Bad CSRF Token when attempting to whitelist hashes from API

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Bad CSRF Token when attempting to whitelist hashes from API

L1 Bithead

Hey everyone,


We are trying to whitelist a bulk of hashes using the Cortex XDR API (because the UI isn't working, we have an open case with support). The request always return the same error:




400 Bad CSRF Token

Access is denied. This server can not verify that your cross-site request forgery token belongs to your login session. Either you supplied the wrong cross-site request forgery token or your session no longer exists. This may be due to session timeout or because browser is not supplying the credentials required, as can happen when the browser has cookies turned off.

check_csrf_token(): Invalid token


This error ONLY shows up when we attempt to whitelist hashes. We can retrieve incidents and alerts using the same code (and hence same API key and ID) without any problem. The image below shows that it has key should be able to update the allow list.




The url: "https://api-{domain}/public_api/v1/hash_exceptions/allow_list/"


Any ideas are appreciated!


P.S. This is the error from the UI




L1 Bithead

I see the same behaviour

L1 Bithead

This is a documentation problem.  The correct path is 







  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!