Jump to: navigation, search

Using CSRF/XSRF tokens

Overview

Every POST, PUT and DELETE request in iWD's REST API, as well as GET requests described in Login via GET parameters, should include a CSRF/XSRF token.

Important
All such requests sent without a CSRF/XSRF token result in a HTTP code 403.

Procedure

  1. Send any GET request to iWD Manager (such as GET/iwd_manager).
  2. Read the value of a token from the XSRF-TOKEN cookie in the received response.
  3. Use the token value in subsequent REST API requests by setting it up in either the X-XSRF-TOKEN header or the _csrf query parameter.
This page was last edited on March 31, 2021, at 09:16.
Comments or questions about this documentation? Contact us for support!