cancel
Showing results for 
Search instead for 
Did you mean: 

How to solve the error "CSRF token validation failed” when calling an API?

Kelly_Hannel
Product and Topic Expert
Product and Topic Expert

The error "CSRF token validation failed” is raised when you try to access an API via Postman.

You want to know how to resolve this error.

Accepted Solutions (1)

Accepted Solutions (1)

Kelly_Hannel
Product and Topic Expert
Product and Topic Expert

Hello Community,

In order to solve the error "CSRF token validation failed” you need to fetch the the CSRF token.

To do it, please follow the below steps:

1- Using GET go to Headers tab and add:

KEY = x-csrf-token VALUE = fetch

2- Press send.

3- The token will be generated at Header tab. Then you need copy the token and change for the field value "fetch".

Please refer to the image "CSRF" attached.

4- After that you will be able to use the POST method.

Hope it helps!

srikanthvadla
Explorer
0 Kudos

Thanks Kelly ! May i know the reason why we need to do that, is it due to an update in PostMan version ? I have create many odata services before but i did not face this issue before. Can you please help to understand little more ?

Answers (3)

Answers (3)

MauricioSantos
Discoverer
0 Kudos

Changing the Default CSRF Protection Mechanism

To change the default CSRF protection mechanism, proceed as follows:

  1. Go to transaction SICF.

  2. Navigate to the ICF node for your service.

  3. Double-click your service node.

  4. On Service Data choose GUI Configuration.Caution

  5. Enter the following values:

    • Parameter Name~CHECK_CSRF_TOKEN

    • Parameter Value0/1 (disable/enable)

      Compatiblity Mode for SP02 - HTTP Handler in SICF (node sdata)

      ( Default : X-Requested-With, to enable XSRF check use, ~CHECK_CSRF_TOKEN=1)

      The request handler is /IWFND/CL_SDATA_ODATA_APP.

      Standard Mode - HTTP Handler in SICF (node odata)

      ( Default: XSRF check, to disable and switch to X-Requested-With, use ~CHECK_CSRF_TOKEN=0)

      The request handler is /IWFND/CL_SODATA_HTTP_HANDLER.

  6. Choose Continue and save your settings.

gunnare
Explorer
0 Kudos

Nice! Thank you for posting this solution

former_member810551
Discoverer
0 Kudos

I am getting a error "CSRF token validation failed" using a Tcode: /n/IWFND/GW_CLIENT

Do you have any ideia to fix?

Thanks a lot

Rodolfo.

vikram_putta
Explorer

Hi Rodolfo,

could you please let me know how did you solve the error "CSRF token validation failed" in SAP Gateway?

i'm also facing the same error even though i have csrf-token in my post request. Your inputs will be very helpful.

Thanks

Vikram