Showing results for 
Search instead for 
Did you mean: 

How to post CSRF Token to SAP Standard ODATA to perform POST Operation ?

0 Kudos

Hello Experts, 

I am working on a scenario where i want to Post BATCH in SAP S4 Hana System. 
Working on POSTMAN Tool : 

1. GET CSRF Token from the API and Put in the Header of Request 

2. x-csrf-token : _______________ and Basic Auth. 


It is working fine in the POSTMAN Tool 


In order to make this work on SAP CPI, I developed a iflow 


1. Hold Payload : Holds the JSON Payload 
2. XML to JSON : It converts JSON to XML for capturing the fields in XPATH
3. Content Modifier : It captures Xpath 
4. Content Modifier : 



5. Request Reply : It sends the GET Request to the API and gets the CSRF Token which will be later used to create POST Request. 

6. Content Modifier : (Capture Token) In this step we can log the retrieved CSRF Token by using ${header.x-csrf-token} 

7. Request Reply : In this step i am creating a POST Request to create Batch in which it is mandatory to send csrf token in the header. 


But when i am deploying the iflow and test it from postman i am getting error as "403 CSRF Token Validation Failed" 

So instead of using SAP API there i replaced it with a random webhook to see that what values i am passing in the header. 

I am getting CSRF Token there in the Header value. 
But why it is not working with SAP API. 

Please elaborate your views 

Prathmesh Sutar






View Entire Topic

Have you enabled http session reuse to on integration flow? Try with that.

0 Kudos

As per your comment i implemented the change and now SAP API is able to get a hit. now having 415 error as unsupported format, but when i simulate the payload and test the same with postman it is working, not sure why SAP response is http 415

0 Kudos

415 is unsupported media type error. In your postman call, check the Content-Type header, and set the same header in CPI before the API call.