(Header parameter in request to fetch CSRF Token)
Introduction:
The http methods which modifies the data(e.g. POST) in the system requires CSRF token to successfully post the data. In the latest S/4 Hana patch, which follows strict CSRF rule, we have to set the cookie along with the CSRF token. So, fetching the CSRF token and cookie each time from GET API and passing it to the header of POST method is a tedious task. So, in this blog post we will see how we can make use of "Variable" in Postman to automate POST API call.
This is a continuation of blog post "CSRF Token Validation Failed in POST method in Gateway Client". If you are getting the mentioned error, please check out the blog post for the resolution.
Setting the plot:
- OData has been created in S/4 Hana system in Gateway Service Builder(T-Code: SEGW). We have created 2 OData API.
- First API is used to get the CSRF Token and the cookie. Most of us prefer to get the CSRF token and cookie using the same API which posts the data. ( I prefer to have a separate service which can be used to fetch the CSRF token and cookie centrally by all the service consumer.)
- Second API is used to post the data to Gateway. The CSRF token and the cookie been fetched in the previous API will be passed to the request header.
- We will use the famous tool "Postman" for testing our API. More information on the tool can be found here. If you don't have the tool yet, please fell free to download and install it from here. You can also use the web version. For this blog post, I will use the postman app installed in my system.
- To automate the POST request, we will use Postman "Environment Variable". The variable will be set from GET Response header and it will be used in POST request header for CSRF Token and cookie. Please stay connect to find out how it will be done
Los Geht's:
Postman Environment:
We have to create the environment in postman where we can define the environment variable. I mostly use Postman to validate the OData that has been created in SAP Gateway Service Builder(T-Code: SEGW). So, I will create a single environment "SAP Gateway" and I will use it in all the Collections to validate the developed OData services.
Postman Collection:
Postman collection is the collection of APIs which are logically grouped in one unit. For example, HCM Time Integration can be collection which has all the API required for Time Integration.
Step 1: Create Environment in Postman:
Go to "Environment" tab in Postman and click on the "Create New Environment"(highlighted plus button) and provide a name
(Environment Creation in Postman)
Step 2: Create Environment Variable:
We would set the values of CSRF Token and Cookie. So, we will create two variables, one for holding the value from CSRF Token and one for Cookie. After creating the variable, please click on "save".
(Create Environment Variables in Postman)
Step 3: Create Collection:
Now, let's create a collection named "Time Integration" where we will add 2 requests.
- First one will be the "GET" request which will be used to fetch the CSRF Token and the cookie
- Second one will be used to "POST" the attendance details to S/4 Hana system through Gateway
(Create collection in Postman)
Step 4: Add request to Collection:
To add the request, click on the 3 dot highlighted below in collection and select "Add Request".
(Add request to collection in Postman)
Follow the above step and add the GET and POST API. After adding the API, please click on "save". Please maintain "sap-client" parameter in both GET and POST API.
(Add GET and POST request in Postman)
Once you add both the request, the collection will look like below
Step 5: Authorization with User id and Password:
In my case, I will authenticate using user id and password. So, I will use the "Basic Auth" type in authorization. After providing the data, please click on "save".
I prefer to maintain the credentials in collection level, so that all the request added under that collection will inherit the credential. (You can go to the authorization tab for each request to find out the authorization type. The default authorization type is "Inherit from parent").
(Providing log in credential in Postman)
Step 6: Select Environment in Collection:
Select the created environment "SAP Gateway" in the collection. If environment is not selected, then the variable that were part of "Environment" will not be accessible in side the collection. After that please click on "save".
Note: The variable can also be created in Collection. But, if we do so, we have to define the variables in each and every collection. In our case, we have defined it in the environment and use the environment in all the collection. Hence, refining the variable in each collection is not required.
(Set environment in collection in Postman)
Step 7: Fetch CSRF Token and Cookie:
To fetch the CSRF token, we will call the GET API that we added in Step 4. To fetch the CSRF token, please maintain the header parameter of request as below as below. After that please click on "save".
Once the required parameter is maintained, then click "Send" to call the API.
Once we click on the "Send" button, we will get the response as below. We can see status is "200", which means the call is success. We can see the CSRF token and cookie has been retrieved.
(Response from GET API)
Step 8: Maintain script to set values in Environment Variable
Now we have to set the value of the "CSRF Token" and "Cookie" to the environment variable. For that we have to write the script in "Test" tab of the "GET" request, which will be executed after getting the response from the API. This script will set the values of CSRF token and Cookie in Environment variable. Please click on save after providing the script.
(Script to set values in environmental variable)
Source code:
//Fetch CSRF token from response header
sToken = pm.response.headers.get("x-csrf-token")
//Set CSRF Token in environment variable
pm.environment.set("XCSRFToken", sToken);
//Get all the response header
aHeaders = pm.response.headers.all()
//Declare array for cookies
aCookies = [];
//Get all the cookie value
for(i=0;i<aHeaders.length;i++){
if(aHeaders[i].key == "set-cookie"){
aCookies.push(aHeaders[i].value)
}
}
//Concatenate all the cookie with semi-colon
sCookie = aCookies.join(";")
//Set cookie value to environment variable
pm.environment.set("Cookie",sCookie)Step 9: Check values of Environment Variable
Once the code is maintain, please click on send again. This time, the value of CSRF Token and Cookie values will be saved in Environment Variable. We can cross check the values in environment.
(Values set in environment variable)
Step 10: Use the environment variable in POST Request
To use the environment variable in POST request, we have to specify the variable name in "{{<VariableName>}}". Please provide the values as below
(Set environment variable in POST request)
Step 11: Submit POST request
Once the variables has been maintained similar to above screenshot, please click on Send. We will get successful response.
(Response from POST request)
Hurray! So, we have go the response successfully without passing the CSRF token and Cookie manually.
Bonus Tip: Run Collection
We can also run the collection directly. If we do so, all the request will be run one after another.
Please click on "Run Collection" and select the mentioned option and click on "Run".
(Run collection in Postman)
Below is the response of the Collection run. Clicking the highlighted link will provide the option to see various option.
(Response of run collection)
Conclusion:
In this blog post, we saw how to create environment, environment variable and collection. We saw how to set the value of CSRF token and Cookie in environment variable from response of GET request. We used those environment variable in POST request. So, we don't have to provide the same again and again each time we run the request. Hope you enjoyed the post, if so please share your thought.
- SAP Managed Tags:
4 Comments
