Upon trying to call C4C OData Service using SOAPUI, new x-csrf-token is returned with every GET request of the OData Service call from external consumers. During the POST call, upon passing the fetched x-csrf-token we see the error:
CSRF token validation failed
Reproducing the Issue
- Open SOAPUI application
- Get the x-csrf-token using the GET function
- Select POST function and use the x-csrf-token
- Pass the required Payload
- System throws the mentioned error
During the first GET operation, when we fetch the x-csrf-token using SOAPUI, the second set-cookie attribute value returned in the Response header was not used as the value for the cookie attribute in the Response header of the POST operation.
During the first GET operation, upon fetching the x-csrf-token using SOAPUI, you need to also note down the second set-cookie attribute value, returned in the Response header. Further, pass this value along with the fetched x-csrf-token value, as the value for the cookie attribute in the Response header of the POST operation.
You may follow the below steps:
1. Open SOAP UI
2. In the GET request send x-csrf-token with value = fetch
3. Received the response with x-csrf-token and cookies
4. If subsequent requests are made, x-csrf-token gets changed
5. In the Request header send cookie with value returned in previous response (highlighted as 2)
6. Now with subsequent request x-csrf-token is not changed
7. In case of POST call, pass x-csrf-token sent by server along with the cookie
The error does not occur anymore and the POST call is successful.
SOAPUI, x-csrf-token, CSRF token validation failed , KBA , soapui , csrf token validation failed , x-csrf-token , LOD-CRM-INT-API , OData API (C4C Only) , Problem