0 votes


I have a trouble with the openUrlSecure POST request.

I check with postman and i got a 200 ok response but with openUrlSecure I got: Unauthorized : CSRF validation failed from the server. statuscode 401.

my code:

function test1() {
    var headers = TStringList.Create;
    try {
        headers.Add('Content-Type: application/json; charset=utf-8');
        headers.Add('X-CSRF-Token: XXX');

        var data = JSON.stringify({ "username": "XX", "password": "XXX"});
        var openURLResult  = Efficy.openUrlSecure("https://myPath/login.json", data, headers.Text, "POST");

    } catch(e){
    finally {
    return openURLResult.statusCode;

To get the token run a similar function with no data and no token header and it work fine.

asked in Partners by (182 points)

2 Answers

0 votes
Best answer

Be sure the header from the token is correct:

  1. Double check the casing
  2. Maybe the token itself should be passed as a string between double quotes, e.g. "XXX"

Like this:

headers.Add('X-CSRF-Token: "XXX"');

Instead of using the TStringList, you could also stay native JS and work with an array:

headers = ['Content-Type: application/json; charset=utf-8', 'X-CSRF-Token: "XXX"'].join("\n");

answered by (6.8k points)
selected by
Did you find the source of the issue?
+1 vote


I advise you to run these 2 requests (1 with postman, 1 with your script) on your local server (in http) and see with Wireshark what are the differences between them.

Alternatively, you can run these 2 requests on a "request bin" (ex : http://requestbin.fullcontact.com) and compare the results.



answered by (659 points)
Welcome to Efficy Overflow, where you can ask questions and receive answers from other members of the community.
1,166 questions
1,424 answers
325 users