csrf_token_mismatch when calling /api/users to add a new user

andycastles

Hi all

I'm not sure if this is related to the most recent beta release, I was running beta12 and have recently upgraded to beta13.

The problem I'm having is that I'm trying to add a new user using the API with an API Key for authentication. However I'm getting a 400 csrf_token_mismatch error. It is as if the /api/users endpoint is ignoring the API key and checking for CSRF. I know that this was working before as I have various users already added using this system but between some changes I made myself to my code and the upgrade to beta13 I'm not sure what is causing the problem.

To try to determine where the problem is I've setup Postman to call the API directly (thereby avoiding my own code and any possible errors there). I'm doing:

POST to {{url}}/api/users

Headers:
Authorization:Token {{forumApiToken}}; userId={{forumApiUserId}}

Body:

{
	"data": {
		"type": "users"
		"attributes": {
			"username": "xxxxxxxx",
			"password": "xxxxxxxx",
			"email": "xxxxxxxx@andrewc.com"
		}
	}
}

Am I doing something wrong or has something changed in Beta13?

Thanks!

andycastles

It looks like it's a problem with my Apache configuration. I'm using proxy:fcgi to allow PHP5 and PHP7 to coexist on the same box. Of two identical forums in two sites on the same server (sharing the same database and the same directory, symbolically linked) one allows access to the API and the other gives the CSRF mismatch. Luckily it's not an issue with beta 13.