cancel
Showing results for 
Search instead for 
Did you mean: 

Agentry OData Service - Getting 403 Forbidden error

Former Member
0 Kudos

Hi,

  i am using OData service for flight, when i am trying to POST data then 403 forbidden error exists, what are the arguments required while posting data and is X-CSRF token required for posting data please help me.

Regards,

Pratik

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi,

I am trying to get X-CSRF-Token from rest client, but in response in GET method it is not giving. I am new to SMP integration, please help me.

this is the screen shot. Here username and password is empty, no authentication is required.

Regards,

Surya prakash

Former Member
0 Kudos

Hi Surya,

Authorization - Basic UDE3OTQxNjM4NTE6QW******xpMSM=

Content - Type-application/atom+xml

X-CSRF - Token-Fetch

pass it as a Header.

Regards,

Pratik

Former Member
0 Kudos

Hi Pratik,

This is also one of the reason to not get "X-CSRF-Token". I have resolved my issue.

Please refer this link:

Update from Atanu Mallik:

"This  is a sample service created by Microsoft. AFAIK  this service is not CSRF protected. It is  a feature that is enabled from the server. in SAP Odata services we get CSRF token. The server of this service has not enabled CSRF protection "

Regards,

Surya prakash

Answers (3)

Answers (3)

sahil_dudeja1
Participant
0 Kudos

Hi Pratik,

I am also facing same issue with POST method. I can see following logs:

Authorization: Basic ZKVtb3VzZXJuHXc6U3BhcaRhMTIz

x-csrf-token: rsFNOgWLJd69q2rXpNqPLS==

Content-Length: 608

Content-Type: application/atom+xml

<?xml version="1.0" encoding="utf-8"?>

<entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom">

   <content type="application/xml">

      <m:properties>

         <d:rollno m:type="Edm.String">0000000017</d:rollno>

         <d:fname m:type="Edm.String">S</d:fname>

         <d:lname m:type="Edm.String">D</d:lname>

         <d:percentage m:type="Edm.String">76</d:percentage>

         <d:mobileno m:type="Edm.String">8888888888</d:mobileno>

      </m:properties>

   </content>

</entry>

2015/05/26 14:45:21.914:                 Received response: HTTP/1.0 403 Forbidden

2015/05/26 14:45:22.007:                 Received Header: set-cookie: MYSAPSSO2=AjQxMDMBABhEAEUATQBPAFUAUwBFAFIATgBFAFcAIAACAAYwADAAMQADABBGAEcAMQAgACAAIAAgACAABAAYMgAwADEANQAwADUAMgA2ADAAOQAxADYABQAEAAAACAYAAlgACQACRQD%2fAPowgfcGCSqGSIb3DQEHAqCB6TCB5gIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHGMIHDAgEBMBkwDjEMMAoGA1UEAxMDRkcxAgcgEwcjF0NBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA1MjYwOTE2MjNaMCMGCSqGSIb3DQEJBDEWBBT%2f1ZqzWQoHkbKnPEaNYjOZyNtoXzAJBgcqhkjOOAQDBC4wLAIUYPnmm6VB%21ErNnMGvQCmhKS3PXj4CFEYf0lmL9UP3Q8hApaE%21yTSVSy4y; path=/; domain=.0.20.205

2015/05/26 14:45:22.115:                 Received Header: set-cookie: SAP_SESSIONID_FG1_001=Pot_twG65bCBhAPF4TNNwdyeBNcDhxHlpgoAUFaTHDE%3d; path=/

2015/05/26 14:45:22.362:                 Received Header: content-type: text/plain; charset=utf-8

2015/05/26 14:45:22.466:                 Received Header: content-length: 28

2015/05/26 14:45:22.540:                 Received Header: x-csrf-token: Required

2015/05/26 14:45:22.615:                 Received Header: server: SAP NetWeaver Application Server / ABAP 731

2015/05/26 14:45:22.696:                 Received response: HTTP/1.0 403 Forbidden

May you please suggest what did I miss?

Regards,

Sahil Dudeja

Former Member
0 Kudos

Hello Sahil,

From where you get X-CSRF-Token value.?  403 forbidden error  is due to You don't have permission to access.

while Get pass X-CSRF-Token = Fetch as a header. now in response header youwill be able to get X-CSRF-Token value. copy the value and use that value for POST.

Thanks,

Pratik

sahil_dudeja1
Participant
0 Kudos

Hi Pratik,

I got X-CSRF-TOKEN in the same way. I am able to call post method through REST Client using same X-CSRF-TOKEN.

Regards,

Sahil Dudeja

Former Member
0 Kudos

Hi Sahil,

Are you trying to implement POST method in Agentry?

Thanks,

Pratik

sahil_dudeja1
Participant
0 Kudos

Yes, Add transaction's Update Step is calling POST method. I can see following log entries :

2015/05/26 17:21:41.307:             Processing the Update Step HTTP request

2015/05/26 17:21:41.773:             + URL=http://xxxx:7000/sap/opu/odata/sap/ZSTUDENT_SERVICE/StudHeaders

2015/05/26 17:21:41.773:               + Method=POST

Regards,

Sahil

Former Member
0 Kudos

Hello Sahil,

We can't implement POST method in SMP3 SP4 for OData service because in agentry side we are unable to generate X-CSRF-Token value and X-CSRF-Token value is unique.

we can't use X-CSRF-token value that we get from rest client, we can only implement GET method.

Thanks,

Pratik

sahil_dudeja1
Participant
0 Kudos

I am using SMP 3 SP07 SDK

Former Member
0 Kudos

ok are you able to get X-CSRF token value in agentry side?

sahil_dudeja1
Participant
0 Kudos

Hi Pratik,

I am able to get x-csrf token in agentry using following mappings and passing same while calling post.

Regards,

Sahil Dudeja

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Has your issue been resolved? Please close this thread.

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Pratik,

Make sure you on-board the device against application connection created in Admin cockpit. Once it is done, you have to make GET request to receive X-CSRF-TOKEN value and for making POST request, make sure you are passing X-CSRF-TOKEN value in header section along with SMP app id and PAYLOAD.

Have a look at

Regards,

JK

Former Member
0 Kudos

Hi Jitendra,

    

     I am using OData service for flight in Agentry Application. I am done with Creation of application in SMP and also done with GET Method where we are able to only Receive DATA. But I am not able to get the X-CSRF-TOKEN value and other Arguments.So please Suggest me the Proper solution.

Regards,

Pratik

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Pratik,

Did you get a chance to check the same in REST client? Can you share the screenshot of the same?

Regards,

JK

Former Member
0 Kudos

Hi Jitendra,

     Thanks for Reply.

     Yes i have cheked in Rest client. In REST Client i am able to get X-CSRF-Token and other Cookies also.

but in Agentry i am not able to get X-CSRF-Token. So please Suggest me How to Get X-CSRF-Token in Agentry Side..

Regards,

Pratik