To protect against cross-site-request forgery, the Storage Manager MAPI requires an XSRF token and a Vert.x web session token in all requests. A MAPI method is provided to return the tokens in cookies for use in subsequent MAPI calls.
The Storage Manager MAPI requires you to pass the XSRF token in the request header, and the XSRF token and Vert.x web session information as a cookie, within each request. If you do not use the tokens in a request, it will fail with a 401 (invalid) error.
To obtain the token and session information, use the MAPI method GET /csrf. Then, use the provided cookies in subsequent requests.