Symptom
- The POST request returns 201 created in Postman, but no in the other third-party tools (403 Forbidden).
- When checking the response details, will find the error: x-csrf-token: Required
- But x-csrf-token was passed in the request.
Environment
SAP Analytics Cloud
Reproducing the Issue
- Obtain an access token using the same client credentials.
- Obtain a CSRF token with GET call.
- POST the import API endpoint using the obtained CSRF token.
Cause
The issue is due to the missing set-cookie response header.
For instance, when using Postman, the cookies (there may be several of them) from the set-cookie response header will be most likely added by Postman itself from the preceding GET call to the next POST/PUT/PATCH/DELETE call.
But, if you are trying to write your own code or prefer using a different testing framework like SAP API Business Hub, this will likely not happen automatically.
Resolution
Please refer to this Blog to handle cookie headers in GET and POST call: 403 when trying to create user with the SCIM REST API
See Also
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening a case for SAP Analytics Cloud?
- Search for SAP Analytics Cloud content using Google or Bing:
- https://www.google.ca/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- Note: Add relevant text or warning/error messages to the text search field to filter results.
- SAP Analytics Cloud > Learning > Data Connections
- SAP Analytics Cloud > Learning > Guided Playlists
- SAP Analytics Cloud > Learning > Guided Playlists > Getting Support
- Need More Help? Contact Support or visit the solution finder today!
Your feedback is important to help us improve our knowledge base.
Keywords
SAP Analytics Cloud, Import API, 403 Forbidden, API Gateway, access token, CSRF token, endpoint, cookie, header, required , KBA , LOD-ANA-ML-DI , Data Integration, Data Export API, Data Import API , Problem