/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Upon trying to call C4C OData Service using SOAPUI, a new x-csrf-token is returned with every GET request of the OData Service call from external consumers. During the POST call, upon passing the fetched x-csrf-token we see the error:
CSRF token validation failed
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP Cloud for Customer
Reproducing the Issue
- Open SOAPUI application
- Get the x-csrf-token using the GET function
- Select POST function and use the x-csrf-token
- Pass the required Payload
- System throws the mentioned error
Cause
During the first GET operation, when we fetch the x-csrf-token using SOAPUI, the second set-cookie attribute value returned to the Response header was not used as the value for the cookie attribute in the Response header of the POST operation.
Resolution
During the first GET operation, upon fetching the x-csrf-token using SOAPUI, you need to also note down the second set-cookie attribute value, returned in the Response header. Further, pass this value, along with the fetched x-csrf-token value, as the value for the cookie attribute in the Response header of the POST operation.
1. Open SOAP UI.
2. In the GET request, send x-csrf-token with value = fetch.
3. Received the response with x-csrf-token and cookies.
4. If subsequent requests are made, x-csrf-token gets changed.
5. In the Request header, send cookie with value returned in previous response (highlighted as 2).
6. Now with subsequent request x-csrf-token is not changed.
7. In case of POST call, pass x-csrf-token sent by server along with the cookie.
The error does not occur anymore, and the POST call is successful.
Keywords
SOAPUI, x-csrf-token, CSRF token validation failed; C4C; Qualtrics; Integration; , KBA , soapui , x-csrf-token , csrf token validation failed , LOD-CRM-INT-API , OData API (C4C Only) , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)