BPM, Workflow, and Case

BPM, Workflow, and Case

Come for answers. Stay for best practices. All we’re missing is you.

 View Only

  • 1.  Calling operation createBPMCSRFToken via CASEREST V2 as an external service

    Posted Fri February 27, 2026 07:29 AM

    Hi Folks,

    I'm wondering whether anyone has any thoughts on where I might be going wrong with the following:

    Environment: BAW 24.0.1 or BAW 25.0

    I've imported the https://<bawserver>:<port>/case/docs openapi contract as an external service within WebPD. This loads the service definitions as expected and calls out operations that aren't directly invocable via a Service Task. 

    However, when testing the login to get the CSRF token, i.e. createBPMCSRFToken (POST)), invoked as a Service Task, with data mapped correctly, I continually receive a 401 Unauthorised response.

    If I retrieve a valid CSRF token externally (say from Postman or swagger) and pass it directly to a subsequent Service Task (i.e. skipping the invocation of createBPMCSRFToken within the service flow), they will execute with no issue.

    I've tried calling the BPMRestRequest within a script task against the createBPMCSRFToken operation but also receive a 401. It feels like this should be easy, so I suspect I'm doing something stupid here, or am missing something important. 

    Any thoughts?

    Cheers!

    TP.



    ------------------------------
    Tom Price
    ------------------------------


  • 2.  RE: Calling operation createBPMCSRFToken via CASEREST V2 as an external service

    Posted Mon March 02, 2026 02:57 AM

    Hi Tom,

    make sure to specify valid credentials on the binding tab of the discovered external service artifact or on the attached server artifact. See also https://www.ibm.com/docs/en/baw/25.0.x?topic=service-invoking-rest

    Regards



    ------------------------------
    Maximilian Tews
    Software Developer
    IBM
    Böblingen
    ------------------------------

    Original Message


  • 3.  RE: Calling operation createBPMCSRFToken via CASEREST V2 as an external service

    Posted Mon March 02, 2026 04:06 AM

    Hi Maximilian, 

    Thanks for your response - much appreciated. I've tried valid bindings at both levels (and also tried both user/pass & invocation credentials) but unfortunately this doesn't resolve the issue. 

    My current workaround is to call createBPMCSRFToken directly in javascript using the java API, retrieve the token and use that for subsequent operations (which works fine). It's just odd to me that it doesn't seem to work correctly/OOTB with IBM's own API. 

    I'm sure I'm doing something wrong!

    Cheers



    ------------------------------
    Tom Price
    ------------------------------

    Original Message


Related Content