SAP Build Apps – OData Integration – Customize CSRF Token Fetching URL

Estimated read time 5 min read

In this blog, I will discuss the recent enhancement in SAP Build Apps for CSRF token handling, specifically on how to customize where to fetch the CSRF token for OData integration. You may already know that there is an additional property in SAP BTP Destination dedicated to SAP Build Apps CSRF token handling:

 

BuildApps.RequiresCsrf = true

 

If your destination requires the CSRF token to be passed, this property needs to be set to true. To learn more about this, please check out the blog

Understand CSRF handling in SAP Build Apps.

Now, let’s get back to the newly released enhancement. We have introduced a new property, ‘CSRF Token,’ in the General Settings section under the Data Configuration tab in the App Editor for OData integration with SAP systems. As shown in the screenshot below, you can configure where to fetch the CSRF token from your backend SAP system. By default, the ‘CSRF Token’ property is disabled

It will be enabled after you set the additional property BuildApps.RequiresCsrf = true in the BTP destination and re-open the App Editor, as shown in the screenshot below

 

You can now specify where to fetch the CSRF token from your backend OData service. Once you tick the checkbox ‘Overwrite CSRF Token URL’,  the default value in the ‘CSRF Token URL’ input box is a slash /, which means to fetch the CSRF token from the root folder of your backend OData service. For example, if your BTP destination ‘MyODataDest’ setting is as shown below

 

#

#Thu Sep 05 07:22:58 UTC 2024

Type=HTTP

BuildApps.RequiresCsrf=true

Name=MyODataDest

URL=https://mycompany.com/OData/myodatasvc

ProxyType=Internet

AppgyverEnabled=true

 

SAP Build Apps runtime will use HTTP HEAD and GET requests to fetch a CSRF token from https://mycompany.com/OData/myodatasvc. This token is then used for subsequent HTTP POST, PUT, PATCH, or DELETE requests.

If the root folder of your backend OData service does not support HTTP HEAD and GET requests for fetching the CSRF token, you need to customize the default value ‘/’ to a relative path that does. For example, you can set the CSRF token URL to ‘/path/svc1’.

In this case, the SAP Build Apps runtime, which means the deployed app to SAP Build Work Zone or the standalone mobile app running on iOS and Android, will fetch the CSRF token from https://mycompany.com/OData/myodatasvc/path/svc1 and use it for later HTTP POST, PUT, or DELETE requests against https://mycompany.com/OData/myodatasvc.

 

​ In this blog, I will discuss the recent enhancement in SAP Build Apps for CSRF token handling, specifically on how to customize where to fetch the CSRF token for OData integration. You may already know that there is an additional property in SAP BTP Destination dedicated to SAP Build Apps CSRF token handling: BuildApps.RequiresCsrf = true If your destination requires the CSRF token to be passed, this property needs to be set to true. To learn more about this, please check out the blogUnderstand CSRF handling in SAP Build Apps.Now, let’s get back to the newly released enhancement. We have introduced a new property, ‘CSRF Token,’ in the General Settings section under the Data Configuration tab in the App Editor for OData integration with SAP systems. As shown in the screenshot below, you can configure where to fetch the CSRF token from your backend SAP system. By default, the ‘CSRF Token’ property is disabledIt will be enabled after you set the additional property BuildApps.RequiresCsrf = true in the BTP destination and re-open the App Editor, as shown in the screenshot below You can now specify where to fetch the CSRF token from your backend OData service. Once you tick the checkbox ‘Overwrite CSRF Token URL’,  the default value in the ‘CSRF Token URL’ input box is a slash /, which means to fetch the CSRF token from the root folder of your backend OData service. For example, if your BTP destination ‘MyODataDest’ setting is as shown below #

#Thu Sep 05 07:22:58 UTC 2024

Type=HTTP

BuildApps.RequiresCsrf=true

Name=MyODataDest

URL=https://mycompany.com/OData/myodatasvc

ProxyType=Internet

AppgyverEnabled=true SAP Build Apps runtime will use HTTP HEAD and GET requests to fetch a CSRF token from https://mycompany.com/OData/myodatasvc. This token is then used for subsequent HTTP POST, PUT, PATCH, or DELETE requests.If the root folder of your backend OData service does not support HTTP HEAD and GET requests for fetching the CSRF token, you need to customize the default value ‘/’ to a relative path that does. For example, you can set the CSRF token URL to ‘/path/svc1’.In this case, the SAP Build Apps runtime, which means the deployed app to SAP Build Work Zone or the standalone mobile app running on iOS and Android, will fetch the CSRF token from https://mycompany.com/OData/myodatasvc/path/svc1 and use it for later HTTP POST, PUT, or DELETE requests against https://mycompany.com/OData/myodatasvc.   Read More Technology Blogs by SAP articles 

#SAP

#SAPTechnologyblog

You May Also Like

More From Author