on 2023 Jun 29 7:43 AM
Dear SAP Expert,
We receive SAP announcement about Odata API change in SAP new version 2308.
reference SAP Knowledge is "3339155 - OData APIs – Wrong usage of session cookies"
it mention below :
Integration scenarios using ODATA APIs might be impacted if not all cookies are sent to the server. The impact is especially seen when "x-csrf-token" value is sent via request header along with a specific session cookie (instead of all cookies).
We use Odata Query for Report, and Odata Query should be a "Get" Odata API.
In Odata Query, we don't use "x-csrf-token" in request.
So in my understand, this new Odata API change in new SAP BYD version won't affect the Odata Query we are using now.
Is it Correct ?
BR
Chen
Request clarification before answering.
Dear Chen,
The impact is especially seen when "x-csrf-token" value is sent via request header along with a specific session cookie (instead of all cookies). In such cases, CSRF token validation fails resulting in HTTP response code: 403 - Forbidden.
For OData, if x-csrf-token is not returned with GET calls and are intended to be used between system to system integration. Therefore, the x-csrf-tokens are not required for POST, PATCH, PUT, and DELETE calls.
You can also refer to the below KBAs:2978556 - You Are Unable to Fetch Token Using GET Method - SAP for Me
3339155 - OData APIs – Wrong usage of session cookies - SAP for Me
I hope this information helps resolve your query.
Thanks and Regards,
Pavithra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
92 | |
39 | |
8 | |
5 | |
3 | |
3 | |
3 | |
2 | |
2 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.