SAP Knowledge Base Article - Public

3566761 - SAP Analytics Cloud: Data Import API returns 403 Forbidden Error with a different third-party tool, but returns 201 Created in Postman.

Symptom

  • The POST request returns 201 created in Postman, but no in the other third-party tools (403 Forbidden).
  • When checking the response details, will find the error: x-csrf-token: Required 
  • But x-csrf-token was passed in the request.

Environment

SAP Analytics Cloud

Reproducing the Issue

  1. Obtain an access token using the same client credentials.
  2. Obtain a CSRF token with GET call.
  3. POST the import API endpoint using the obtained CSRF token.

Cause

The issue is due to the missing set-cookie response header.

For instance, when using Postman, the cookies (there may be several of them) from the set-cookie response header will be most likely added by Postman itself from the preceding GET call to the next POST/PUT/PATCH/DELETE call.

But, if you are trying to write your own code or prefer using a different testing framework like SAP API Business Hub, this will likely not happen automatically.

Resolution

Please refer to this Blog to handle cookie headers in GET and POST call: 403 when trying to create user with the SCIM REST API

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

SAP Analytics Cloud, Import API, 403 Forbidden, API Gateway, access token, CSRF token, endpoint, cookie, header, required , KBA , LOD-ANA-ML-DI , Data Integration, Data Export API, Data Import API , Problem

Product

SAP Analytics Cloud all versions