POST Call, with a csrf token produces 403 Error

  • Roman Moraru
        Has successfully completed the online course Basics (100)
      2 years ago #34481

      Hello,

      i would like to create a new entry in a database, hence i do have a connector call (POST) that does look something like this (see picture),

      the BO Function that is supposed to send the call, consists of.

      1. Via a GET-Call, get the x-csrf-Token

      2. Send to the POST-Call (see picture), the csrfToken(x-csrf-Token) and the oEntry (postBody)

      Error: “The Http request was not successful due to the client error: [403: Forbidden – The request was a legal request, but the server is refusing to respond to it.] Response: CSRF token validation failed”

       

      Question: How to do a POST Call with a csrf-Token ?

      Attachments:
      You must be logged in to view attached files.
      Jennifer Häfner
          Has successfully completed the online course Intermediate (200)
          Has successfully completed the online course Advanced (300)
          Has successfully completed the online course Basics (100)
          Has successfully completed the online course Advanced (310)
          Has successfully completed the online course Advanced (320)
          Has successfully completed the Intermediate Certification
          Has successfully completed the Advanced Certification
        2 years ago #34489
        Up
        1
        Down
        ::

        Okay. And you have configured the Simplifier Connector call with the exact same parameters that you are using in the working Postman version?

        You can try to execute both Connector calls (the GET request to get the token and POST request) inside an Server-Side Business Object function. So first, execute the GET request and store the token in a variable. Then, use this variable as the token parameter in the POST request. This way, both requests are executed right after another and therefore, the token should not be expired.

        Jennifer Häfner
            Has successfully completed the online course Intermediate (200)
            Has successfully completed the online course Advanced (300)
            Has successfully completed the online course Basics (100)
            Has successfully completed the online course Advanced (310)
            Has successfully completed the online course Advanced (320)
            Has successfully completed the Intermediate Certification
            Has successfully completed the Advanced Certification
          2 years ago #34485
          Up
          0
          Down
          ::

          Hi Roman,

          the response from the REST service indicates that the CSRF token that you included in the POST call is not valid. This means that the CSRF token is either expired or malformed, or the REST service cannot find it because it needs to be sent via a different parameter name.

          However, debugging this issue highly depends on the REST service that you are communicating with. If the REST service is a private service managed by your company, you could ask a colleague that has access to the service to help you debug this issue.

          Or, you could use another REST client (like Postman) to execute the POST call and check if you get the same response from the REST service.

          Roman Moraru
              Has successfully completed the online course Basics (100)
            2 years ago #34488
            Up
            0
            Down
            ::

            Hi Jennifer,

            Thank You for your answer.

            The Postman version of it works flawlessly, the “trick” in it was just copy pasting the x-csrf-token from a ‘GET’ request to a ‘POST’ or ‘PUT’. In this manner i am trying to do it in Simplifier but it doesn’t work for some reason.

            Roman Moraru
                Has successfully completed the online course Basics (100)
              2 years ago #34498
              Up
              0
              Down
              ::

              Hi Jennifer,

              Yes, this exactly how i did it, also handed over the cookies and….. “The Http request was not successful due to the client error: [403: Forbidden – The request was a legal request, but the server is refusing to respond to it.] Response: CSRF token validation failed”.

            Viewing 5 posts - 1 through 5 (of 5 total)

            You must be logged in to reply to this topic.