3048103 - 403 Error Occurs When Executing OData Call via External Consumers

“CSRF token validation failed” error occurs when executing POST/PATCH OData call via external consumers.

 SAP Cloud for Customer

1. Go to Administrator work center.
2. Select General Settings view.
3. Select OData API Monitor under System Administration.
4. Select the 403 error entry and select View Response Payload.

Here it's possible to find the error “CSRF token validation failed”.

Since OData is a stateless protocol, it's required to do cookie handling in order to make a successful modifying call. Otherwise, the CSRF token will be considered invalid, as the second call will be based on a different session.

The implementation should avoid relying on specific cookie names or sequences. However, customers should ensure that they process all cookies they receive in accordance with the cookie specification

Currently, the XSRF cookie can be either sap-XSRF_<SID>_<client> or SAP_SESSIONID_<SID>_<CLIENT> but this can change as well any time.

An XSRF check is a simple compare of a XSRF header towards a XSRF cookie.

KBA 2584064 - Error Message: “CSRF token validation failed” in SOAPUI

OData Dev Guide

ODATA; CSRF Token; External Consumers; Cookie , KBA , AP-RC-ODF , OData framework (C4C Only) , How To