Showing results for 
Search instead for 
Did you mean: 

How do I get and set x-csrf-token and set-cookie in SAP Build Process Automation?

0 Kudos

Hi Expert,

I need a CSRF token to POST to S/4HANA (CAL) using SAP Build Process automation, I am getting an error message "CSRF token validation failed".

I tried to find the cause in POSTMAN, but as you can see in the blog below, the cookie needs to be set as well with the S/4HANA version upgrade.

CSRF Token Validation Failed in POST method in Gateway Client

So we are trying the method of getting and setting the x-crsf-token and set-cookie manually. By setting the header input and output respectively in the action project, we were able to successfully retrieve and send the values and update them.

On the other hand, when I actually try to use the action in the process, it does not work and I get a 403 error. I assume that this is because the item specified as "set-cookie" in the action project has been converted to a variable called "setCookie", and the schema does not match.

Action 'd2272d2e-e5ba-4699-8a65-6e7baa2f8f36' failed with the following error: 'Error thrown from action runtime library: Failed to validate received response against output schema defined in action metadata for action Returns product master record by product number: instance.setCookie is not
instance.setCookie is not of a type(s) string

What we want to know is the following two points

  • Can we retrieve and send the value even if there is an item with a hyphen in the header?
  • Is it possible to update the cookie without setting it in some other way?

Below is what we are trying.

  • system : SAP S/4HANA 2023
  • method : PATCH
  • path : /sap/opu/odata/SAP/API_PRODUCT_SRV/A_Product('11')
  • Success in POSTMAN and action project



View Entire Topic
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Naoto,

Did you try using the CSRF feature in Action Project settings(on top right of Actions Editor). Once this is switched on then for all modifying calls ( POST, PATCH, PUT, DELETE) an automatic GET call is made behind the scenes to fetch the CSRF token and the cookie.

With this feature you need not make a separate GET call to fetch the CSRF token and cookie.

If this does not solve the issue, please raise an incident in component CA-AP-ACT, it requires a closer look from SAP Development team.



0 Kudos

Hi Karthik,

Thank you for reply.

I tried using the CSRF feature but it doesn't work.
But I found that this error is caused by not using cloud connector in this PoC.

That's why I have to set Cookie.
In product environment, the customer will use cloud connector, so there is no problem.