QRS API using Xrfkey header in Postman Chrome Extension
Qlik Sense Repository Service API (QRS API) contains all data and configuration information for a Qlik Sense site. The data is normally added and updated using the Qlik Management Console (QMC) or a Qlik Sense client, but it is also possible to communicate directly with the QRS using its API. This enables the automation of a range of tasks, for example:
Start tasks from an external scheduling tool
Change license configurations
Extract data about the system
Using Xrfkey header
A common vulnerability in web clients is cross-site request forgery, which lets an attacker impersonate a user when accessing a system. Thus we use the Xrfkey to prevent that, without Xrfkey being set in the URL the server will send back a message saying: XSRF prevention check failed. Possible XSRF discovered. Some users like to use Postman for API calls and testing purposes, for more details on this see https://www.getpostman.com/docs/
This procedure has been tested with Qlik Sense 2.x and Qlik Sense 3.x.