SAP Knowledge Base Article - Preview

2171472 - CSRF token validation failed when using multiple endpoints within one application - SMP


SAP Mobile Platform (SMP) server has been configured to work with multiple endpoints on the same SAP gateway.
Those are configured on SMP within one application.
The client application is set up with LogonCore in iOS application/SDK.
On every GET request the SDK sends a header with "x-csrf-token: Fetch".
This causes the backends to send the CSRF token, which is required on client side to send along when doing POST/PUT requests.
Those backend connections provide each their own distinct token to the SMP server(which passes them along to the client)
and the client side SDK only saves the very last token received and uses it for the possible next POST/PUT request.
After connecting to endpoint X the last time and then trying to send a create request to endpoint Y at the next request,
the SDK sends the wrong token and get's a http 403 error with: "CSRF token validation failed".



  • SAP Mobile Platform (SMP) 3.0 SP07
  • SAP Mobile SDK 3.0 SP07 PL02
  • iOS OData application
  • SOdataOnlineStore


SAP Mobile Platform 3.0


KBA , x-csrf-token , x-csrf , csrf , multiple , gateway , endpoint , token , sodataonlinestore , online , odata , service , 403 , MOB-SDK-ODP , SAP Mobile SDK Odata SDK , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.