Ask a Question

CSRF Token login

New Contributor

CSRF Token login

Hi all,

I am new to SOAPUI and API testing. I would like to try API testing. However, I have struggled with csrf token issues.

Basically, I want to test the web app which is frontend Angular web app with xsrf token. Whenever I try to Get XSRF token generate and the token generate dynamically(every time change.). I have researched and come up with the approach below.


1. Post request (log in)

2. Get access token and transfer to next step

3. Get response.


However, I have no ideas that how to input ID and Password then Get dynamic token and transfer to next steps.

Can you share some idea?

Thanks in advance.

Occasional Visitor

I have a similar issue. I am trying to do some API testing too. Please let me know if you got this issue resolved. I am using ReadyAPI 2.2.0

Super Contributor

Can you show the response and the values that you want to transfer to a following request?


The documentation includes an example using property transfers

New Contributor

Hi sorry for late reply.

I tried to follow the link, but it was not quite good to me.

our application using Gem "ng-rails-csrf". Any idea of a deal with it?



Super Contributor

You probably need to add header/ your request.

Do you know the required header name and values that should be transferred?


Some similar examples here

New Contributor

Yes Whenever I do request or something, the XSRF-Token value is dynamically changed in each time. 

I am struggling with to transfer XSRF-Token value to next steps. 


Anyways to catch the dynamic values? 


Super Contributor

On the Response Headers tab is there a header named "x-csrf-token" or similar?



Step 2 from the example in the link above uses a groovy script step to transfer the header value to a test case property.

Then in Step 3 use that value for the next request header.


Is that the value you need to transfer?

New Contributor

This is an old thread, but I have a similar issue. So I want to know if anyone has a good answer to this question.


I am working on a project using Collibra REST APIs. The POST /auth/sessions request will only return a csrfToken with random value. I am not sure how this token is used for other methods. I have enable the option "Maintain HTTP session". I am not sure if the cookie is going to help with anything. When I try to do something, for example, POST /domains to create a new domain object, it consumes the body but there is no header required. Any idea?


I did ask the question in the Collibra community. No helpful answer is provided because the APIs are working fine with the Swagger UI that they offer. I just can't get it to work in the ReadyAPI.




I got it resolved. I am using 2.3.0 ReadyAPI with a licensed Soap UI.


If I run the tests from the beginning to the end, it works fine. If I want to test each request independently, then it will have issue.

Showing results for 
Search instead for 
Did you mean: