I'm using postman to check json response from my django-rest-framework.
When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like:
{
"key": "99def123123123123d88e15771e3a8b43e71f"
}
But after first try, the other words, from second try it returned
{"detail":"CSRF Failed: CSRF token missing or incorrect."}
(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58
I saw http://kechengpuzi.com/q/s31108075, but it is not proper to my case.
and from http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman
How can i use postman appropriately?
Or Could you recommend other tools to use?
I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.
Your api need CSRF token, you have to add CSRF token to the request(and postman):
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.