webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to protect POST/PUT/DELETE/PATCH API using CSRF in API Gateway

  • 1.  How to protect POST/PUT/DELETE/PATCH API using CSRF in API Gateway

    Posted Thu May 22, 2025 04:38 AM

    Hi All,

    We have implemented APIs and secured using BasicAuth and oAuth2 credentials. We have got a situation whereby hosting the script in third-party server and visit the page using previously authenticated browser, it will automatically use the credentials saved in the browser to perform the action.

    The APIs mentioned with the POST/PUT are executed so I want to understand how to protect this APIs using CSRF.

    In the documentation I see Security > CSRF to enable the CSRF but after enabling this I see APIs are failing with CSRF secure token is not present in the request which is good. But how does API Gateway identify the CSRF token and how does the system calling our APIs generate the CSRF token and gateway validate it



    ------------------------------
    Abhijith Parre
    ------------------------------


  • 2.  RE: How to protect POST/PUT/DELETE/PATCH API using CSRF in API Gateway

    Posted 26 days ago

    Any insights on this please.



    ------------------------------
    Abhijith Parre
    ------------------------------

    Original Message


Related Content