3520220 - “CSRF token validation failed” error occurs when executing POST/PATCH OData call via external consumers

You are experiencing the 403 error with message “CSRF token validation failed”. Based on document 3048103 - 403 Error Occurs When Executing OData Call via External Consumers, you identified the root cause, but require switch off the cookie session storing the Token ID.

SAP Cloud for Customer

1. Go to Administrator work center
2. Select General Settings view
3. Select OData API Monitor under System Administration
4. Select the 403 error entry and select View Response Payload
5. Then you can find error “CSRF token validation failed”

When connecting to C4C application, C4C creating the Cookie session and saves the token ID. If customer create a new session it creates a new token ID. Since C4C app already has a Cookie session with earlier Token ID its not allowing to use the token id generated in later session.

As mentioned in 3339155 OData APIs – Wrong usage of session cookies, Clients should not have any validations or checks or any kind of coding based on cookie names. Such checks need to be removed and the behavior should be tested. Clients consuming OData services should send back all cookies received from the server in subsequent calls to that server (without any filtering on cookie names).

As per our current behavior customer needs to send back the cookies received from server in subsequent calls, this behavior cannot be modified, please leverage Partner community portal where you can check for your requirement and get some further consulting assistance.

• 3048103 - 403 Error Occurs When Executing OData Call via External Consumers
• 3339155 - OData APIs – Wrong usage of session cookies

403, ODATA, CSRF Token, External Consumers, Cookie, Token ID, termination , KBA , LOD-CRM-INT-API , OData API (C4C Only) , How To