Can't verify CSRF token authenticity while creating topics

attj · July 28, 2022, 10:31pm

My curl looks as follows:

curl -X POST 'https://example.com/posts' \
-H "Content-Type: multipart/form-data;" \
--form 'Api-Key="redacted"' \
--form 'Api-Username="redacted"' \
--form 'title="Test topic"' \
--form 'raw="Hey this is a topic."'

I get a [“BAD CSRF”] reply and the production logs say Can’t verify CSRF token authenticity. I checked this topic https://meta.discourse.org/t/bad-csrf-on-creating-new-topic-via-api/89345 but it is basically caused by a typo so I guess there is something different here. I double checked the api-key and the username and they are still active on the website. I would appreciate any suggestions that you may have. Thanks!

Gaurav_Tewari · November 4, 2022, 7:06pm

Hi, Your Curl request is giving 403 BAD CSRF error because Api-Key and Api-Username are not passed in the header along with Content-Type. Do this change and it will work.

Thanks
GT

Topic		Replies	Views
Possible to change a topic's timestamp? Support	3	43	November 5, 2024
[API] "Can't verify CSRF token authenticity" when attempting to update avatar for user Dev rest-api	0	793	September 8, 2022
I'm getting bad CSRF error even after setting api keys and usernames to my headers General	2	840	April 16, 2022
Getting ["BAD CSRF"] when updating topic via API [python] Dev rest-api	2	941	August 9, 2021
Invalid Access when attempting to delete the About This Category topics Support	3	474	February 12, 2019

Can't verify CSRF token authenticity while creating topics

Related topics