https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2421790#M19965 <P>Hi,</P> <P>We have a weird situation. When we call QRS API at our test environment (<A href="https://help.qlik.com/en-US/sense-developer/August2023/Subsystems/RepositoryServiceAPI/Content/Sense_RepositoryServiceAPI/RepositoryServiceAPI-About-Get.htm" target="_self">..../qrs/about</A>), we get the following error message:</P> <P><STRONG>XSRF prevention check failed. Possible XSRF discovered.</STRONG></P> <P>Production environment works well. We use same Qlik edition - August 2023 patch 5</P> <P>Restarting services doesn't help.</P> <P>Appending "?xrfkey=16-char-string" doesn't help.</P> <P>Any pointers ? where to look ?</P> <P>Kind regards</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 21 Feb 2024 14:36:39 GMT tevkar1 2024-02-21T14:36:39Z https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2421790#M19965 <P>Hi,</P> <P>We have a weird situation. When we call QRS API at our test environment (<A href="https://help.qlik.com/en-US/sense-developer/August2023/Subsystems/RepositoryServiceAPI/Content/Sense_RepositoryServiceAPI/RepositoryServiceAPI-About-Get.htm" target="_self">..../qrs/about</A>), we get the following error message:</P> <P><STRONG>XSRF prevention check failed. Possible XSRF discovered.</STRONG></P> <P>Production environment works well. We use same Qlik edition - August 2023 patch 5</P> <P>Restarting services doesn't help.</P> <P>Appending "?xrfkey=16-char-string" doesn't help.</P> <P>Any pointers ? where to look ?</P> <P>Kind regards</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 21 Feb 2024 14:36:39 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2421790#M19965 tevkar1 2024-02-21T14:36:39Z https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2421938#M19967 <P>The most likely culprit is a mismatch or absence of the xrfkey parameter and/or header (<A href="https://help.qlik.com/en-US/sense-developer/Subsystems/RepositoryServiceAPI/Content/Sense_RepositoryServiceAPI/RepositoryServiceAPI-Connect-API-Using-Xrfkey-Headers.htm" target="_self">reference</A>). To use the example from the help doc:</P> <PRE>URL: https://localhost:4242/qrs/servernodeconfiguration/full?Xrfkey=abcdefghijklmnop Header: X-Qlik-Xrfkey: abcdefghijklmnop</PRE> <P>If you do not have the same Xrfkey specified in the URL param (?Xrfkey=abcdefghijklmnop) as in the X-Qlik-Xrfkey header, you will receive this response.</P> Wed, 21 Feb 2024 19:43:07 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2421938#M19967 Levi_Turner 2024-02-21T19:43:07Z https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2529249#M22481 <P>How should I pass Header with URL ?</P> Wed, 03 Sep 2025 07:22:31 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2529249#M22481 Tool_Tip 2025-09-03T07:22:31Z https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2529252#M22482 <P>How you specify headers depends totally on what technology you use for calling the APIs. Is it through a browser? Or Postman? Or programmatically through some programming language?</P> Wed, 03 Sep 2025 07:29:09 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Message-quot-XSRF-prevention-check-failed-Possible-XSRF/m-p/2529252#M22482 Øystein_Kolsrud 2025-09-03T07:29:09Z