REST API calls fail due to Missing XSRF Token

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When making a call to the Bamboo REST API, for example:

curl -u <bamboouser>:<bamboopass> <bamboo-url>/rest/api/latest/<some-endpoint>

The call fails and the following appears in your output:

ERROR:- 
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)

Cause

This specific error, XSRF_FAILURE_NO_TOKEN_IN_COOKIE, is caused by the cookie sent to Bamboo missing the atl.xsrf.token. 

Workaround

To work around this issue, please add the header X-Atlassian-Token: no-check to your API call. For example:

curl -u <bamboouser>:<bamboopass> -H 'X-Atlassian-Token: no-check'  <bamboo-url>/rest/api/latest/<some-endpoint>

Last modified on Aug 24, 2021

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.