Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Contributor
Some Web applications are securing their applications with the x-csrf-token. This requires you to call the service to get a token before you do the modification of the objects. This is at the moment not support the REST adapter in SAP PI/PO. But it could probably be added later.

The scenario looks like the following. In our message mapping, we will perform a lookup call to a Rest adapter to get the x-csrf-token. Then we have an adapter module that we use to call the service with.


You can see the video where I'm describing how to setup the system.

Here is the UDF method that calls to get the token.
	@LibraryMethod(title="lookupToken", description="get token from service", category="RestLookup", type=ExecutionType.SINGLE_VALUE) 
public String lookupToken (
Container container) throws StreamTransformationException{
AbstractTrace trace = container.getTrace();
Map<String, Object> all = container.getInputHeader().getAll();

Channel restChannel = LookupService.getChannel("B2B","ReceiverRestToken");
SystemAccessor restAccessor = LookupService.getSystemAccessor(restChannel);
trace.addInfo("got channel ");
XmlPayload payload = LookupService.getXmlPayload( new ByteArrayInputStream("<root/>".getBytes()));
Payload response =;
trace.addInfo("got response");
String payloadContent = "";
try {
payloadContent = readbytes(response.getContent());

} catch (IOException e1) {
trace.addWarning("IO Exception " +e1.getMessage());


DynamicConfiguration config = (DynamicConfiguration)all.get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);

//Define key to write in the Dynamic Configuration
DynamicConfigurationKey key1 = DynamicConfigurationKey.create("","token");
config.put(key1,payloadContent );
}catch(Exception e){
trace.addWarning("Unable to set dynamic configuration" );

return "";

private String readbytes(InputStream inputStream) throws IOException{
ByteArrayOutputStream result = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int length;
while ((length = != -1) {
result.write(buffer, 0, length);
// > JDK 7
return result.toString("UTF-8");

Then we have the adapter module that you need to include a software component and deploy together with your other modules.
public class SetTokenModule implements Module, SessionBean {
private static final long serialVersionUID = -4916672969815060014L;
private static final Location LOC = Location.getLocation(SetTokenModule.class);
private AuditAccess audit;

public ModuleData process(ModuleContext context, ModuleData inputmoduleData) throws ModuleException {
try {
Message msg = (Message) inputmoduleData.getPrincipalData();
MessageKey key = msg.getMessageKey();

audit = PublicAPIAccessFactory.getPublicAPIAccess()
audit.addAuditLogEntry(key, AuditLogStatus.SUCCESS,
"TokenModule: Module called");
MessagePropertyKey tokenKey = new MessagePropertyKey("x-csrf-token","");

String token = msg.getMessageProperty(tokenKey);
audit.addAuditLogEntry(key, AuditLogStatus.SUCCESS,
"TokenModule: Tokenvalue "+token);
TextPayload tokenPayload = msg.createTextPayload();
catch (Exception e) {
// TODO Auto-generated catch block
return inputmoduleData;

The post channel configuration should look like the following.

And to get the token to the adapter you need to add the header properties like the following.

Labels in this area