Not able to Get or Post data in Creatio using api basic authentication of pass BPMCSRF key and value in Header

Hi Expert ,

    I am trying to use Creatio api with basic authentication . I am following below links :…;


    NotWorking in PostMan : As per documention it's not working  in postman. Stored BPMCSRF value from Response Header Cookie of Token Request and call get api with BPMCSRF / ForceUseSession  headers key with it's value .Removed cookies from get request. Send the the get request it's giving a html response without any error details.


    Working in PostMan : In PostMan Send Token request then send get request ($top=1) without set any Header keys it's working fine. In this scenario i can see token request response header cookie values are sending bydefault by Postman in the get request.

    NotWorking in Consol Application : As per 2nd scenario i am trying to send a Get api request with token generate Response header cookies values but it's showing html error without any error details

    NotWorking in Consol Application : As per documentation Stored BPMCSRF value from Response Header Cookie of Token Request and call get api with BPMCSRF / ForceUseSession  headers key with it's value .But showing html error without any error details.

    i have attached my screen shots for reference.From my side any configuraration need to be changed Creation envionment for that my scenario  Can you give me any proper documents which i can follow and will be worked ?

    below is my console application code :

                // Create HttpClient

                using (HttpClient httpClient = new HttpClient())


                    // Create HttpRequestMessage

                    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, @"$top=1");

                    // Set request headers

                    request.Headers.Add("Accept", "application/json");

                    request.Headers.Add("ForceUseSession", "true");

                    request.Headers.Add("BPMCSRF", "YtuvyS.WPYmW5BChY5anK.");

                    // Send the request

                    HttpResponseMessage response =  httpClient.SendAsync(request).ConfigureAwait(false).GetAwaiter().GetResult();

                    // Check response status

                    if (response.IsSuccessStatusCode)


                        string responseData =  response.Content.ReadAsStringAsync().ConfigureAwait(false).GetAwaiter().GetResult();




Thanks and Regards

Surajit Kundu

Like 0



I don't see in your code the call to authenticate. I assume that you're previously calling /ServiceModel/AuthService.svc/Login somewhere to get the BPMCSRF value? See…

Note, the BPMCSRF value doesn't last forever, so it does need to be a recently obtained value. 

This article shows the complete steps for executing requests via Postman which might help:…


Ryan Farley,


      Thanks for your reply . Below is my token generation code from where i have taken cookies value for my 2nd request .Before i have not attached that token generation part as these is working fine. In postman it's working fine using Cookies based authentication.In my Console application i am sending all the Cookies (BPMLOADER, .ASPXAUTH, BPMCSRF, and UserName) as a Header Key and value in further requests to Creatio services that use cookie-based authentication but it's showing Html Error ?

 static async Task<Dictionary<string, string>> TokenGenerateDictionary()


            var headerCookies = new Dictionary<string, string>();                 

                using (var client = new HttpClient())


                    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                    using (var request = new HttpRequestMessage(HttpMethod.Post, @""))


                        request.Content = new StringContent($"{{\"UserName\":\"ram\",\"UserPassword\":\"abcd\"}}", Encoding.UTF8, "application/json");

                        var response = client.SendAsync(request).Result;

                        var responseString = await response.Content.ReadAsStringAsync();

                        JObject responseJson = JObject.Parse(responseString);

                        int code = (int)responseJson["Code"];

                        if (code == 0 && response.IsSuccessStatusCode)


                            foreach (string setCookieHeader in response.Headers.GetValues("set-cookie"))


                                 string[] cookies = setCookieHeader.Split(';');

                                if (cookies.Length > 0)


                                    string[] keyValue = cookies[0].Trim().Split('=');

                                    if (keyValue.Length == 2)


                                        string key = keyValue[0];

                                        string value = keyValue[1];

                                        if (!headerCookies.Keys.Contains(key))

                                            headerCookies.Add(key, value);







            return headerCookies;


Request Get Operation send cookies in Header Key :

         var tokenHeaderCookiesData = TokenGenerateDictionary().ConfigureAwait(false).GetAwaiter().GetResult(); 

         string requestUri = @"$top=1";

         using (HttpClient httpClient = new HttpClient())


                    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);

                    foreach (string key in tokenHeaderCookiesData.Keys)


                        //BPMLOADER, .ASPXAUTH, BPMCSRF, and UserName

                        if (key== "BPMLOADER" || key == ".ASPXAUTH" || key == "BPMCSRF" || key == "UserName")

                           request.Headers.Add(key, tokenHeaderCookiesData[key]);


                    HttpResponseMessage response =  httpClient.SendAsync(request).ConfigureAwait(false).GetAwaiter().GetResult();

                    string responseData =  response.Content.ReadAsStringAsync().ConfigureAwait(false).GetAwaiter().GetResult();



Html Error Response with status OK:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

<html xmlns="" dir="ltr" culture="en-US">

<head><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="" content="LAXSN" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>




        .font-preload {

            position: absolute;

            opacity: 0;


        .font-preload-open-sans {

            font-family: "Bpmonline Open Sans";


        .font-preload-open-sans-light {

            font-family: "Bpmonline Open Sans Light";


        .font-preload-open-sans-bold {

            font-family: "Bpmonline Open Sans Bold";



<script type="text/javascript" src="…"></script>

<script type="text/javascript" src=""></script>

<script type="text/javascript" src="…" data-main="…" async></script>

<script type="text/javascript"></script>



    <div class="font-preload">

        <span class="font-preload-open-sans">_</span>

        <span class="font-preload-open-sans-light">_</span>

        <span class="font-preload-open-sans-bold">_</span>


    <form name="IndexForm" method="post" action="./NuiLogin.aspx?ReturnUrl=%2f0%2fodata%2fProduct%3f%24top%3d1&amp;%24top=1" id="IndexForm">

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="+mvmSAOrSFVSNU1VvvnnAv5lt45aMHGRIkN033uMqlv/X2Fn2421RrzZayJqLBBTzwEnVTCtLeOrFnkbGP1c32c1p4dJwgJeute2MMWvNkRY1wHA" />

<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="0BFA92C5" />






Surajit Kundu

Show all comments