Skip to Content

How to Call OData Services in SAP Hybris Marketing Cloud

In this how-to topic, I want to explain how to call an OData service in SAP Hybris Marketing Cloud in a way that ensures a high degree of system security and performance. I am using CUAN_IMPORT_SRV as an example, but this description applies to all OData services in SAP Hybris Marketing Cloud.


Steps to Import Data into the SAP Hybris Marketing Cloud System:

  1. Request a CSRF token and session cookie by calling the metadata document.
    e.g. https://<>/sap/opu/odata/sap/cuan_import_srv/
    In the get request header, you have to add the parameter name ‘x-csrf-token’ and the value ‘Fetch’, as shown in the code snippet. With this get request, you will receive the CSRF token and session cookie in the response:
  2. Create your payload with the data you want to send.
  3. Post the data via the corresponding endpoint and send the CSRF token as well as the session cookie which you received in the first step. In the post request, you have to add:
    • The parameter ‘x-csrf-token’, that is the value from the token you received in step 1.
    • The parameter ‘Content-type’ with the value ‘application/json’
    • And the session cookie you received from the get metadata request
    • e.g. https://<>/sap.opu.odata/sap/cuan_import_srv/ImportHeaders
  4. At the end you should terminate the session cookie by calling the logoff service. In this get request you have to add
    • The parameter ‘x-csrf-token’ and the value you received in step 1.
    • The session cookie you received from the get metadata request. By doing this, you ensure that the session cookie and CSRF token are no longer valid.
      e.g. https://<>/sap/public/bc/icf/logoff

Note: Steps 1 and 4 are only called once, while steps 2 and 3 should be executed in a loop without fetching a new CSRF token and session cookie each time.

Important Points to Note:

  • The session cookie will automatically terminate after 30 minutes idle time.
  • You should reuse the session cookie and CSRF token for as long as you can. In other words, you should try to avoid exceeding 30 minutes idle time.
  • By reusing the session cookie, you avoid having additional calls to generate a new cookie every time. This leads to improved performance because you have to execute the get call only once, at the beginning of your program

By terminating the session cookie, you secure the system, because the cookie and CSRF token can no longer be used.

Code snippets from ABAP SE38 Program

Open the session:


Use the session:


Close the session:

You must be Logged on to comment or reply to a post.
  • Thanks for the blog Joerg Losat.

    Can we use the above mentioned steps to fetch the data from Hybris Marketing Trial system. Do we need have any specific authorizations to fetch the data from Hybris Marketing Trial system using OData services.If  so, please help me out what are the required authorizations.


    Kindly let me know what is the backend for Hybris Marketing system.




    • Hi,

      yes, the how to guide is a general explanation. You can use the pattern for all OData calls. To your concrete questions about the Hybris Marketing Trial system, as far as I know we do not offer the possibility to read data out of the trial system and the CUAN_IMPORT_SRV I mentioned above is to import data only.

      Best regards,

  • Hi,

    I have a requirement like  MS CRM Integration with Hybris Marketing by using Odata.

    Can you please explian me how to do that??



  • Hi,

    I follow step by step but get this error, I am using CUAN_IMPORT_SRV. Can you help me?

    <?xml version="1.0" encoding="utf-8"?>
    <error xmlns="">
        <message xml:lang="en">Resource not found for segment 'ImportHeader-UserName'.</message>
                <SAP_Note>See SAP Note 1797736 for error analysis (</SAP_Note>
                    <message>Resource not found for segment 'ImportHeader-UserName'</message>


  • Using end point $metadata returns an unnecessary large amount of kilobytes as opposed to the service root if the goal is only to authenticate and fetch the CSRF token.

    • Hi Robin,

      you are totally right, but to make the call only once instead of doing the call before every post request, will safe a lot of time. It is a very small improvement in comparison of the overall performance improvement. Nevertheless you are totally right. I will check to update the blog post.

      Thank you very much for your feedback.


  • Hi Losat,

    Thanks for the information. It's very usefully information for large data set customers. One question, how does it apply to SCPI oDATA adapter? For customers integrating with SCPI, what measures they have in control to ensure the session handling is properly done?

    Best regards,



    • Hi Yue,

      in SCPI oData adapter you can setup session usage, that SCPI will reuse the same session / security session.

      Best regards,


  • Hi , I need to post a data in json format to a endpoint using ODATA but i cannoty find any snippet or demo code implementation for that , any help?

      • Hi Siddarth,

        in the API hub you will find snippets in different implementation languages.

        See link:

        Don't know what you mean with specific extensions, we have integrations from Commerce to Marketing via OData services.

        Best regards,