SAP ODATA service Authentication is a two step process
Step 1 - Get token
This token value is typically valid for 30 mins
Step 2: Send request with token
You may get "CSRF token validation failed" if CSRF validation is enabled (in SAP) and the token is not send in header.
Below shows the same steps as done via Postman
Getting the token in Postman
Using the token for a service request
Step 1 - Get token
- Make a GET request to the service URL
- Make sure Authentication is set as Basic and username and Password are passed
- Set a header "X-CSRF-Token" with value "Fetch"
- Send the request to SAP
- Examine the response headers
- You should see a header "X-CSRF-Token"
- Get the value from this header
This token value is typically valid for 30 mins
Step 2: Send request with token
- Change GET to POST (if you are sending a payload to SAP ODATA Service)
- Authentication is set as Basic and username and Password are passed
- Set a header "X-CSRF-Token" and value received from last step
- Send the POST request
You may get "CSRF token validation failed" if CSRF validation is enabled (in SAP) and the token is not send in header.
Below shows the same steps as done via Postman
Getting the token in Postman
- Use a GET request to the Service URL
- Set header "X-CSRF-Token"
- Set value as "Fetch"
- Hit Send
- Examine the response headers
- Pick the value for "X-CSRF-Token"
Using the token for a service request
- Change service to POST
- In header, set "X-CSRF-Token" to value from last reponse header value
- Set the payload body and submit request
