$request.post throwing error


I am just building a sample app and tried making use of post call. I was trying to use $request.post like this:

$request.post(post_url, options).then (
  function(data) {
    console.log("posted successfully. Response " + JSON.parse(data));
  function(error) {

I got this error on hitting the above post call:

{ status: 400,
   { date: 'Fri, 05 Feb 2021 16:44:34 GMT',
     'content-type': 'text/html',
     'transfer-encoding': 'chunked',
     connection: 'close',
      [ '__cfduid=de00b92dad0bac6b99f5f57fc02171b251612543474; expires=Sun, 07-Mar-21 16:44:34 GMT; path=/; domain=.remotive.io; HttpOnly; SameSite=Lax' ],
     'cf-cache-status': 'DYNAMIC',
     'cf-request-id': '0814add1b40000dd8f7b006000000001',
      'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"',
     nel: '{"report_to":"cf-nel","max_age":604800}',
     server: 'cloudflare',
     'cf-ray': '61ce18c92ab5dd8f-SIN' },
   '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\n<title>400 Bad Request</title>\n<h1>Bad Request</h1>\n<p>Session expired (invalid CSRF token)</p>\n',
  attempts: 1,
  errorSource: 'APP' }

I looked up other product implementation of the request method, and its exactly how I have done. Can someone please help me understand this issue better?

Hi Viswesh, welcome to the community :slight_smile:

Can you let me know what you are passing in the options object?


Hi Viswesh,

The issue you are facing is Authentication problem. As the ERROR 400, which means the token or the API key you are using is not correct/valid.

I guess the request you make must have a valid CSRF token. So, try using a valid CSRF token . :slight_smile:


As @yusrakhatri and @Janani have suggested, we could make some progress… if you could share

  1. How your options look like
  2. The REST API docs you’re consuming. Would like to see, what authentication they require.


Thanks for having a look into this. To answer the queries:

  1. @yusrakhatri - This is the options object I had passed
let post_url = "https://test.remotive.io/api/job/post/new"
var options = {
    headers: {
      'Content-Type' : 'application/json',
      'Authorization' : 'Bearer ' + payload.api_key
    body: JSON.stringify(payload)

where payload object is:

 {"api_key":"xxxx","title":"sde-2","company_name":"FT - Test","description":"<p>need a knack for programming</p>","url":"https://visweshganesan.freshhr.com/jobs","billing_email":"careers@visweshganesan.freshhr.com","billing_country_iso_code":"IN","iparams":{},"isInstall":true}
  1. @Janani - Just a small clarification here. On hitting this same call via Postman I am getting a proper success response. If the API key is invalid, this CSRF issue should pop up even while hitting a call from Postman right?
    The success response from Postman is of the form:
    "jsonrpc": "2.0",
    "id": null,
    "result": "{\"success\": true, \"job_payment_url\": \"https://test.remotive.io/job/post/393648/preview?access_token=xxxx\", \"job_access_token\": \"xxxx\"}"
  1. This is the REST docs that I am using for reference. Remotive API Documentation: Post a job and pay on Remotive - Google Docs


1 Like

This looks good. You normally get 400 error when you send the data in a wrong format.
But this says session Invalid CSRF, so that’s … tricky!
One thing you can do to debug is to compare what is being passed in your payload vs what is being passed at postman. Specifically look for headers, sometimes we miss some headers which are required hence we get this error.