Hi all, I’m doing a POST request to a Rest API and receive JSON response back with new cookies generated in the cookie manager. However, when I tried to rerun the POST request, I get this error message on the response body. "Invalid CSRF Token ‘null’ was found on the request parameter ‘_csrf’ or header ‘X-CSRF-TOKEN’ ". Does anyone know what the issue might be? if I delete the cookie manually and rerun it works fine but I tried to do it programmatically and I didn’t find any solution for it.
It seems that the REST API you are calling has been designed to be used in a browser.
The error you are getting is related to a security feature that ensures that external websites cannot call this endpoint and misuse the fact that the user is logged in.
Usually, this is done by sending a header and a cookie with the same value. Have a look at a request in the browser and try to identify how this looks like. Depending on the implementation in the backend, it may or not be possible to use this in Postman.
Feel free to get back with more details and screenshots.
Thanks @vdespa. I was able to solve the issue by doing a GET request inside a pre-request script and capture the ‘x-csrf-token’ into an environment variable.