Getting ["BAD CSRF"] when updating topic via API [python]

pedroleaoc · August 9, 2021, 7:25pm

Hey folks, I am having issues updating a topic. I am able to get the id of the first post as shown here. This is confirmed by running the following:

import requests
from requests.structures import CaseInsensitiveDict

url = "https://my/discourse/instance/posts/{post_id}.json"

headers = CaseInsensitiveDict()
headers["Authorization"] = "{"api-key": "{le_api_key}", "api-username": "{le_username}"}"

resp = requests.get(url, headers=headers)

print(resp.status_code)

Which returns a 200 status code and the info I expected about the post.

But when I try:

import requests
from requests.structures import CaseInsensitiveDict

url = "https://my/discourse/instance/posts/{post_id}.json"

headers = CaseInsensitiveDict()
headers["Authorization"] = "{"api-key": "le_api_key", "api-username": "le_username"}"
headers["Content-Type"] = "application/json"

data = """
{
  "post": {
      "raw": "Cool post, but here's an updated to the post's body",
      "edit_reason": "I changed this because I can."
   }
}
"""

resp = requests.put(url, headers=headers, data=data)

print(resp.status_code)

I get
["BAD CSRF"]

I am an admin and my key is global. Ideally I would like to run this with a less permissive key.
This post is the first and only in a topic a created via the API.

Thank you so much in advance

Falco · August 9, 2021, 7:28pm

Why are you nesting the headers under this Authorization dict key? That is not documented at Discourse REST API Documentation

pedroleaoc · August 9, 2021, 7:53pm

You are right, that’s something the tool I am using to test the API is doing and it works and that’s a problem on itself apparently:

header1 = CaseInsensitiveDict()
header1["Authorization"] = '{"api-key": "longapikey", "api-username": "myusername"}'

header2 = {"api-key": "longapikey", "api-username": "myusername"}

r = requests.get(url, headers= HEADER)

When HEADER == header1, it works, when == header2, I get:

{"errors":["You are not permitted to view the requested resource. The API username or key is invalid."],"error_type":"invalid_access"}

Thanks for your reply btw!

Topic		Replies	Views
What's the correct `content-type` when editing posts? Dev rest-api	10	1001	August 10, 2021
'BAD CSRF' while creating a new post Support	2	1749	May 23, 2020
Possible to change a topic's timestamp? Support	3	43	November 5, 2024
I'm getting bad CSRF error even after setting api keys and usernames to my headers General	2	839	April 16, 2022
Creating a topic via the API using Node.js Dev	12	2086	March 30, 2020

Getting ["BAD CSRF"] when updating topic via API [python]

Related topics