Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Retrieve X-CSRF-Token from sapes1 ZGWSAMPLE_SRV


x-posted from: Retrieve X-CSRF-Token from sapes1 ZGWSAMPLE_SRV

I have successfully retrieved the "X-CSRF-Token" token value for a number of the other odata services (eg ZCD204_EPM_DEMO_SRV) on sapes1 but I'm unable to get a response that includes the cookie & header being set in the response when accessing .

My username and password are correct, I can retrieve data in ZGWSAMPLE_SRV but when i set "X-CSRF-Token" to "Fetch" the response headers do not include a "X-CSRF-Token" entry.

Using the "REST Console" in chrome I can provide the details of a failing request.

Request Headers:

Authorization: Basic SOMEVALUE

X-CSRF-Token: Fetch

Accept: */*

Connection: keep-alive

Content-Type: application/xml

Origin: chrome-extension: //rest-console-id

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36

Response Headers:

Status Code: 200

server: SAP NetWeaver Application Server / ABAP 702

dataserviceversion: 2.0

ntcoent-length: 2574

content-type: application/atomsvc+xml

The CSRF token header is missing.

Am I doing something wrong? Is the service mis-configured? What do I need to try to overcome this?



Former Member
Former Member replied

Hi Thomas,

the check of the X-CSRF-Token is deactivated for that service, that´s why the ICF does not create tokens. If you start transaction SICF and navigate to you service node, view the service details and press button "GUI configuration" on the tab Service Data. There you can see the parameter ~CHECK_CSRF_TOKEN = 0, which means "deactivated".

Unfortunately you can not change it by yourself. You may switch to edit mode and change the parameter, but when you try to save it, an error message will show up (that happens for my user, at least).

Official guidance is provided here:

Best regards,


1 View this answer in context
Not what you were looking for? View more on this topic or Ask a question