SAP Knowledge Base Article - Preview

3475617 - For OAUTH 2.0 Do GET Requests require an X-CSRF-TOKEN to function?


  • CPI uses a HEAD request to first get the X-CSRF token and the http session cookies that is needed for the subsequent http POST call. 
  • The X-CSRF token will be valid only if the POST call is sent with the same HTTP session information. The HTTP session information is returned as “set-cookie” in the HTTP HEAD call



  • SAP Gateway 


SAP S/4HANA 2023


x-csrf-token, GET, POST, request, odata, OAUTH 2.0,gw, iwfnd. , KBA , OPU-GW-COR , Framework , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.