Skip to Content
Technical Articles

PI REST Adapter: Connect to BW/4HANA using X-CSRF-Token

This blog post is the continuation of a blog post which shows configuration about PI / CPI Integration with SAP BW/4HANA. You can find also some sample scenarios to make it easier for you to understand how you can achieve the integration between PI REST Adapter and SAP BW/4HANA.


The current blog post describes how to connect to SAP BW/4HANA via its XSRF protected REST API. In order to do so you need first to authenticate to the security policy domain and pass an HTTP header “X-CSRF-Token” with the value ‘Fetch’. If the authentication is successful the server generates a token, stores it in the user’s session table, and sends the value in the X-CSRF-Token HTTP response header. For each call in this session, the REST Adapter should send the token value obtained from the X-CSRF-Token HTTP header.  As of release 7.50 SP15 the REST Adapter supports the configuration of XSRF protected REST API’s (see SAP Note 2757524). In this blog post I will describe how to configure such a scenario for connecting to the SAP BW/4HANA REST API.




From SAP BW/4HANA 2.0 Interface you need to take three URI’s:

  1. Get Structure URI, which will give you the XSD schema of the DataStore Object
  2. Get CSRF Token URI, it may be the same which gives you the XSD schema
  3. Send Data URI, which is the actual URI where you will use to PUSH data into a DataStore Object

and for each URI the corresponding HTTP method.

You need to have username and password for the SAP BW/4HANA 2.0 interface for a user which has rights to request the XSD schema and the XSRF token.




Firstly you should extract the XSD schema of the DataStore Object.

For this, you can use the Advanced REST Client Application in your Google Chrome browser or simply use your browser. Access the URL for the XSD schema using your credentials and save the result xsd (xml) file on your file system. Make sure that you are using the correct Content-type header (application/xml) otherwise you can get the JSON Schema which cannot be applied in the PI ESR.


Importing the XSD schema to ESR


Open your Enterprise Service Browser in the SAP Process Integration Designer. Go to the correspondent Software Component of your scenario, open the namespace tree and click with right button on the “External Definitions”. Select “Import External Definition”.

In the new window, add the XSD file from previous step and press next.

Now you have imported the Data Objects and can apply any mappings by your needs.


Configuring the REST receiver channel


You would like to access the SAP BW/4HANA Rest API. Create a new Integration Flow with Receiver channel of type REST. Select the receiver channel and switch to tab REST URL below tab Adapter-Specific. Maintain the URL pattern, use the given URL for Send Data.

As mentioned above, this service is XSRF protected, so next step is to configure usage of XSRF Token.

Switch to tab General below tab Adapter-Specific and check flag Use Basic Authentication. Here you should fill the information about the user and password for connection to the XSRF protected service.

Afterwards check the flag Use XSRF token. On this step you have to select the HTTP Operation which should be used for extracting the token. This information you should already have as per the section Prerequisites. In the drop down you will find the following non-modifying HTTP Operations:

  • GET
  • HEAD

Next required field is the XSRF Token URL which should be filled manually. Or if it is the same URL from tab REST URL you can check the flag “Use resource URL from tab ‘REST URL'”.

Switch to tab REST Operation and select for Value Source: Manual Value and under Static Value: select the required HTTP method for the Sent Data URI.



I hope this blog post was helpful to understand how to configure your REST Receiver channel in order to connect with SAP BW/4HANA XSRF protected service. If you like to learn more, check out the other blog posts accessible from the main blog post Data Integration with SAP BW/4HANA 2.0.


Be the first to leave a comment
You must be Logged on to comment or reply to a post.