POST request fails to interact with site

Question

I am trying to login to a site called grailed.com and follow a certain product. The code below is what I have tried.

The code below succeeds in logging in with my credentials. However whenever I try to follow a product (the id in the payload is the id of the product) the code runs without any errors but fails to follow the product. I am confused at this behavior. Is it a similar case to Instagram (where Instagram blocks any attempt to interact programmatically with their site and force you to use their API (grailed.com does not have a API for the public to use AFAIK)

I tried the following code (which looks exactly like the POST request sent when you follow on the site).

headers/data defined here
r = requests.Session()
v = r.post("https://www.grailed.com/api/sign_in", json=data,headers = headers)

headers = {
    'authority': 'www.grailed.com',
    'method': 'POST',
    "path": "/api/follows",
    'scheme': 'https',
    'accept': 'application/json',
    'accept-encoding': 'gzip, deflate, br',
    "content-type": "application/json",
    "x-amplitude-id": "1547853919085",
    "x-api-version": "application/grailed.api.v1",
    "x-csrf-token": "9ph4VotTqyOBQzcUt8c3C5tJrFV7VlT9U5XrXdbt9/8G8I14mGllOMNGqGNYlkES/Z8OLfffIEJeRv9qydISIw==",
    "origin": "https://www.grailed.com",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
}
payload = {
    "id": "7917017"
}
b = r.post("https://www.grailed.com/api/follows",json = payload,headers = headers)

Answer 1

If API is not designed to be public, you are most likely missing csrf token in your follow headers. You have to find an CSRF token, and add it to /api/follows POST. taking fast look at code, this might be hard as everything goes inside javascript.