Close this search box.



CSRF stands for Cross-Site Request Forgery and is an attack on a system in which a hacker performs a transaction in an application. This article explains how to use a Token to get a secure connection to SAP Sales Cloud OData API

The tricky thing about X-CSRF attack is that it does not happen directly, but the hacker uses a victim who is a logged-in user to the application. The hacker places an HTTP request to the victim’s browser, which executes the dangerous transaction when the application is called. In order to prevent these possible cross-site request forgery attacks, SAP Sales Cloud OData API requires a X-CSRF token for further authorization header. To receive the X-CSRF-Token use following GET request

In addition, you also need to fetch the x-csrf-token in the header of the request. If the query is successful, you can read the x-csrf-token in the response header and use it for the query types POST, PATCH, DELETE, etc. A typical token may then look like this:

x-csrf-token:                   Af3gWMG-O87Oj5RhqHTW7eL==

Do you need consulting from our experts?

The Customer Experience team at Camelot ITLab deals with exciting and challenging CRM related topics every day and serves a large portfolio of different customers from a wide range of industries. Trust in this collaboration and feel free to contact us at

Was this article helpful?

If you like our content we would highly appreciate your review on Trustpilot


#SAP C4C #SAP Cloud 4 Customer #Cloud 4 Customer #Cloud for Customer #SAP Sales Cloud #Sales Cloud #OData #API #X-CSRF #X-CSRF-Token #Token

Receive the latest news

Subscribe To our SAP Sales & Service Cloud Newsletter

Get notified about new articles