Andrew Fletcher published: 16 May 2022 (updated) 19 May 2022 1 minute read
To get the X-CSRF token, first, you need to login as a member. Follow the steps outlined under User options - login, logout and user details.
Calling a query
The query string is: {domain}/rest/session/token
See the notes on set-up, for the staging and production URLs. Using the current staging URL in the set-up screen, as an example of the query string using the following criteria
Replacing the following variables:
- {domain} ~ your-site.com
https://your-site.com/rest/session/tokenNote, in Drupal 9 the path above doesn't work anymore. Instead use session/token as follows:
https://your-site.com/session/token
Headers
Do not send any headers in this query.
Example of the body output
X-2tk2nOwtKtrgJjxCfeyNwfayP25X9IdPUnW4D9ScU
Related articles
Andrew Fletcher
•
04 Apr 2025
Managing .gitignore changes
When working with Git, the .gitignore file plays a critical role in controlling which files and folders are tracked by version control. Yet, many developers are unsure when changes to .gitignore take effect and how to manage files that are already being tracked. This uncertainty can lead to...
Andrew Fletcher
•
26 Mar 2025
How to fix the ‘Undefined function t’ error in Drupal 10 or 11 code
Upgrading to Drupal 10.4+ you might have noticed a warning in their code editor stating “Undefined function ‘t’”. While Drupal’s `t()` function remains valid in procedural code, some language analysis tools — such as Intelephense — do not automatically recognise Drupal’s global functions. This...
Andrew Fletcher
•
17 Mar 2025
Upgrading to PHP 8.4 challenges with Drupal contrib modules
The upgrade from PHP 8.3.14 to PHP 8.4.4 presents challenges for Drupal 10.4 websites, particularly when dealing with contributed modules. While Drupal core operates seamlessly, various contrib modules have not yet been updated to accommodate changes introduced in PHP 8.4.x. This has resulted in...