I am trying POST operation on SAP Hybris C4C entity.
I came across many blogs where it was mentioned that we need to send X-CSRF-Token during POST which can first be retrieved using GET operation.
I was successfully able to do that using Postman. as Postman stores cookie not causing to CSRF token validation failure.
But, I actually want to call this using golang. And I was getting everytime error as "CSRF token validation failed". Then after going through many blogs I found we not only have to set X-CSRF-Token but also Cookie so that HTTP POST is not treated as new session. otherwise the csrf token we sent does not match with current session causing error.
Even after following above two leads, I am still getting error. Below is the code snippet, I am not sure what else is missing.
Code snippet:
auth := "******:*****"
basicAuth := base64.StdEncoding.EncodeToString([]byte(auth))
geturl := "https://******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi"
req, _ := http.NewRequest("GET", geturl, nil)
req.Header.Set("Authorization", "Basic "+basicAuth)
req.Header.Set("X-Csrf-Token", "Fetch")
cli := &http.Client{}
res, _ := cli.Do(req)
inputMap := make(map[string]interface{})
inputMap["PriorityCodeText"] = "Normal"
inputJSON, _ := json.Marshal(inputMap)
url := "https://*******.crm.ondemand.com/sap/c4c/odata/v1/c4codataapi/OpportunityCollection"
request, _ := http.NewRequest("POST", url, bytes.NewBuffer(inputJSON))
request.Header.Set("Authorization", "Basic "+basicAuth)
request.Header.Set("X-Csrf-Token", res.Header.Get("X-Csrf-Token"))
request.Header.Set("Cookie", res.Header.Get("Set-Cookie"))
request.Header.Set("X-Requested-With", "XMLHttpRequest")
request.Header.Set("Content-Type", "application/atomsvc+xml")
request.Header.Set("DataServiceVersion", "2.0")
//request.Header.Set("Accept", "application/atom+xml")
client := &http.Client{}
resp, _ := client.Do(request)
fmt.Printf("Response status code is: %d", resp.StatusCode)
jsonResponseData, _ := ioutil.ReadAll(resp.Body)
fmt.Printf("Response is: %s", jsonResponseData)
