Hi guys, in this article I want to share step by step How to config secure connectivity with HTTPS sender adapter. Normally, when we send message to CPI by https adapter

When we check option CSRF Protected, then run this integration flow from POSTMAN, we receive http status code like this

We have to set token for this http sender. In cases for test API, we can fetch token.
1. How to fetch token for x-csrf-token
- Call to API with method GET instead POST
- Add header to API with Key-value = x-csrf-token/fetch

- Send this request and check header of response message

- Use this value for header x-csrf-token on request, replace for value = fetch and send API with method POST

Although call API successful, but in real scenario for production environment, this API protected by token in OAuth2 security connectivity. So We have to get token from SAP CPI and call API with bearer token.
2. How to get OAuth token in SAP CPI for client connectivity (CF – Cloud foundry Environment).
Step 1 : Install instance Process integration Runtime. (If have, by pass)
- Go to Sub Account
- Go to Instances And Subscriptions
- Go to Tab Instances
- Click button Create





Step 2 : Create service key
Next, We create service key of instance. Go to instance which create in step 1. Tab Service Key. Click button Create


After done

Step 3 : Get token from POSTMAN

- Grant Type = Client Credential
- Client ID : Get in service key, field Client Id
- Client Secret : Get in service key, field Client secret
- User name : User login BTP ( normally It is email address)
- Password : Password of user BTP
Click button : Get New Access Token

Click Proceed.

Click Use Token
Call API by method GET instead POST

Note : If do not check option CSRF Protected in integration flow, we can call API with method POST. But use token to call API, We must use GET method instead POST method. Because of using method POST this time, we will receive status 403 forbidden.
Summary
In this article I shared step by step How to send message to integration flow with CSRF protected check and use token. Thanks for your reading and any question, kindly leave your comment in below this.
Thanks.
Joseph.
One comment