I’m working on integrating SAP OData services using SailPoint’s Web Service connector, and I’m trying to perform a POST operation that requires an ‘x-csrf-token’ header for authentication.
As part of this, I need to first fetch the CSRF token with a ‘GET’ call, and then use that token in the header of the actual POST request.
My question is:
Is it possible to access response headers—specifically the ‘x-csrf-token’—from a ‘GET’ operation within either a Before Operation Rule or an After Operation Rule in a SailPoint Web Service connector?
If anyone has achieved something similar, I’d appreciate some guidance or a sample rule snippet.
in before op. rule you can find the requestEndPoint into the arguments that contais the headers and in the after op. rule you have rawResponseObject/processedResponseObject where you have the entire response.
the before op. rule’s requestEndPoint is having the input headers that I passed x-csrf-token : fetch. however the after op. rule’s rawResponseObject/processedResponseObject contains the response body but not the response headers where I can get the x-csrf-token value.
What I’m specifically trying to achieve is retrieve the x-csrf-token from response of one call and pass it to the next call. In scenarios where I need to perform actions like adding or removing a role, I first have to retrieve an x-csrf-token, which SAP returns in the response headers of a GET call—not in the response body.
To do this on application configuration I would define two operations as below.
The ideal approach I thought is to capture the token in the After Operation Rule of the first call and inject it into the request headers of the second call using something like ‘$response.x-csrf-token$’ or may be in the Before op. rule.
However, the challenge is that in the Before Operation Rule, the available context (e.g., requestEndPoint, input values) does not expose the response from any previous call. And while the After Operation Rule does have access to the response headers, I’m not sure how to extract the CSRF token from the headers and pass it into a subsequent operation.
