Developer Community

Reply
New Contributor

CSRF token missing or incorrect

I am using python 3 to login via the Aruba Central API and then try to retrieve an authorization token. 

 

I am getting the error CSRF token missing or incorrect.

 

The requests library is using a session manager which automatically passes the csrftoken and session cookies to the next request being made, but they are not being accepted even though they are being directly generated from the previous request.

 

Things i double checked:

  • both requests are using the same client_id
  • the hostname for the api endpoint works correctly for the first api request, so it should work for the second

The best documentation I could find on making these requests was a PDF found from a google search.

 

https://help.central.arubanetworks.com/2.4.7/documentation/online_help/content/pdfs/central/aruba_central_api_gateway_automation_guide.pdf

 

 

import requests, json, pprint

session = requests.Session()

url = "https://apigw-prod2.central.arubanetworks.com/oauth2/authorize/central/api/login"

querystring = {"client_id":"REMOVED"}

payload = {"username":"REMOVED", "password" : "REMOVED"}

response = session.post(url, json=payload, params=querystring)

print('response cookies', response.cookies)

url = "https://apigw-prod2.central.arubanetworks.com/oauth2/authorize/central/api"

querystring = {"client_id":"REMOVED","response_type":"code","scope":"read"}

response = session.post(url, params=querystring)

print('request headers sent', response.request.headers)

pprint.pprint(json.loads(response.text))

How can I get this to work?

 

Highlighted
MVP Expert

Re: CSRF token missing or incorrect

Hi,

 

You need to add X-CSRF cookie, you can look

https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Need-some-help-with-the-Central-API/m-p/403759/highlight/true#M175 (attach txt file) or the powershell example https://community.arubanetworks.com/t5/Developer-Community/Powershell-example/m-p/514358/highlight/true#M113

 

the CSRF is return when make the first connection and you need to send on each request

 

 




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
New Contributor

Re: CSRF token missing or incorrect

Hi it worked. Can you please put a link to the official documentation that mentions this? I couldn't find it anywhere. Thanks

MVP Expert

Re: CSRF token missing or incorrect

on your pdf...

 

Pass the CSRF-TOKEN value you obtained in step one in the request header, otherwise the request will be rejected.

 




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
New Contributor

Re: CSRF token missing or incorrect

For those who also couldn't get this to work, the response from the api returns a Set-Cookie header with csrftoken=<TOKEN_DATA>; session=<SESSION_DATA> but an ADDITIONAL HEADER containing the exact same CSRF token is required to make a request.

 

These are the headers sent to make a successful api request via the python requests library:

 

{'User-Agent': 'python-requests/2.18.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-CSRF-TOKEN': '##3207d77024a06e0
c82282ddfc315ae5127a2ba7f', 'Cookie': 'csrftoken=##3507d77024a05e0c82282ddec315ae5127a2ba7f; session=edc2d6d4539809a0_5e66ade6.XObDI4NNmg58LxRAtgl6WtMjLUw', 'Content-Length': '0
'}

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: