SAP IRPA Ajax Call issue 403 Forbidden Status with...

srimounika_kadiyala · ‎2021 Mar 05

Hi,

In IRPA Development , we are integrating the S/4 Service for Post Operation. For this scenario, we are making the first call to receive CSRF Token through Get Operation and getting the Token Successful in response. In the Success Method of Ajax first Call, we are calling the Post Operation with Payload, Request Header like CSRF Token, Authentication & JSON Setting but getting 403 Forbidden Status with CSRF Token Validation Failed in Error Block.

And also we have tested the same service in postman & /IWFND/MAINT_SERVICE, its working fine for GET and POST operation.

In the IWD Trace in S/4 System, Request payload is getting passed correctly but we are unable to validate the Request Header i.e. CSRF Token.

PFB the code:

var user = 'R_*H*_***_GB';

var pass = 'gv63*********sb';

var auth = ctx.base64.encode(user + ":" + pass);

var payload = {

PROCESS_CODE: "STO",

ValidatePoDataSet: [ {

PROCESS_CODE: "STO",

ID_NUM: "01", }]
};
ctx.ajax.call( {

url: 'https://sapfhdaasd001.u***************m:44301/sap/opu/odata/sap/Z*************E_P****TA_SRV',

method: e.ajax.method.get,

contentType: e.ajax.content.json,

usePassport: true,

ignoreClientCertificate:true,

headers: {

'Authorization': "Basic " + auth,

'X-CSRF-Token': 'Fetch'

},

success: function (res, status, xhr) {

sc.localData.csrf = xhr.headers['x-csrf-token'];

ctx.log(sc.localData.csrf);

ctx.log(status);

ctx.ajax.call( {

url: 'https://sapfhdaasd001.u****************:44301/sap/opu/odata/sap/ZM****************A_SRV/Val*****ad*et',

async: false,

usePassport: true,

ignoreClientCertificate:true,

method: e.ajax.method.post,

contentType: e.ajax.content.json,

data:JSON.stringify(payload),

headers: {

'Authorization': "Basic " + auth,

'x-csrf-token' : sc.localData.csrf

},

success: function (res, status, xhr) {

ctx.log("Second Success Block");

ctx.log(status);

ctx.log(res);

sc.endStep(); // Loops_to_the_Start_bl

return ;

},

error: function (xhr, status, statusText) {

var errorMessage = xhr.status + ': ' + xhr.statusText + ': ' + xhr.responseText;

ctx.log("data failed:" + errorMessage);

ctx.log(JSON.stringify(xhr.status));

sc.endStep(); // Loops_to_the_Start_bl

return ;

}

});

},

error: function (xhr, status, statusText) {

var errorMessage = xhr.status + ': ' + xhr.statusText + ': ' + xhr.responseText;

ctx.log("End Error Block:" + errorMessage);

ctx.log(JSON.stringify(xhr.status));

sc.endStep(); // Loops_to_the_Start_bl

return ;

}

});

}

Any help here is appreciated.

Thanks in Advance,
Sri Mounika

amit_sharma96 · ‎2021 Mar 06

Hello @Mounika,

When you use ignoreClientCertificate:true in ctx.ajax call , the SDK uses a C++ implementation to do the API call. Where while doing the POST call with csrf token, cookies also need to be added in the request header which was obtained from the previous GET call.

cookies can be retreived similar to CSRF token like :
var value = xhr.headers["Set-Cookie"]; //cookie retrival from GET call

headers["Cookie"] = formatCookies(value); //Setting cookie in request header for POST call

Kindly check this WIKI links for more details regarding how to format cookies.
To know more about ignoreClientCertificate flag, please check my blog and let me know your feedback.
Hope this helps 🙂

TJe · ‎2021 Mar 05

Guess you have the same issue, we have found when using the SAP Analytics Cloud API.
In the current version, IRPA is not able to handle this cause the requests are executed not in the same request session.
This is planned to be possible with version 2103.
You can find some more information in my blog: Use SAP Analytics Cloud REST API with SAP Intelligent RPA – Automations

hope this helps, regards
Thomas

SAP IRPA Ajax Call issue 403 Forbidden Status with CSRF Token Validation Failed in POST method

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (2)

Answers (2)