• Digital Technology

    SAP Build Apps – REST API Integration – Customize CSRF Token Fetching URL

    fig_admin Posted on

    SAP Build Apps – REST API Integration – Customize CSRF Token Fetching URL

    In this blog, I will discuss how to customize where to fetch the CSRF token for SAP Build Apps classic REST API integration. In my previous blog  SAP Build Apps – OData Integration – Customize CSRF Token Fetching URL we already discussed how to customize where to fetch the CSRF token for OData integration. But if your app is still using classic REST API integration, you may follow the steps below to customize where to fetch the CSRF token.

    For example, if your BTP destination ‘MyRESTDest’ setting is as shown below

    ##Thu Sep 05 07:22:58 UTC 2024Type=HTTPBuildApps.RequiresCsrf=trueName=MyRESTDestURL=https\://mycompany.com/REST/myrestsvcProxyType=InternetAppgyverEnabled=true

    You want to customize your CSRF token fetch to https://mycompany.com/REST/myrestsvc/path/svc1

    You need to follow steps as below

    1. Drag the HTTP Request flow function to the logic canvas to fetch the CSRF token. It can be triggered by the Page Mounted event or any other event that occurs before you perform any HTTP POST, PUT, PATCH or DELETE request to your REST API integration.

    2. Set the following inputs:

    • URL: destinations/MyRESTDest/path/srv1
    • HTTP method: GET
    • Headers: { value: Fetch, header: x-csrf-token }

    Details are shown in the screenshot below:

    qiushi_wang_0-1730969068820.png

    3. Assign the output outputs[“HTTP request”].resHeaders[“x-csrf-token”] to an app variable, e.g., CSRFToken.

    Details are shown in the screenshot below:

    qiushi_wang_1-1730969068826.png

    4. Add an additional input to your REST API integration, for example, csrfToken with the field type set to Text.

    Details are shown in the screenshot below:

    qiushi_wang_2-1730969068828.png

    5. Assign the additional input csrfToken to a new common request header named x-csrf-token with the formula query.additionalInputs.csrfToken.

    Details are shown in the screenshots below:

    qiushi_wang_3-1730969068830.png

    6. At the flow function where you want to trigger an HTTP POST, PUT, or DELETE request to your REST API integration, assign the app variable (e.g., CSRFToken from step 3) to the additional input parameter ( e.g csrfToken from step 4)

    Details are shown in the screenshots below:

    qiushi_wang_4-1730969068833.png

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    fig_admin
    View all posts

    You Might Also Like