Skip to Content
Author's profile photo Former Member

SAP NetWeaver IdM REST API UI – calling POST method/example

SAP NetWeaver IdM REST API UI – calling POST method/example

 

            I had a problem executing a POST method, after a new security requirement was added (the Virus Scan Interface has been enabled) within IdM  REST Interface Version 2 to prevent XSRF attacks. So I had to execute a non-modifying request (GET, HEAD, OPTIONS) first, where the X-CSRF-Token header field has the value Fetch. And after I had the value from my fist call in X-CSRF-Token header field I was able to execute a modifying request (POST…). Here is an example, how I do that:

var xsrfTokenValue=””;

var myData = new Object();

$.ajax({

                type: “GET”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                async: false, 

                contentType: ‘application/json’, 

                headers: {

                               “X-CSRF-Token”: “Fetch”,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                success: function(res, status, xhr){

                     xsrfTokenValue =xhr.getResponseHeader(“X-CSRF-Token”);

               }

});

$.ajax({

                type: “POST”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                headers: {

                               “X-CSRF-Token”: xsrfTokenValue,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                data:myData,

                async: false, 

                contentType: ‘application/json’,

                success: function(data){

               }

});

Note:

  • Into xsrfTokenValue variable is the value for X-CSRF-Token header stored(from the GET method)
  • into my headers I have all required IdM headers.
  • Into myData(in my POST request) you can dynamically generate the Object(the needed data send back to IdM) send with the POST method

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Kai Ullrich
      Kai Ullrich

      very helpful. Thanks for posting this.

      Author's profile photo Former Member
      Former Member

      Nice. Always got away with SAP Note 1806098.

      Author's profile photo Former Member
      Former Member

      Great job, Simona! This is exactly what I needed.

      Author's profile photo Former Member
      Former Member

      Big Big Thanks!!!

      Btw: I'm using a proxy server for the CORS request and had also to set this config:

      Header set Access-Control-Expose-Headers "x-csrf-token"

      Author's profile photo Former Member
      Former Member

      I'm trying to access a rest through JSONModel with but unfortunately I've had a trouble.


      The error is:

      Additional information: The HTTP method 'OPTIONS' of the incoming request (with URI 'http://localhost:36172/RestSe rviceImpl.svc/token') is not allowed.


      The code is:

      var oModel = new sap.ui.model.json.JSONModel();

      var url ='http://localhost:36172/RestS erviceImpl.svc/token';

      var parameters ={};

      var headers ={};

      headers.Authorization ='Access-Control-Allow-Origin: true';

      headers.setHeader ='Accept: application/json';

      headers.setHeader ='Content-Type: application/json';

      var parameters ='username=wcorrea,password=12 3456,expiration=500';

      //var parameters ='wcorrea,123456,500';

      oModel.loadData(url, parameters, false, "POST", false, "false", headers);


      Does anyone have an idea what's going on?


      Tks

      Rodrigo

      Author's profile photo Matt Pollicove
      Matt Pollicove

      Rodrigo, this should be posted as a new thread, not as a comment to the blog.  Thanks!

      Author's profile photo Former Member
      Former Member

      Hi guys,

      I’m new to SAP IdM so I was wondering if you could help me. I could understand this code, but I don’t know how/where it is called on SAP. Can anybody tell me?

      From what I see, you provide the MSKEY and TASKID, but where?

       

      Many thanks in advance.