🛡️ CSRF Protection API
The CSRF Protection API provides a way to protect against cross-site request forgery (CSRF) attacks.
General Info
- CSRF Protection: Required for all authenticated
POST,PUT, andDELETErequests. - This API endpoint will return a token for use in the
X-CSRF-Tokenheader. - Use
X-CSRF-Tokenheader for protected routes.
Endpoints
🟡 GET /csrf-token
- Returns a token for use in the
X-CSRF-Tokenheader. - Creates a session to ensure incoming requests are from a valid source.
✅ Successful Response:
200 OK- CSRF token is created.
{
"csrf_token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6"
}
📌 Notes:
- Use this token in the
X-CSRF-Tokenheader for protected routes. - You will receive a
419 Authentication Timeouterror if the token is invalid or missing.