API v2 Post with CSRF Token?
scudo
New
Hello,
I'm using Vanilla V2021.012 / API v2
I'm still quite inexperienced in dealing with APIs. I can get anything I want from the API using GET. But when I use POST I get the message 'invalid CSRF Token'.
<meta name="csrf-token" content="" />string(210) "{
"message": "Invalid CSRF token. Please try again.",
"status": 403,
"msg": "Invalid CSRF token. Please try again.",
"code": 403,
"except": [],
"type": "!csrf",
"description": null
}"
I understand that the CSRF token is generated on the server on the first call and stored in the session, right?
Or in local cookies?
However, how do I need to do this to get the correct CSFR token?
And how do I have to use it to avoid this error and e.g. add a new user in the database?
My code so far looks like this:
<?php
$url = "https://example.com/app/vanilla/api/v2/users";
// ???
$CSRF_Token = '';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
$headers = array(
"Accept: application/json",
// replaced by an example access token
"Authorization: Bearer {va.hdyeh^hdnjcdiernYHYNeuhe_eheyde.FGT674hYT.wyheef874}",
// "X-CSRF-TOKEN: $CSRF_Token"
);
$data = array(
'bypassSpam' => 'false',
'email' => 'theo@example.com',
'emailConfirmed' => 'true',
'name' => 'Theo Tester',
'password' => '1234567890',
'photo' => '',
'roleID' => [33]
);
$payload = json_encode(array($data));
// Attach encoded JSON string to the POST fields
curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
// Set the content type to application/json
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
// Return response instead of outputting
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
//for debug only!
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
var_dump($resp);
?>
Thank you very much for some enlightenment!!!