topic Re: ISE 3.1 API nonce validation failed in Network Access Control https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858821#M582355 <P>Hi Charlie,&nbsp;</P><P>I'm using postman for my first draft, it is planned to use Azure LogicApps for production.</P><P>I send two requests (POSTMAN Pre-Request Script:)</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="javascript">pm.sendRequest({ url: "https://ISE-URL/ers/config/endpoint", method: 'GET', header: { 'Accept': 'application/json', 'Content-Type': 'application/json', 'X-CSRF-TOKEN': 'fetch' } }, function (err, response) { var responseHeaderXCSRFTOKEN = response.headers.get('X-CSRF-TOKEN'); pm.environment.set("ISE-X-CSRF-TOKEN", responseHeaderXCSRFTOKEN ); } );</LI-CODE><P>&nbsp;</P><DIV><SPAN>than i use the Token within my POST request:</SPAN></DIV><DIV><SPAN>POST&nbsp;<A href="https://ISE-URL/ers/config/endpoint" target="_blank" rel="noopener">https://ISE-URL/ers/config/endpoint</A></SPAN></DIV><DIV><SPAN>with this header:&nbsp;</SPAN></DIV><DIV><SPAN>X-CSRF-TOKEN =&nbsp;{{ISE-X-CSRF-TOKEN}}</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>And i get this response:&nbsp;</SPAN></DIV><DIV><SPAN>code 403&nbsp;</SPAN></DIV><DIV><DIV><DIV><SPAN>CSRF&nbsp;nonce&nbsp;validation&nbsp;failed</SPAN></DIV></DIV></DIV><P>&nbsp;</P><P>&nbsp;</P> Tue, 20 Jun 2023 15:05:16 GMT Ralf Fischer 2023-06-20T15:05:16Z ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858788#M582346 <P>Hi all,&nbsp;</P><P>I want to add new Endpoints via API. I'm using this endpoint:&nbsp;</P><P><STRONG>POST /ers/config/endpoint</STRONG></P><P><SPAN>The system needs a X-CSRF-TOKEN header. I get this Token before sending the POST Request via <STRONG>GET&nbsp;/ers/config/endpoint</STRONG> with the following headers:&nbsp;</SPAN></P><DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>'Accept'</SPAN><SPAN>:&nbsp;</SPAN><SPAN>'application/json'</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>'Content-Type'</SPAN><SPAN>:&nbsp;</SPAN><SPAN>'application/json'</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>'X-CSRF-TOKEN'</SPAN><SPAN>:&nbsp;</SPAN><SPAN>'fetch'</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>I get a proper Token within the response. If I use this token for my POST request i get a 403 forbidden response with the following response body:&nbsp;</SPAN>&nbsp;</DIV><DIV><DIV><STRONG>CSRF&nbsp;nonce&nbsp;validation&nbsp;failed</STRONG></DIV><DIV>&nbsp;</DIV><DIV>Thank you for your help in advance!</DIV><DIV>Best,</DIV><DIV>Ralf</DIV></DIV></DIV><P>&nbsp;</P> Tue, 20 Jun 2023 14:15:36 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858788#M582346 Ralf Fischer 2023-06-20T14:15:36Z Re: ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858814#M582352 <P>How are you sending the request?&nbsp; Postman, CURL, etc.?<BR />What do you mean you are sending a POST via GET?&nbsp; Those are two different requests.<BR /><BR /></P> <PRE>To use `curl` you would send<BR />curl --include --insecure --location \<BR />--header 'Content-Type:application/json' \<BR />--header 'Accept: application/json' \<BR />--user $ise_username:$ise_password \<BR />--request POST https://$ise_address/ers/config/endpoint&nbsp;\<BR />--data '<BR />{<BR />&nbsp;&nbsp;<SPAN>"ERSEndPoint"</SPAN><SPAN>&nbsp;:&nbsp;{<BR /></SPAN>&nbsp;&nbsp;&nbsp;&nbsp;<SPAN>"name"</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>"MyEndpoint"</SPAN><SPAN>,<BR /></SPAN>&nbsp;&nbsp;&nbsp;&nbsp;<SPAN>"description"</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>"MyEndpoint"</SPAN><SPAN>,<BR /></SPAN>&nbsp;&nbsp;&nbsp;&nbsp;<SPAN>"mac"</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>"11:22:33:44:55:66"</SPAN><SPAN>,<BR /></SPAN>&nbsp;&nbsp;&nbsp;&nbsp;<SPAN>"groupId"</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>"aa13bb40-8bff-11e6-996c-525400b48521"</SPAN><SPAN>,<BR /></SPAN>&nbsp;&nbsp;&nbsp;&nbsp;<SPAN>"staticGroupAssignment"</SPAN><SPAN>&nbsp;:&nbsp;</SPAN><SPAN>true<BR /></SPAN>&nbsp;&nbsp;}<BR />}</PRE> <DIV> <DIV>&nbsp;</DIV> <DIV>Visit <A href="https://cs.co/ise-api" target="_blank">https://cs.co/ise-api</A>&nbsp;for more information</DIV> </DIV> <P>&nbsp;</P> Tue, 20 Jun 2023 14:52:51 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858814#M582352 Charlie Moreton 2023-06-20T14:52:51Z Re: ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858821#M582355 <P>Hi Charlie,&nbsp;</P><P>I'm using postman for my first draft, it is planned to use Azure LogicApps for production.</P><P>I send two requests (POSTMAN Pre-Request Script:)</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="javascript">pm.sendRequest({ url: "https://ISE-URL/ers/config/endpoint", method: 'GET', header: { 'Accept': 'application/json', 'Content-Type': 'application/json', 'X-CSRF-TOKEN': 'fetch' } }, function (err, response) { var responseHeaderXCSRFTOKEN = response.headers.get('X-CSRF-TOKEN'); pm.environment.set("ISE-X-CSRF-TOKEN", responseHeaderXCSRFTOKEN ); } );</LI-CODE><P>&nbsp;</P><DIV><SPAN>than i use the Token within my POST request:</SPAN></DIV><DIV><SPAN>POST&nbsp;<A href="https://ISE-URL/ers/config/endpoint" target="_blank" rel="noopener">https://ISE-URL/ers/config/endpoint</A></SPAN></DIV><DIV><SPAN>with this header:&nbsp;</SPAN></DIV><DIV><SPAN>X-CSRF-TOKEN =&nbsp;{{ISE-X-CSRF-TOKEN}}</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>And i get this response:&nbsp;</SPAN></DIV><DIV><SPAN>code 403&nbsp;</SPAN></DIV><DIV><DIV><DIV><SPAN>CSRF&nbsp;nonce&nbsp;validation&nbsp;failed</SPAN></DIV></DIV></DIV><P>&nbsp;</P><P>&nbsp;</P> Tue, 20 Jun 2023 15:05:16 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4858821#M582355 Ralf Fischer 2023-06-20T15:05:16Z Re: ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4859104#M582373 <P>Can you please confirm if in the POST request, you are passing the session cookie along with token to tie the sessions together.</P> Wed, 21 Jun 2023 03:58:59 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4859104#M582373 poongarg 2023-06-21T03:58:59Z Re: ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4859136#M582379 <P>Yes I can confirm that i pass two cookies along with my token:</P><LI-CODE lang="markup">APPSESSIONID=6E19EB596609FC58E304064CFF5C4AA3; JSESSIONIDSSO=B7BF6BC8BD33A0C8E6F331445B01EAB8</LI-CODE> Wed, 21 Jun 2023 06:24:12 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4859136#M582379 Ralf Fischer 2023-06-21T06:24:12Z Re: ISE 3.1 API nonce validation failed https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4861677#M582446 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1535057">@Ralf Fischer</a> See this old post <A href="https://community.cisco.com/t5/network-access-control/x-csrf-token-handling/m-p/3801507#M23756" target="_blank">Solved: Re: X-CSRF-TOKEN handling - Cisco Community</A></P> Sat, 24 Jun 2023 03:21:54 GMT https://community.cisco.com/t5/network-access-control/ise-3-1-api-nonce-validation-failed/m-p/4861677#M582446 hslai 2023-06-24T03:21:54Z