SAP Knowledge Base Article - Public

2584064 - Error Message: “CSRF token validation failed” in SOAPUI

Symptom

Upon trying to call C4C OData Service using SOAPUI, a new x-csrf-token is returned with every GET request of the OData Service call from external consumers. During the POST call, upon passing the fetched x-csrf-token we see the error:

CSRF token validation failed

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP Cloud for Customer

Reproducing the Issue

  1. Open SOAPUI application
  2. Get the x-csrf-token using the GET function
  3. Select POST function and use the x-csrf-token
  4. Pass the required Payload
  5. System throws the mentioned error

Cause

During the first GET operation, when we fetch the x-csrf-token using SOAPUI, the second set-cookie attribute value returned to the Response header was not used as the value for the cookie attribute in the Response header of the POST operation.

Resolution

During the first GET operation, upon fetching the x-csrf-token using SOAPUI, you need to also note down the second set-cookie attribute value, returned in the Response header. Further, pass this value, along with the fetched x-csrf-token value, as the value for the cookie attribute in the Response header of the POST operation.

1. Open SOAP UI.
2. In the GET request, send x-csrf-token with value = fetch.
3. Received the response with x-csrf-token and cookies.

pic_!.jpg

4. If subsequent requests are made, x-csrf-token gets changed.
5. In the Request header, send cookie with value returned in previous response (highlighted as 2).
6. Now with subsequent request x-csrf-token is not changed.
7. In case of POST call, pass x-csrf-token sent by server along with the cookie.

pic_2.jpg

The error does not occur anymore, and the POST call is successful.

Keywords

SOAPUI, x-csrf-token, CSRF token validation failed; C4C; Qualtrics; Integration;  , KBA , soapui , x-csrf-token , csrf token validation failed , LOD-CRM-INT-API , OData API (C4C Only) , How To

Product

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions