SAP Knowledge Base Article - Public

2855631 - Unable to Perform PATCH Operation, Even Though the Token has been Fetched Successfully


You try to perform a PATCH request in Visual Studio for the OData standard API. But you receive an error, even though the token has been fetched successfully in the GET request.

Error: 403 (forbidden) error


SAP Cloud for Customer


For POST, PATCH, and DELETE operations x-csrf-token is not sufficient to pass the token only. Along with x-csrf-token cookie needs to be passed that is returned by the server in the previous GET call that returns x-csrf-token. By passing the correct cookie value it should work.


In the Request Header of the POST, PATCH and DELETE call, you should pass the following:

  • x-csrf-token = <value returned by the server>
  • cookie = <value returned by the server>


OData request, external system, error, CSRF token validation failed, token sent, , KBA , AP-RC-ODF , OData framework (C4C Only) , Problem


SAP Cloud for Customer add-ins all versions