OData API
X-CSRF-Token
CSRF stands for Cross-Site Request Forgery and is an attack on a system in which a hacker performs a transaction in an application. This article explains how to use a Token to get a secure connection to SAP Sales Cloud OData API
Navigation for OData API
1. Test SAP Sales Cloud OData API with Postman 1.1. OData 1.2. Postman 2. GET Requests 2.1. SAP Sales Cloud Object Collections 2.2 Metadata 2.2.1. Principle 2.2.2. Attributes 2.2.3. SAP-Attributes 2.3. Work with Parameters 2.3.1. Filter 2.3.2. Work with Dates and Datetimes 2.3.3. Orderby 2.3.4. Top 2.3.5. Skip 2.3.6. Format 2.3.7. Select 2.3.8. Count 2.3.9. Inlinecount 2.3.10. Expand 2.4. Examples of GET Requests 2.5. Build OData Queries for Reports 3. X-CSRF-Token 4. POST Request for creating 4.1. Single POST Request 4.2. Create multiple entries with $batch 5. PATCH Request for updating 5.1. Single PATCH Request 5.2. Change multiple entries with $batch 6. DELETE Requests 7. OData Monitor 8. OData Service Explorer 9. Enable customized fields for the API interface 10. Connect Mircosoft Power BI® with SAP Sales Cloud API 11. Deep Links for URL to SAP Sales Cloud Objects
The tricky thing about X-CSRF attack is that it does not happen directly, but the hacker uses a victim who is a logged-in user to the application. The hacker places an HTTP request to the victim’s browser, which executes the dangerous transaction when the application is called. In order to prevent these possible cross-site request forgery attacks, SAP Sales Cloud OData API requires a X-CSRF token for further authorization header. To receive the X-CSRF-Token use following GET request
In addition, you also need to fetch the x-csrf-token in the header of the request. If the query is successful, you can read the x-csrf-token in the response header and use it for the query types POST, PATCH, DELETE, etc. A typical token may then look like this:
x-csrf-token: Af3gWMG-O87Oj5RhqHTW7eL==
Do you need consulting from our experts?
The Customer Experience team at Camelot ITLab deals with exciting and challenging CRM related topics every day and serves a large portfolio of different customers from a wide range of industries. Trust in this collaboration and feel free to contact us at tlil@camelot-itlab.com.
Was this article helpful?
If you like our content we would highly appreciate your review on Trustpilot
#SAP C4C #SAP Cloud 4 Customer #Cloud 4 Customer #Cloud for Customer #SAP Sales Cloud #Sales Cloud #OData #API #X-CSRF #X-CSRF-Token #Token
