BAD CSRF Response When Trying to Delete User by API

(Justin Dennis) #1

I am trying to delete a user by API following the docs.

We use SSO, which seems to make the API require a cookie header coming from SSO authentication. I got past that, and as long as I supply the cookie, other types of actions work fine by GET. But the DELETE results in this “BAD CSRF” error.

Maybe a bug? I don’t even know where to begin troubleshooting this. Any help appreciated.

(Jeff Atwood) #2

Are you using an API key for this action? It is required.

(Justin Dennis) #3

Yes. I’ve tried both the generic one for “system” and my own, as an admin. I have been passing these as GET or POST parameters along with the cookie.