Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CSRF token verification failed when using external API in Script Runner (Jira Data Center)

Ekaterina Berezutskaya
Ekaterina Berezutskaya July 19, 2025

I’m using external API in Script Runner (Jira Data Center).

  1. I need to get a csrf-token from an external system using GET method
  2. Then I have to use this token (obtained from GET method) in POST method

I have groovy scrip which I run from the console:

 

final url = "remote link"

final String username = "xxx user"

final String password = "xxx password"

final json = """

{

    "xxx": "x",

    "yyy": "y",

    "zzz": 1111

}

"""

String token = null

//getting csrf-token. GET returns token in Headers

try

{

    final URL get = new URL(url)

    final HttpURLConnection connection = (HttpURLConnection) get.openConnection()

    connection.setRequestMethod("GET")

    connection.doOutput = true

 

    connection.setRequestProperty('Content-Type', 'application/json')

    connection.setRequestProperty('Accept', 'application/json')

    String authString = "${username}:${password}"

    String authStringEncoded = authString.bytes.encodeBase64().toString()

    connection.setRequestProperty('Authorization', "Basic ${authStringEncoded}")

    connection.setRequestProperty('x-csrf-token', 'fetch')

    connection.connect()

    def res = connection.getResponseCode();

    if(res.equals(200) || res.equals(201)) 

    { 

        token = connection.getHeaderField('x-csrf-token')

    }

    connection.disconnect()

}

catch(Exception ex)

{

    log.error(ex.message)

}

if (token == null){

    return    

}

//POST

try{

    final URL post = new URL(url)

    final HttpURLConnection connection = (HttpURLConnection) post.openConnection()

    connection.setRequestMethod("POST")

    connection.doOutput = true

    connection.setRequestProperty('Content-Type', 'application/json')

    connection.setRequestProperty('Accept', 'application/json')

    String authString = "${username}:${password}"

    String authStringEncoded = authString.bytes.encodeBase64().toString()

    connection.setRequestProperty('Authorization', "Basic ${authStringEncoded}")

    //token

    connection.setRequestProperty('x-csrf-token', token)

    connection.getOutputStream().write(json.getBytes("UTF-8"))

    connection.connect()

    

    def postRC = connection.getResponseCode();

    log.warn(postRC)

    if(postRC.equals(200)) 

    { 

        log.info(connection.getInputStream().getText());

    }

    connection.disconnect()

}

catch(Exception ex1)

{

    log.error(ex1.message)

}

POST method returns an error 401: CSRF token verification failed.

I suspect that after closing the GET connection, the token becomes invalid and I can't use it in the POST request. Does anyone know how to solve this problem?

Answer
Watch
Like John Funk likes this
110 views

1 answer

1 accepted

2 votes
Answer accepted
Ekaterina Berezutskaya
Ekaterina Berezutskaya July 20, 2025

UPD. I found a solution. In this case, I had to use the HttpClient class instead of the HttpURLConnection class

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security