Unable to Access x-csrf-token from Response Headers in Mendix 10.24

0
Hi everyone, I'm trying to retrieve the x-csrf-token from an SAP OData service using a REST GET call in Mendix 10.24. I can successfully get the token using Postman — I send a GET request with the following headers: Authorization: Bearer <token> x-csrf-token: Fetch Accept: */* In Mendix, I configured a Consumed REST Service, and call rest service activity and added the same headers. The request executes successfully, and I receive a valid response. However, the CSRF token is returned in the response headers, and I’m unable to access it within Mendix. (Attached SS for reference) Since Mendix 10.24 has deprecated the HttpResponse and HttpHeader modules, I can't retrieve the headers like many published answers used in earlier versions. Is there a recommended way to access response headers (specifically x-csrf-token) in Mendix 10.24? Any guidance or workaround would be greatly appreciated! Thanks in advance.        
asked
3 answers
0

Hi,

 

You could retrieve the list of headers from the `latestHttpResponse` object via association this way:

Screenshot 2025-10-14 at 14.49.17.png

 

Then you can do whatever you wish with the list, e.g., do List operation to find header by key to get a specific header.

Screenshot 2025-10-14 at 14.53.22.png

 

fyi this approach also works if you're using the new Consumed REST Service document.

 

Hope this helps.

answered
0

I am not aware of any deprications of HttpRequest and HttpResponse. They are still there even in Mx11. See documentation here: https://docs.mendix.com/refguide/http-request-and-response-entities/

 

Regards,

Ronald

 

answered
0

I don't like Postman. He hides some headers. For example, some APIs need the "content-type: application/json" header to work. The Postman sends this header by default and Mendix not. See all headers that postman sends and try to send in Mendix. 

 

If not, it might be similar to a problem I had with Go (Golang). The postman request worked, but not in the Go code. I changed it to insecure request to make it work (https://www.reddit.com/r/golang/comments/jy7gqn/how_to_use_insecure_option_or_ssl_in_golang/).

answered