Qlik Sense QRS API using Xrfkey header in PowerShell

Damien_V — Wed, 18 Feb 2026 09:03:03 GMT

The Qlik Sense Repository Service API (QRS API) contains all data and configuration information for a Qlik Sense site. The data is normally added and updated using the Qlik Management Console (QMC) or a Qlik Sense client, but it is also possible to communicate directly with the QRS using its API. This enables the automation of a range of tasks, for example:

Start tasks from an external scheduling tool
Change license configurations
Extract data about the system

Using Xrfkey header

A common vulnerability in web clients is cross-site request forgery, which allows an attacker impersonate a user when accessing a system. Thus, we use the Xrfkey to prevent that; without Xrfkey being set in the URL, the server will send back a message saying: XSRF prevention check failed. Possible XSRF discovered.

Please note that this example is related to token-based licenses, and in case this needs to be configured with Professional Analyser type of licenses, you might need to use the following API calls:

/qrs/license/professionalaccesstype/full
/qrs/license/analyzeraccesstype/full

Furthermore, combining this with QlikCli and in case you need to monitor and more specifically remove users, the following link from the community might be useful: Deallocation of Qlik Sense License

Resolution

This procedure has been tested in a range of Qlik Sense Enterprise on Windows versions.

PowerShell 3.0 or higher (Installed by default in Windows 8 / Windows Server 2012 and later)
Make sure the Qlik Repository service is up and running and port 4242 is open on the target server

Method One: Authenticating through Qlik Proxy Service

Go to PowerShell ISE and paste the following script
In this example, we are sending a GET request with a header of Xrfkey=12345678qwertyui and we are addressing the end point of /about. For more details on all endpoints, please refer to Connecting to the QRS API

$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$url = "https://qlikserver1.domain.local/qrs/about?xrfkey=12345678qwertyui"
Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -UseDefaultCredentials

Method Two: Use the certificate and send a direct request to the Repository API

Open the Qlik Management Console and export the certificate. Please refer to Export client certificate and root certificate to make API calls with Postman for the procedure.
Make sure that port 4242 is open between the machine making the API call and the Qlik Sense server.
Import the certificate on the machine you will use to make API calls. This must be imported into the personal certificate store of your user in MMC. The following PowerShell script is fetching the Qlik Client certificate from the Certificate Personal store automatically for the current user. You may need to modify the script if you have QlikClient certificates imported from different Qlik Sense servers in the store.

Paste the below script in PowerShell ISE:

$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$hdrs.Add("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$url = "https://qlikserver1.domain.local:4242/qrs/about?xrfkey=12345678qwertyui"
Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -Certificate $cert

Execute the command.

A possible response for the 2 above scripts may look like this (Note that the JSON string is automatically converted to a PSCustomObject by PowerShell) :

buildVersion      : 23.11.2.0
buildDate         : 9/20/2013 10:09:00 AM
databaseProvider  : Devart.Data.PostgreSql
nodeType          : 1
sharedPersistence : True
requiresBootstrap : False
singleNodeOnly    : False
schemaPath        : About

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

mouha — Wed, 18 Oct 2023 15:28:10 GMT

hello

how to know the

xrfkey

best regards

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

Bjorn_Wedbratt — Thu, 19 Oct 2023 18:32:08 GMT

Hi @mouha,

The xrfkey can be any 16 character alphanumeric string as long as the same value is set in the URL and in the http header.

Björn

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

malyastya — Wed, 15 May 2024 10:54:16 GMT

Hello, @Bjorn_Wedbratt!

Where do I find xrfkey ?

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

Sonja_Bauernfeind — Fri, 17 May 2024 07:52:35 GMT

Hello @malyastya

The xrfkey can be any 16 character alphanumeric string as long as the same value is set in the URL and in the http header.

You can create this key in any way you wish.

All the best,
Sonja

article Qlik Sense QRS API using Xrfkey header in PowerShell in Official Support Articles

Qlik Sense QRS API using Xrfkey header in PowerShell

Using Xrfkey header

Resolution

Method One: Authenticating through Qlik Proxy Service

Method Two: Use the certificate and send a direct request to the Repository API

Related and advanced content

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

Re: Qlik Sense QRS API using Xrfkey header in PowerShell

Re: Qlik Sense QRS API using Xrfkey header in PowerShell