HTTP Headers and Cookies

Use HTTP headers and cookies to retrieve application connection information.

Note: In SAP Mobile Platform 3.0, applications should adopt the header format X-SMP-XXX. To maintain backward compatibility, the applications built in earlier version continue to use the header format X-SUP-XXX. However, X-SUP-XXX headers will be removed from future releases.

Cookies are returned by servers in the HTTP response header (Set-Cookie header) and included by the HTTP client (for example, a browser) in the subsequent HTTP request header (cookie header). Supported headers are:

X-SMP-APPCID – communicates the application connection ID as that is generated by the application from which the request originates, or as issued by the server using the X-SMP-APPCID cookie. The X-SMP-APPCID value has a maximum length of 128 characters. If an onboarding request does not include X-SMP-APPCID, the server automatically generates a value. The client or application should send this value for all subsequent requests. If the X-SMP-APPCID value is not sent from the client, all subsequent request-response interactions result in an 403 Forbidden error.
X-SMP-APPCID is received as a cookie, but the client returns it to the server either as a cookie or as a header.
X-SMP-BACKEND-URL – application can provide the back-end request URL via an X-SMP-BACKEND-URL header while sending the request to SAP Mobile Platform Server. The server forwards the request to the URL provided in the X-SMP-BACKEND-URL.
If the X-SMP-BACKEND-URL header is present in the request, URL rewrite is disabled.

Note: To avoid errors, ensure that the URL is whitelisted in the server.
X-SMP-REQUESTID – communicates the request ID as generated by the application from which the request originates, or as issued by the server that is using the X-SMP-REQUESTID cookie.