https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88654#M39167 Hi Eric, thank you for suggesting this. Tried with Utility Http 10.0 version and provided bearer token and bearer token flag. No difference. "The remote server returned an error: (403) Forbidden."&nbsp; &nbsp;Tried Http Request , Post actions and the behavior is same.&nbsp;<BR /><BR />Need a way to extract the cookie to submit in the subsequent requests. Any other suggestions ?. Thank you.<BR /><BR />------------------------------<BR />Prabhakara Kumar Malireddi<BR />Architect<BR />Cognizant Technology Services<BR />America/Chicago<BR />------------------------------<BR /> Thu, 02 Feb 2023 21:06:00 GMT Prabhakara_Kuma 2023-02-02T21:06:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88648#M39161 Hi,&nbsp;&nbsp;<BR /><BR />I'm having an issue with an API invocation that needs OAuth 2.0 (JWT Bearer Token) mechanism with CSRF token (refer below link for details). Able to invoke API through postman tool however, having difficulty in invoking the API via Blue prism. Have tried two options on Blue Prism 1. Configure Web API Services and invoke end point 2. Utility-HTTP -&gt; HTTP Request. Able to generate token in 2nd option but unable to invoke API successfully using the token generated. It throws 403 Forbidden error "Could not verify the provided CSRF token because your session was not found"<BR />The observation is that PostMan is using Bearer &lt;Token&gt; + cookie value. Below is the test script. Not sure how to achieve this in Blue Prism.&nbsp; Unable to use Fiddler as it is restricted in the organization.&nbsp;<BR /><BR />var xsrfcookie = postman.getResponseCookie('XSRF-TOKEN');<BR />postman.setEnvironmentVariable('xsrf-token',xsrfcookie.value);<BR /> <P>&nbsp;<BR />CSRF Token setup: <A href="https://www.baeldung.com/postman-send-csrf-token" target="_blank" rel="noopener">https://www.baeldung.com/postman-send-csrf-token</A></P> Appreciate your help<BR /><BR />Thanks, Prabhakar<BR /><BR />------------------------------<BR />Prabhakara Kumar Malireddi<BR />Architect<BR />Cognizant Technology Services<BR />America/Chicago<BR />------------------------------<BR /> Tue, 24 Jan 2023 03:22:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88648#M39161 Prabhakara_Kuma 2023-01-24T03:22:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88649#M39162 <P>Hi Prabhakara,</P> <P>Are you not getting it as part of response on authentication? It sometimes is part of the headers on authentication.</P> <P>Thanks.</P><BR /><BR />------------------------------<BR />Gopal Bhaire<BR />------------------------------<BR /> Tue, 24 Jan 2023 05:31:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88649#M39162 GopalBhaire 2023-01-24T05:31:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88650#M39163 Hi Gopal,&nbsp;<BR /><BR />Thanks for your help.&nbsp; Yes,&nbsp; i see similar to this: - " dtCookie=xxx-yyyy-dfdfdf-sdfsdf-dfedfdsfsdfdsfsdf; Path=/; Domain=xx.com,PF=ABCDEDD;Path=/;Secure;HttpOnly;SameSite=None" .&nbsp; Tried with value cookie value but didn't work.&nbsp; Am i missing something?<BR /><BR />Appreciate your help.<BR /><BR />------------------------------<BR />Prabhakara Kumar Malireddi<BR />Architect<BR />Cognizant Technology Services<BR />America/Chicago<BR />------------------------------<BR /> Tue, 24 Jan 2023 22:01:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88650#M39163 Prabhakara_Kuma 2023-01-24T22:01:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88651#M39164 <P>Hi Prabhakara,</P> <P>I think the token is part of cookie. You can modify the code to get cookies from the response.</P> <P>Make a duplicate of HTTP Request page and try the following code (untested) on line 66, you might have to add one more text output cookies<BR /><BR /></P> <PRE class="language-vbnet"><CODE>Using response As HttpWebResponse = request.GetResponse() For Each cookie As Cookie In response.Cookies cookies += cookie.Name.ToString() + cookie.Value.ToString() + cookie.Path.ToString() + cookie.Domain.ToString() Next</CODE></PRE> <P></P><BR /><BR />------------------------------<BR />Gopal Bhaire<BR />------------------------------<BR /> Wed, 25 Jan 2023 04:46:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88651#M39164 GopalBhaire 2023-01-25T04:46:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88652#M39165 <a href="https://community.blueprism.com/t5/user/viewprofilepage/user-id/52269">@Prabhakara_Kuma</a>,<BR /><BR />First question I always ask in a situation where someone's having problems using the HTTP VBO for token/apikey authentication is, have you downloaded the latest version of the HTTP VBO from the DX? If you're using the version that came with your Blue Prism installation you are not using the latest one.​<BR /><BR />The version available on the DX has a few new options including a flag to signify that a bearer token will be used.&nbsp;<BR /><BR />Cheers,<BR /><BR />------------------------------<BR />Eric Wilson<BR />Director, Integrations and Enablement<BR />Blue Prism Digital Exchange<BR />------------------------------<BR /> Wed, 25 Jan 2023 22:13:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88652#M39165 ewilson 2023-01-25T22:13:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88653#M39166 Thanks Gopal for the response. Tried to extract cookie but it returns blank for some reason. Same is the case for authentication or API invocation (throws 403 error anyway). Kindly let me know if any other suggestions.<BR /><BR />------------------------------<BR />Prabhakara Kumar Malireddi<BR />Architect<BR />Cognizant Technology Services<BR />America/Chicago<BR />------------------------------<BR /> Thu, 02 Feb 2023 20:58:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88653#M39166 Prabhakara_Kuma 2023-02-02T20:58:00Z https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88654#M39167 Hi Eric, thank you for suggesting this. Tried with Utility Http 10.0 version and provided bearer token and bearer token flag. No difference. "The remote server returned an error: (403) Forbidden."&nbsp; &nbsp;Tried Http Request , Post actions and the behavior is same.&nbsp;<BR /><BR />Need a way to extract the cookie to submit in the subsequent requests. Any other suggestions ?. Thank you.<BR /><BR />------------------------------<BR />Prabhakara Kumar Malireddi<BR />Architect<BR />Cognizant Technology Services<BR />America/Chicago<BR />------------------------------<BR /> Thu, 02 Feb 2023 21:06:00 GMT https://community.blueprism.com/t5/Product-Forum/API-Issue-quot-Could-not-verify-the-provided-CSRF-token-because/m-p/88654#M39167 Prabhakara_Kuma 2023-02-02T21:06:00Z