When using API sometimes I get "CSRF token verification failed!"


If you are a Zammad Support or hosted customer and experience a technical issue, please refer to: support@zammad.com using your zammad-hostname / or company contract.

  • Used Zammad version: 2.80
  • Used Zammad installation source: package
  • Operating system: Ubuntu 16.04
  • Browser + version: Chrome 71.0.3578.98

Expected behavior:

  • I am using the API to create tickets through a form I have created that calls the API using Token Authentication to create an actual ticket.
  • I expect that the form will work consistently.

Actual behavior:

  • My form will work for a while from the same browser/tab but, sometimes, I will eventually get an error response with the message “CSRF token validation failure!”.
  • Once I get the error the only way to get the form to work again is to either close the browser (all tabs) or, if that did not work, to delete the cookies for the Zammad website.

Steps to reproduce the behavior:

  • Call API from web form to create a ticket multiple times.
  • I do sometimes login to the Zammad backend from the browser and my thought is that that may cause the problem but it is not consistent.

Please provide your script and log file from the moment the CSRF happens (with extra lines (~200) before and after the incident. Otherwise this will be hard to help you with.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.