Skip to Content

In this how-to topic, I want to explain how to call an OData service in SAP Hybris Marketing Cloud in a way that ensures a high degree of system security and performance. I am using CUAN_IMPORT_SRV as an example, but this description applies to all OData services in SAP Hybris Marketing Cloud.


Steps to Import Data into the SAP Hybris Marketing Cloud System:

  1. Request a CSRF token and session cookie by calling the metadata document.
    e.g. https://<>/sap/opu/odata/sap/cuan_import_srv/$metadata
    In the get request header, you have to add the parameter name ‘x-csrf-token’ and the value ‘Fetch’, as shown in the code snippet. With this get request, you will receive the CSRF token and session cookie in the response:
  2. Create your payload with the data you want to send.
  3. Post the data via the corresponding endpoint and send the CSRF token as well as the session cookie which you received in the first step. In the post request, you have to add:
    • The parameter ‘x-csrf-token’, that is the value from the token you received in step 1.
    • The parameter ‘Content-type’ with the value ‘application/json’
    • And the session cookie you received from the get metadata request
    • e.g. https://<>/sap.opu.odata/sap/cuan_import_srv/ImportHeaders
  4. At the end you should terminate the session cookie by calling the logoff service. In this get request you have to add
    • The parameter ‘x-csrf-token’ and the value you received in step 1.
    • The session cookie you received from the get metadata request. By doing this, you ensure that the session cookie and CSRF token are no longer valid.
      e.g. https://<>/sap/public/bc/icf/logoff

Note: Steps 1 and 4 are only called once, while steps 2 and 3 should be executed in a loop without fetching a new CSRF token and session cookie each time.

Important Points to Note:

  • The session cookie will automatically terminate after 30 minutes idle time.
  • You should reuse the session cookie and CSRF token for as long as you can. In other words, you should try to avoid exceeding 30 minutes idle time.
  • By reusing the session cookie, you avoid having additional calls to generate a new cookie every time. This leads to improved performance because you have to execute the get call only once, at the beginning of your program

By terminating the session cookie, you secure the system, because the cookie and CSRF token can no longer be used.

Code snippets from ABAP SE38 Program

Open the session:


Use the session:


Close the session:

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. madhurima chinni

    Thanks for the blog Joerg Losat.

    Can we use the above mentioned steps to fetch the data from Hybris Marketing Trial system. Do we need have any specific authorizations to fetch the data from Hybris Marketing Trial system using OData services.If  so, please help me out what are the required authorizations.


    Kindly let me know what is the backend for Hybris Marketing system.




    1. Joerg Losat Post author


      yes, the how to guide is a general explanation. You can use the pattern for all OData calls. To your concrete questions about the Hybris Marketing Trial system, as far as I know we do not offer the possibility to read data out of the trial system and the CUAN_IMPORT_SRV I mentioned above is to import data only.

      Best regards,



    I have a requirement like  MS CRM Integration with Hybris Marketing by using Odata.

    Can you please explian me how to do that??



  3. Quang Huy Nguyen


    I follow step by step but get this error, I am using CUAN_IMPORT_SRV. Can you help me?

    <?xml version="1.0" encoding="utf-8"?>
    <error xmlns="">
        <message xml:lang="en">Resource not found for segment 'ImportHeader-UserName'.</message>
                <SAP_Note>See SAP Note 1797736 for error analysis (</SAP_Note>
                    <message>Resource not found for segment 'ImportHeader-UserName'</message>



Leave a Reply