When authentication is handled by a reverse proxy server as described in the section
Reverse Proxy Authentication, API requests that change data, i.e. POST, PUT and
DELETE requests, are subject to cross-site request forgery (CSRF) protection. For these requests to be accepted
by IQ Server, they need to include the HTTP header X-CSRF-TOKEN
along with an HTTP cookie named CLM-CSRF-TOKEN
where both the header and the cookie carry the same value. The specific value chosen is irrelevant, it only needs
to be the same for the header and the cookie.
Please refer to the documentation of your respective HTTP client on how to supply the header and cookie. For the cURL tool used in our earlier examples, this can be accomplished as follows:
curl --header "X-CSRF-TOKEN: api" --cookie "CLM-CSRF-TOKEN=api" ...
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia