cancel
Showing results for 
Search instead for 
Did you mean: 

Validity of CSRF Token

SAPSupport
Employee
Employee

Dear SAP,

When using the POST commands to the BP API (or any other API) we see that the CSRF token doesn't seem to expire. I can't find any documentation on how long the CSRF token should stay valid. We need to know this in order to allow correct integration flows. 

Can you provide information on how long the CSRF tokens are valid in S/4 Cloud environments?


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.
View Entire Topic
SAPSupport
Employee
Employee
0 Kudos

Dear Customer,

 

By default the CSRF token remains valid for 24 hours (86400 seconds), however the validity is bound to the security session, which depends on the system parameter http/security_session_timeout value. In S/4HANA Cloud the http/security_session_timeout value is 30 minutes. 

The token request is for 24 hours but it is still tied to the security session as specified. So, the validity is only 30 minutes on cloud by default. 

 

Kind regards.

JZijderveld
Active Participant
0 Kudos
Thanks for this. Although we can use the same CSRF in Postman for several hours we will abide to the 30 minutes for our operational integration flows.