you for your suggestion! I checked the HTTP Session Reuse setting in the Runtime Configuration of the Integration Flow, and it was set to NONE. After changing it to On Integration Flow, the issue was resolved successfully. Appreciate your help!

Answers (0)

Ask a Question