https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890809#M3065 <HTML><HEAD></HEAD><BODY><P>Jeff, in one of the environment, qlik sense is returning 403 error for a ticket request. Is there a way to turn on logging to get granular debug messages for ticket api?</P></BODY></HTML> Wed, 13 May 2015 01:53:23 GMT rthamman 2015-05-13T01:53:23Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890803#M3059 <HTML><HEAD></HEAD><BODY><P>ticket REST api in Qlik Sense is returning "XSRF prevention check failed. Possible XSRF discovered." error. Xrf key is in the URL and the header. Any thoughts?? Below is the code snippet:</P><P></P><P>.</P><P>.</P><P>.</P><P>.</P><TABLE><TBODY><TR><TD>&nbsp;&nbsp; </TD><TD> </TD><TD>String Xrfkey = "0123456789abcdef";</TD></TR></TBODY></TABLE><P></P><TABLE><TBODY><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD><SPAN> String targetURL = "</SPAN><A class="jive-link-external-small" href="https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=" rel="nofollow">https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=</A><SPAN>";</SPAN></TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> </TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> URL url = new URL(targetURL + "?Xrfkey=" + Xrfkey);</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request = (HttpsURLConnection)url.openConnection();</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setRequestMethod("POST");</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setRequestProperty("Content-Type", "application/json");</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setRequestProperty("X-Qlik-Xrfkey", Xrfkey);</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setUseCaches(false);</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setDoInput(true);</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> request.setDoOutput(true);</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> </TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> String userDirectory = "USERDIRECTORY";</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> String userId= "USERID";</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> String body = "{'UserDirectory':'" + userDirectory + "', 'UserId':'" + userId + "','Attributes': []}";</TD></TR><TR><TD>&nbsp;&nbsp; </TD><TD></TD><TD> byte[] bodyBytes = body.getBytes("UTF-8");</TD></TR></TBODY></TABLE><P></P><P>.</P><P>.</P><P></P><P>Error:</P><P>0070: 46 72 69 2C 20 31 30 20&nbsp;&nbsp; 41 70 72 20 32 30 31 35&nbsp; Fri, 10 Apr 2015</P><P>0080: 20 30 36 3A 34 38 3A 31&nbsp;&nbsp; 30 20 47 4D 54 0D 0A 53&nbsp;&nbsp; 06:48:10 GMT..S</P><P>0090: 65 72 76 65 72 3A 20 51&nbsp;&nbsp; 50 53 2F 31 2E 31 2E 30&nbsp; erver: QPS/1.1.0</P><P>00A0: 2E 30 20 4D 69 63 72 6F&nbsp;&nbsp; 73 6F 66 74 2D 48 54 54&nbsp; .0 Microsoft-HTT</P><P>00B0: 50 41 50 49 2F 32 2E 30&nbsp;&nbsp; 0D 0A 44 61 74 65 3A 20&nbsp; PAPI/2.0..Date: </P><P>00C0: 46 72 69 2C 20 31 30 20&nbsp;&nbsp; 41 70 72 20 32 30 31 35&nbsp; Fri, 10 Apr 2015</P><P>00D0: 20 30 36 3A 34 38 3A 31&nbsp;&nbsp; 30 20 47 4D 54 0D 0A 0D&nbsp;&nbsp; 06:48:10 GMT...</P><P>00E0: 0A 33 37 0D 0A 58 53 52&nbsp;&nbsp; 46 20 70 72 65 76 65 6E&nbsp; .37..XSRF preven</P><P>00F0: 74 69 6F 6E 20 63 68 65&nbsp;&nbsp; 63 6B 20 66 61 69 6C 65&nbsp; tion check faile</P><P>0100: 64 2E 20 50 6F 73 73 69&nbsp;&nbsp; 62 6C 65 20 58 53 52 46&nbsp; d. Possible XSRF</P><P>0110: 20 64 69 73 63 6F 76 65&nbsp;&nbsp; 72 65 64 2E 0D 0A 7F 6E&nbsp;&nbsp; discovered....n</P><P>0120: 8B 7B 18 15 D4 FC 0A 2C&nbsp;&nbsp; 9F 13 7E 96 27 99 3E 6B&nbsp; .......,....'.&gt;k</P><P>0130: C1 EB 0D 0D 0D 0D 0D 0D&nbsp;&nbsp; 0D 0D 0D 0D 0D 0D 0D 0D&nbsp; ................</P></BODY></HTML> Fri, 10 Apr 2015 06:59:06 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890803#M3059 rthamman 2015-04-10T06:59:06Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890804#M3060 <HTML><HEAD></HEAD><BODY><P>It appears you are supplying the xrfkey twice in parameters and you are missing a certificate to trust the communication when you make the web request.&nbsp; Here is the sample code from help.qlik.com.</P><P></P><P><A href="http://help.qlik.com/sense/en-us/developer/#../Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-Example-Connect-API-Certificates.htm%3FTocPath%3DQlik%2520Sense%2520Proxy%2520Service%2520API%7CExamples%7C_____1" title="http://help.qlik.com/sense/en-us/developer/#../Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-Example-Connect-API-Certificates.htm%3FTocPath%3DQlik%2520Sense%2520Proxy%2520Service%2520API%7CExamples%7C_____1">http://help.qlik.com/sense/en-us/developer/#../Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-Exampl…</A>‌</P><P></P><P>See how your targetUrl has XrfKey param twice?</P><P></P><P><SPAN>String targetURL = "</SPAN><A class="jive-link-external-small" href="https://xx.xx.xx.xx:4243/qps/ticket" rel="nofollow">https://xx.xx.xx.xx:4243/qps/ticket</A><STRONG>?Xrfkey=</STRONG>";</P><P></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">URL url = new URL(targetURL + "<STRONG>?Xrfkey=</STRONG>" + Xrfkey);</SPAN></P><P></P><P>Even after you fix this it likely won't give you a ticket because you are not supplying a cert in the request.</P></BODY></HTML> Fri, 10 Apr 2015 18:42:21 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890804#M3060 2015-04-10T18:42:21Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890805#M3061 <HTML><HEAD></HEAD><BODY><P>Jeff,</P><P></P><P>I'm past the connectivity point.It is the qlik ticket API that is throwing the error. Here's the code. I have removed the ip address, etc...</P><P></P><P>import java.io.BufferedReader;</P><P>import java.io.DataOutputStream;</P><P>import java.io.File;</P><P>import java.io.FileInputStream;</P><P>import java.io.InputStream;</P><P>import java.io.InputStreamReader;</P><P>import java.net.URL;</P><P>import java.security.KeyStore;</P><P>import java.security.SecureRandom;</P><P></P><P>import javax.net.ssl.HostnameVerifier;</P><P>import javax.net.ssl.HttpsURLConnection;</P><P>import javax.net.ssl.KeyManagerFactory;</P><P>import javax.net.ssl.SSLContext;</P><P>import javax.net.ssl.SSLSession;</P><P>import javax.net.ssl.SSLSocketFactory;</P><P></P><P></P><P></P><P>public class QlikTicket {</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; static {</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //if certificate for create for an IP address you need to do this.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; public boolean verify(String hostname, SSLSession session)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (hostname.equals("xx.xx.xx.xx"))</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return true;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return false;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; });</P><P>&nbsp;&nbsp;&nbsp; }</P><P></P><P>&nbsp;&nbsp;&nbsp; public static void main(String args[]) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpsURLConnection request = null; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; InputStream inputStream = null;</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; KeyStore keyStore&nbsp; = KeyStore.getInstance(KeyStore.getDefaultType());</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FileInputStream instream = new FileInputStream(new File("path to jks that has the client cert"));</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyStore.load(instream, "password".toCharArray());</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; instream.close();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String Xrfkey = "0123456789abcdef";</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String targetURL = "<A class="jive-link-external-small" href="https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=" rel="nofollow">https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=</A>";</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; URL url = new URL(targetURL + "?Xrfkey=" + Xrfkey);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request = (HttpsURLConnection)url.openConnection();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setRequestMethod("POST");</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setRequestProperty("Content-Type", "application/json");</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setRequestProperty("X-Qlik-Xrfkey", Xrfkey);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setUseCaches(false);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setDoInput(true);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setDoOutput(true);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String userDirectory = "USERDIRECTORY";</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String userId= "USERID";</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String body = "{'UserDirectory':'" + userDirectory + "', 'UserId':'" + userId + "','Attributes': []}";</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; byte[] bodyBytes = body.getBytes("UTF-8");</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyManagerFactory.init(keyStore, "password".toCharArray());</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLContext sslContext = SSLContext.getInstance("TLS");</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setSSLSocketFactory(sslSocketFactory);</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setDoOutput(true);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request.setDoInput(true);</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DataOutputStream out = new DataOutputStream(request.getOutputStream());</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; out.write(bodyBytes);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; out.flush();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; out.close();</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStream = request.getErrorStream();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; InputStreamReader inputStreamReader = null;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String string = null;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BufferedReader bufferedreader = null;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(inputStream != null) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStreamReader = new InputStreamReader(inputStream);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bufferedreader = new BufferedReader(inputStreamReader);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string = null;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while ((string = bufferedreader.readLine()) != null) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.out.println("Error Received " + string);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStream = request.getInputStream();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStreamReader = new InputStreamReader(inputStream);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bufferedreader = new BufferedReader(inputStreamReader);</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while ((string = bufferedreader.readLine()) != null) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.out.println("Received " + string);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStream = request.getInputStream();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStreamReader = new InputStreamReader(inputStream);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bufferedreader = new BufferedReader(inputStreamReader);</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while ((string = bufferedreader.readLine()) != null) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.out.println("Received " + string);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }catch (Exception ex) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ex.printStackTrace();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(inputStream != null) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inputStream.close();</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch(Exception ex1) {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; }&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P></P><P>}</P><P></P><P>Error:</P><P></P><P>00C0: 46 72 69 2C 20 31 30 20&nbsp;&nbsp; 41 70 72 20 32 30 31 35&nbsp; Fri, 10 Apr 2015</P><P>00D0: 20 30 36 3A 34 38 3A 31&nbsp;&nbsp; 30 20 47 4D 54 0D 0A 0D&nbsp;&nbsp; 06:48:10 GMT...</P><P>00E0: 0A 33 37 0D 0A 58 53 52&nbsp;&nbsp; 46 20 70 72 65 76 65 6E&nbsp; .37..XSRF preven</P><P>00F0: 74 69 6F 6E 20 63 68 65&nbsp;&nbsp; 63 6B 20 66 61 69 6C 65&nbsp; tion check faile</P><P>0100: 64 2E 20 50 6F 73 73 69&nbsp;&nbsp; 62 6C 65 20 58 53 52 46&nbsp; d. Possible XSRF</P><P>0110: 20 64 69 73 63 6F 76 65&nbsp;&nbsp; 72 65 64 2E 0D 0A 7F 6E&nbsp;&nbsp; discovered....n</P><P>0120: 8B 7B 18 15 D4 FC 0A 2C&nbsp;&nbsp; 9F 13 7E 96 27 99 3E 6B&nbsp; .......,....'.&gt;k</P><P>0130: C1 EB 0D 0D 0D 0D 0D 0D&nbsp;&nbsp; 0D 0D 0D 0D 0D 0D 0D 0D&nbsp; ................</P></BODY></HTML> Fri, 10 Apr 2015 20:40:49 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890805#M3061 rthamman 2015-04-10T20:40:49Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890806#M3062 <HTML><HEAD></HEAD><BODY><P>did you change your code from</P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;">&nbsp; String targetURL = "<A class="jive-link-external-small" href="https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=" rel="nofollow" style="font-weight: inherit; font-style: inherit; font-family: inherit; color: #3778c7;">https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=</A>";</P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;">&nbsp; <SPAN style="line-height: 1.5em;"> URL url = new URL(targetURL + "?Xrfkey=" + Xrfkey);</SPAN></P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;"><SPAN style="line-height: 1.5em;"><BR /></SPAN></P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;">to something like below to remove the duplicate '?Xrfkey=' ?</P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;"></P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;">&nbsp; String targetURL = "<A class="jive-link-external-small" href="https://xx.xx.xx.xx:4243/qps/ticket?Xrfkey=" rel="nofollow" style="font-weight: inherit; font-style: inherit; font-family: inherit; color: #3778c7;">https://xx.xx.xx.xx:4243/qps/ticket?</A>";</P><P style="font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3d3d3d;">&nbsp; <SPAN style="line-height: 1.5em;">URL url = new URL(targetURL + "?Xrfkey=" + Xrfkey);</SPAN></P></BODY></HTML> Fri, 10 Apr 2015 21:37:12 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890806#M3062 2015-04-10T21:37:12Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890807#M3063 <HTML><HEAD></HEAD><BODY><P>Thanks Jeff. Removing the duplicate param worked.</P></BODY></HTML> Fri, 10 Apr 2015 23:56:18 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890807#M3063 rthamman 2015-04-10T23:56:18Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890808#M3064 <HTML><HEAD></HEAD><BODY><P>Rama, good to read that everything is working now.&nbsp; Please click on the Actions button on my reply above and choose correct answer or helpful.</P><P></P><P>Cheers,</P><P></P><P>Jeff G</P></BODY></HTML> Mon, 13 Apr 2015 13:48:06 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890808#M3064 2015-04-13T13:48:06Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890809#M3065 <HTML><HEAD></HEAD><BODY><P>Jeff, in one of the environment, qlik sense is returning 403 error for a ticket request. Is there a way to turn on logging to get granular debug messages for ticket api?</P></BODY></HTML> Wed, 13 May 2015 01:53:23 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890809#M3065 rthamman 2015-05-13T01:53:23Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890810#M3066 <HTML><HEAD></HEAD><BODY><P>The proxy log located in %programdata%\Qlik\Sense\Logs\Proxy\Audit Proxy log file is where you want to look.&nbsp; If you want to get it more granular, go to Proxies in the QMC and change the logging level from info to debug.</P><P></P><P>jg</P></BODY></HTML> Wed, 13 May 2015 14:41:55 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890810#M3066 2015-05-13T14:41:55Z https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890811#M3067 <HTML><HEAD></HEAD><BODY><P>Rama,</P><P></P><P>Does your server certificate or QlikClient certificate have a private key?&nbsp; You must use client and server certificates with public and private keys because Qlik Sense uses Transport Layer Security (TLS) to secure communication.&nbsp; No private keys on these certificates are the most common cause of 403 messages.</P><P></P><P>Because you are using java, do the certificates in your java keystore (jks) have private keys?</P><P></P><P>jg</P></BODY></HTML> Thu, 14 May 2015 17:45:14 GMT https://community.qlik.com/t5/Integration-Extension-APIs/quot-XSRF-prevention-check-failed-Possible-XSRF-discovered-quot/m-p/890811#M3067 2015-05-14T17:45:14Z