Requesting and submitting an XSRF token

Content Platform for Cloud Scale Management API Reference
Version
2.4.x
Audience
anonymous
Part Number
MK-HCPCS007-07

To protect against cross-site-request forgery, the Object Storage Management MAPI requires an XSRF token in all requests.

The Object Storage Management MAPI requires you to pass the XSRF token both in the request header and as a cookie within the request.

Note: The XSRF token has a limited lifetime, so it's best to obtain a fresh token before issuing every group of requests.

To obtain the token and pass it as part of a request:

  1. Obtain the token.
    The following command string obtains the token, locates it within the response, strips out extraneous text, and stores it as a variable: 
    xsrf='curl -skc - https://hcpcs_cluster.com:9099/ \
-H "user-agent: Mozilla" | grep XSRF-TOKEN | cut -d$'\t' -f 7'
  2. Include the token both in the request header and as a cookie within a MAPI request.
    The following command string uses an OAuth token defined as the variable $token in a MAPI request to list the user maria: 
    curl -s -k -H "X-XSRF-TOKEN:${xsrf}" \
-H "Authorization: Bearer $token" \
-b "XSRF-TOKEN=${xsrf}" -H "accept: application/json" \
-H "Content-Type: application/json" 
-d '{"nameFilter": "maria"}' \
-X POST https://hcpcs_cluster.com:9099/mapi/v1/user/list