REST API calls fail due to Missing XSRF Token
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When making a call to the Bamboo REST API, for example:
1
curl -u <bamboouser>:<bamboopass> <bamboo-url>/rest/api/latest/<some-endpoint>The call fails and the following appears in your output:
1
2
3
4
5
6
ERROR:-
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)Cause
This specific error, XSRF_FAILURE_NO_TOKEN_IN_COOKIE, is caused by the cookie sent to Bamboo missing the atl.xsrf.token.
Workaround
To work around this issue, please add the header X-Atlassian-Token: no-check to your API call. For example:
1
curl -u <bamboouser>:<bamboopass> -H 'X-Atlassian-Token: no-check' <bamboo-url>/rest/api/latest/<some-endpoint>Was this helpful?