For this test, we will use the Firefox (with REST Client Add-On).
In addition, you are required to configure your REST Client Add-On to use the X-CSRF-Token (Cross-Site Request Forgery) protection.
A CREATE operation uses the HTTP POST method, and is called using the same URL as the QUERY operation.
Open the Firefox REST Client.
Change the method from GET to POST.
Set the URL to the same one used for the QUERY operation: .../sap/opu/odata/sap/zsh_user_bor/zsh_user_borCollection
First, get the protection token. Later, you provide it when creating data:
Method: Get
URL: URL of the service, for example, .../sap/opu/odata/sap/z_user_bor/z_user_borCollection
Request Header: Click Add Request Header and add the HTTP header for the X-CSRF-Token protection as shown in the image below.
Name |
Value |
X-CSRF-Token |
FETCH |
Content-Type |
application/atom+xml |
Host |
The host name of your SAP Gateway server and the port number. |
You can provide your SAP Gateway user credentials by clicking Login, or you can provide it when prompted.
From the main menu, choose
so that you can copy the token.Choose Send, and click the URL provided in the Web Console, navigate to the information for the token, and copy it.
Open another tab for the REST client, in which you will send the data to be created, and specify the following.
Method: POST
URL: URL of the service, for example, .../sap/opu/odata/sap/zsh_user_bor/zsh_user_borCollection
Request Header: Click Add Request Header and add the HTTP header for the X-CSRF-Token protection as shown below.
Name |
Value |
X-CSRF-Token |
Paste the data for the token you have copied, for example, QXyUmor32424241243124mx== |
Content-Type |
Enter the following:application/atom+xml |
Next you need to supply the actual data that will be used to create the user in the Request Body..
The XML format used is similar to calling a READ operation. The main difference is the data that is mapped in the Data Model for the CREATE operation. A sample XML dataset is provided below.
Copy the sample XML below into the Request Body of the Firefox REST client.
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom">
<atom:id>tag:com.sap,2010-06-24:/subscriptions/123<atom:id>
<atom:title>Create new user</atom:title>
<atom:author/>
<atom:updated></atom:updated>
<atom:content type="application/xml">
<m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices>
insert here the property tags with the values you want to create.
</m:properties>
</atom:content>
</atom:entry>
Note that the value in the tag must be unique for each request since this a CREATE operation.
The following is an example of the request body after you have added the property tags (copied from the results of the Read operation) between the <m:properties xmln:m=....> and </m:properties>
<atom:id>tag:com.sap,2010-06-24:/subscriptions/123<atom:id>
<atom:title>Create new user</atom:title>
<atom:author/>
<atom:updated></atom:updated>
<atom:content type="application/xml">
<m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices>
<d:building m:null="true"/>
< d:comm_type m:null="true"/>
<d:department m:null="true"/>
<d:e_mail m:null="true"/>
<d:fax_number m:null="true"/>
<d:firstname >Alexis</d:firstname />
<d:floor m:null="true"/>
<d:fullname> </d:fullname>
<d:islocked m:null="true"/>
<d:language m:null="true"/>
<d:lastname>AVIZOVSKI</d:lastname >
<d:maxrows>0</d:maxrows>
<d:password>Initial</d:password >
<d:room m:null="true"/>
<d:telephone m:null="true"/>
<d:title>Dr. </d:title>
<d:userid m:null="true"/>
<d:username>AAVIZOVSKI</d:username>
<d:withusername m:null="true"/>
</m:properties>
</atom:content>
</atom:entry>
Now that the request is ready, click on the Send button.
Upon successful creation, you should receive an HTTP “Status Code: 201 Created” in the Response Header tab.
An OData standard is that after every CREATE operation has completed, the client should automatically perform a READ operation.
In the Response Header section, look at the Location parameter in the HTTP header returned to the client. This is the URL to perform the READ operation.
Select the Formatted XML tab to view the resulting XML returned after the client has performed the automatic READ.