SAP Knowledge Base Article - Public

2584064 - Error Message: “CSRF token validation failed” in SOAPUI

Symptom

Upon trying to call C4C OData Service using SOAPUI, new x-csrf-token is returned with every GET request of the OData Service call from external consumers. During the POST call, upon passing the fetched x-csrf-token we see the error:

CSRF token validation failed

Reproducing the Issue

  1. Open SOAPUI application
  2. Get the x-csrf-token using the GET function
  3. Select POST function and use the x-csrf-token
  4. Pass the required Payload
  5. System throws the mentioned error

Cause

During the first GET operation, when we fetch the x-csrf-token using SOAPUI, the second set-cookie attribute value returned in the Response header was not used as the value for the cookie attribute in the Response header of the POST operation.

Resolution

During the first GET operation, upon fetching the x-csrf-token using SOAPUI, you need to also note down the second set-cookie attribute value, returned in the Response header. Further, pass this value along with the fetched x-csrf-token value, as the value for the cookie attribute in the Response header of the POST operation.

 

You may follow the below steps:

1. Open SOAP UI

2. In the GET request send x-csrf-token with value = fetch

3. Received the response with x-csrf-token and cookies

pic_!.jpg

4. If subsequent requests are made, x-csrf-token gets changed

5. In the Request header send cookie with value returned in previous response (highlighted as 2)

6. Now with subsequent request x-csrf-token is not changed

7. In case of POST call, pass x-csrf-token sent by server along with the cookie

pic_2.jpg

The error does not occur anymore and the POST call is successful.

Keywords

SOAPUI, x-csrf-token, CSRF token validation failed , KBA , soapui , x-csrf-token , csrf token validation failed , LOD-CRM-INT-API , OData API (C4C Only) , Problem

Product

SAP Cloud for Customer all versions