Skip to Content

SAP NetWeaver IdM REST API UI – calling POST method/example

SAP NetWeaver IdM REST API UI – calling POST method/example

 

            I had a problem executing a POST method, after a new security requirement was added (the Virus Scan Interface has been enabled) within IdM  REST Interface Version 2 to prevent XSRF attacks. So I had to execute a non-modifying request (GET, HEAD, OPTIONS) first, where the X-CSRF-Token header field has the value Fetch. And after I had the value from my fist call in X-CSRF-Token header field I was able to execute a modifying request (POST…). Here is an example, how I do that:

var xsrfTokenValue=””;

var myData = new Object();

$.ajax({

                type: “GET”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                async: false, 

                contentType: ‘application/json’, 

                headers: {

                               “X-CSRF-Token”: “Fetch”,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                success: function(res, status, xhr){

                     xsrfTokenValue =xhr.getResponseHeader(“X-CSRF-Token”);

               }

});

$.ajax({

                type: “POST”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                headers: {

                               “X-CSRF-Token”: xsrfTokenValue,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                data:myData,

                async: false, 

                contentType: ‘application/json’,

                success: function(data){

               }

});

Note:

  • Into xsrfTokenValue variable is the value for X-CSRF-Token header stored(from the GET method)
  • into my headers I have all required IdM headers.
  • Into myData(in my POST request) you can dynamically generate the Object(the needed data send back to IdM) send with the POST method
7 Comments
You must be Logged on to comment or reply to a post.
  • Big Big Thanks!!!

    Btw: I’m using a proxy server for the CORS request and had also to set this config:

    Header set Access-Control-Expose-Headers “x-csrf-token”

  • I’m trying to access a rest through JSONModel with but unfortunately I’ve had a trouble.


    The error is:

    Additional information: The HTTP method ‘OPTIONS’ of the incoming request (with URI ‘http://localhost:36172/RestSe rviceImpl.svc/token‘) is not allowed.


    The code is:

    var oModel = new sap.ui.model.json.JSONModel();

    var url =’http://localhost:36172/RestS erviceImpl.svc/token‘;

    var parameters ={};

    var headers ={};

    headers.Authorization =’Access-Control-Allow-Origin: true’;

    headers.setHeader =’Accept: application/json’;

    headers.setHeader =’Content-Type: application/json’;

    var parameters =’username=wcorrea,password=12 3456,expiration=500′;

    //var parameters =’wcorrea,123456,500′;

    oModel.loadData(url, parameters, false, “POST”, false, “false”, headers);


    Does anyone have an idea what’s going on?


    Tks

    Rodrigo

  • Hi guys,

    I’m new to SAP IdM so I was wondering if you could help me. I could understand this code, but I don’t know how/where it is called on SAP. Can anybody tell me?

    From what I see, you provide the MSKEY and TASKID, but where?

     

    Many thanks in advance.