Skip to Content
Technical Articles

Just a single click to test SAP OData Service which needs CSRF token validation

We all know that if we want to consume SAP OData service to perform some write operation on server, that is, create, update or delete, it’s necessary to get a CSRF token first and then append it as header field of the actual OData service call.
Previously I test such scenario using Postman, and I have to always do the following things manually:
1. fetch a valid CSRF token from server by specifying HTTP header field x-csrf-token’s value as “fetch”:
2. append this token to the header field of the second HTTP post request:
Then one of my colleagues inspired me: can all these boring steps could be finished automatically with a single click?
Yes! It could be just achieved by a little scripting in Postman itself.
1. Click this icon to open Environments maintain screen:
Create a new environment named “TokenSuite” and a variable “csrftoken” within it:
2. In the first token retrieve HTTP request, write the following simple script to parse the token from HTTP response and set it to the environment variable just created in previous step:
var token = postman.getResponseHeader("x-csrf-token");
console.log("token:" + token);

postman.setEnvironmentVariable("csrftoken", token);
3. In the second HTTP post request, just specify the actual value of token using grammar {{csrftoken}}:
Now click run button:
Collection Runner window is opened. Just press “Run CSRF token test”:
And the two requests could be run one by one, the token retrieved by first request was automatically used in the second HTTP post request. Very convenient, isn’t it?

You must be Logged on to comment or reply to a post.