Hi Adnan, working with Mendix on the communication level you should know that a few steps must be executed before you can actually execute a microflow.

First is indeed the 'Login' action and than the 'GetSessionData' action. This will give all information for the client to run for that session and actually initialize the session at the Mendix site. The JSON response from the 'Login' and 'GetSessionData' actions contains a CSRF token. This token must be used for each call as an HTTP header for an extra security measurement. I don't exactly all structures of each call, but inspecting the requests from the browser helps to simulate it with JMeter.

Hi Adnan,

I am experiencing the same problem here can you please let me know how you manage to resolve that?

Thanks 

Sam

By the sounds of things the CSRF TOKEN is the solution to this issue. To use the varying CSRF TOKEN in your JMETER tests without having to go to the browser at all in your test do the following:

Record & Save Test

Record the test (I used Blaze Meter) and save it as a JMX.

Open in JMeter

Open the test in JMeter.

Add Transaction Controller

Within the thread group of the test create a Transaction Controller. (Logic Controller → Transaction Controller)

Move Login HTTP REQUEST

From the other transaction controller where all the HTTP REQUESTS are stored, move the Login HTTP REQUEST to the newly created Transaction Controller. (See Below)

Post-Processing

Add a Post-Processing activity to this Transaction Controller of type JSON Extractor and fill the following content into the fields. (See below)

Replace All CSRF TOKENS

Going through the HTTP REQUESTS replace all the x-csrf-token values with ${CSRF_TOKEN}. This retrieves the value from the JSON EXTRACTOR and creates an Environment Variable that is used by here. Note the curly brackets.

There are decent tutorials available, but they are difficult to find on a simple search. If I come across where I learnt the above I will be sure to add the link to this response.

TUTORIAL HERE