CSRF Token

[rpo-fr]

Hello,
could you update your example to work with CSRF cookie?
thanks

[BastianKalcher]

Hello,

I think I have the same problem.
I am trying to create an API request via PHP and still use the create_resource.php file.
But every time I execute it, I get the error message: "Missing or incorrect CSRF cookie type."

I have followed all the steps from this article.

The execution of get_resources.php works without any problems!

Thank you in advance!

[BastianKalcher]

Hello, could you update your example to work with CSRF cookie? thanks

Do this:

$gpgAuth->login();
$ch = curl_init($config['server_url'] . '/users/me.json?api-version=v2');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIE, $gpgAuth->getCookie());
$response = curl_exec($ch);
curl_close($ch);
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $response, $matches);
parse_str($matches[1], $csrfCookie);
$csrfToken = $csrfCookie['csrfToken'];
$sessionCookie = $gpgAuth->getCookie();
$ch = curl_init($config['server_url'] . '<your-api-call>?api-version=v2');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIE, $gpgAuth->getCookie());
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(<your-data>));
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'X-CSRF-Token: ' . $csrfToken,
'Accept: application/json',
'Content-Type: application/json',
'Cookie: ' . $sessionCookie
));
$response = curl_exec($ch);
curl_close($ch);

this worked yor me. My API calls are now accepted and executed.