Looks like the issue has been resolved.
I would add one thought: Using Integration Gateway it should be possible to access both back-ends through a single service. Each entity in an OData service can be mapped to an appropriate back-end. This should leave you with needing to manage only one client-side URL and one CSRF token.
Regards,
Eric Solberg