Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Same issue encountered in https://www.drupal.org/project/drupal/issues/2795965 but in the latest recommended version.
Getting this message though provided correct X-CSRF-token.
{
"message": "X-CSRF-Token request header is invalid"
}
Comments
Comment #2
johnreytanquinco commentedAfter trying to fix for several hours, I found out that this error message only comes when using Postman, but I was able to successfully run PATCH request from online api rest tool.
Comment #3
wim leersThat is … weird. I wonder what Postman is doing wrong then…
If you can ever come up with steps to reproduce this problem, feel free to reopen!
Comment #5
kuldeep k commentedGot the same issue with an API into POSTMAN. Have you figured it out ?
Comment #6
johnreytanquinco commentedthis is my updated post issue https://www.drupal.org/project/drupal/issues/2976542
Comment #7
Sana.Neyazi commentedGetting the same issue with POST API. Although i have provided correct X-CSRF-token.
Comment #8
Alice Heaton commentedFor anyone finding this issue now, note you will get this error if you're using OAuth authentication, but still sending a session cookie with your REST request. Make sure the tool you're using to test does not store and send cookies between requests.
This could explain why it failed for POSTMAN but not other tools.
Comment #9
fuegonju commentedThanks @Alice Heaton, worked for me!
Comment #10
udhaya kumar commentedThanks @Alice Heaton It works.
To resolve the issue Go to the postman cookies and clear all cookies and send request again you should get a response in API
Comment #11
juancarielo commentedIt worked too, thanks @Alice Heaton.