Reputation: 680
How to Use Postman to Authenticate to Django REST Framework
I am trying to figure out how to authenticate to the Django REST Framework with Postman. I have a Postman interceptor. But no matter what I try, I seem to get a 403 - CSRF verification failed. Request aborted.
In chrome, I go to DRF's default login point. I enter the username and password and click submit. It works in Chrome. With interceptor, I can see the POST. Now if I try that exact same POST in Postman, I get a 403 with the CSRF error. How is that even possible? Postman is doing exactly the same thing that chrome is doing. How can it be producing a different result?
Here's me logging in from Chrome...
Here's me doing the * exact same thing* with postman...
What am I missing? I keep reading about doing a GET request, looking at the set-cookie csrf token and value, and putting that in a header on my POST request. I've tried that and every variation I can think of to no avail.
Upvotes: 17
Views: 15540
Answers (1)
Reputation: 88689
Initially, send an HTTP GET request to the /api/auth/login/ URL (the login page) using Postman. This step is important to get the csrftoken from the response.
Before HTTP GET request
After sending the HTTP GET request, you will receive a
csrftokencookie as below,
Use this value in next HTTP POST request by settings it in the request header.
Alternatively, you can send the csrf token along with form-data instead of the header, using csrfmiddlewaretoken key.
Upvotes: 25
Related Questions
- Django rest-api: Postman can't see CSRF token
- Django Rest Framework Postman Token Authentication
- Postman 403 forbidden CSRF token missing for Django Rest
- Run django api from postman: CSRF verification failed
- Django Rest Framework, CSRF not Working in POST requests with Postman
- { "detail": "CSRF Failed: CSRF token missing or incorrect." }
- Sending CSRF Tokens via Postman
- Get request through postman with JWT
- Django/Django Rest Framework - Disable CSRF
- How to get Token from Django Rest Framework using postman