cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Odata 403 Error

govind_parmar
Participant

on ‎09-04-2020 11:30 AM

0 Kudos

Hi Experts,

I have one Odata service with POST method and json input/request. The external app ( Mule) calls the SAP odata service with GET to fetch the token and when making POST call it supplies the same token fetched via the GET call. Surprising SAP gives a 403 Forbidden error , Error message - CSRF token validation failed.

I debugged SAP internal code and looks like it gives this error is due to mismatch of the token code.

SAP internally calls the security context class/method and gets the token for that call and tries to match it with the token which came during the API call.

Security context is not the correct token and does not match with GET call token.

From Postman it works fine as expected i.e GET and POST but when calling API from Mulesoft it gives 403 error.

Any idea on this issue ?

I can have this working by disabling the x-csrf-token but that not the ideal approach .

Thanks

Govind Parmar

Govind Parmar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

jhodel18
Active Contributor
‎09-04-2020 3:48 PM

Hi Govind,

Try this in your postman testing:

1. Execute GET request to fetch the Token

2. Delete the cookies that was set by the GET response (cookie is just below the send button)

3. Lastly, execute the POST request

The result is you will get:

CSRF token validation failed

In short, you need to send cookies as well during POST request.

Show replies
Show replies
govind_parmar
Participant
‎09-08-2020 9:23 PM
0 Kudos

Hi Jhodel,

Thanks for your reply. When the Mulesoft app does the GET call , SAP does not return the cookie back to Mule.

When I try to simulate the API in SEGW / SAP Gateway Client I can see the cookie in the response header. When Mule triggers the GET Call, in the SAP trace I don't see the cookie being returned in the response header.

Do we have any issue in API/Odata service.

Thnaks

Govind

Show replies
Show replies
former_member791799
Member
‎02-23-2022 6:59 PM
0 Kudos

Hi Govind,

I am also facing the same issue with the odata api while calling from mulesoft, could you please let me know the fix if it resolved for you?

Thanks in advance.

Regards,

Asif Sarwar

Ask a Question