Skip to Content
Technical Articles
Author's profile photo Jerry Wang

Just a single click to test SAP OData Service which needs CSRF token validation

We all know that if we want to consume SAP OData service to perform some write operation on server, that is, create, update or delete, it’s necessary to get a CSRF token first and then append it as header field of the actual OData service call.
Previously I test such scenario using Postman, and I have to always do the following things manually:
1. fetch a valid CSRF token from server by specifying HTTP header field x-csrf-token’s value as “fetch”:
2. append this token to the header field of the second HTTP post request:
Then one of my colleagues inspired me: can all these boring steps could be finished automatically with a single click?
Yes! It could be just achieved by a little scripting in Postman itself.
1. Click this icon to open Environments maintain screen:
Create a new environment named “TokenSuite” and a variable “csrftoken” within it:
2. In the first token retrieve HTTP request, write the following simple script to parse the token from HTTP response and set it to the environment variable just created in previous step:
var token = postman.getResponseHeader("x-csrf-token");
console.log("token:" + token);

postman.setEnvironmentVariable("csrftoken", token);
3. In the second HTTP post request, just specify the actual value of token using grammar {{csrftoken}}:
Now click run button:
Collection Runner window is opened. Just press “Run CSRF token test”:
And the two requests could be run one by one, the token retrieved by first request was automatically used in the second HTTP post request. Very convenient, isn’t it?

Assigned Tags

      6 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Joe Valliparampil
      Joe Valliparampil

      Very useful, thank You Jerry.

      Author's profile photo Andre Fischer
      Andre Fischer

      ?

      Author's profile photo Syambabu Allu
      Syambabu Allu

      Good Tip!!

      Author's profile photo Cagri Senol
      Cagri Senol

      Tested already! Nice work! Thanks.

      Author's profile photo MANIKANDAN RAJASEKARAN
      MANIKANDAN RAJASEKARAN

      Cool ?

      Author's profile photo Ravindra Kumar
      Ravindra Kumar

      Thank you

      Nice Postman tips!