Jenkins RestAPI call with Error 403 No valid crumb was included in the request
Reasons behind Error 403
When making a RestAPI call to Jenkins, a crumb is required to authenticate the request. A crumb is a unique token generated by Jenkins to prevent cross-site request forgery (CSRF) attacks. CSRF attacks are malicious activities that exploit the user’s session to perform unauthorized actions on their behalf. Jenkins uses crumb tokens to ensure that the request is coming from a trusted source.
Method 1: Disable Cross-Site Request Forgery (CSRF) Protection
Under “Configure Global Security” in Jenkins, uncheck the “Prevent Cross Site Request Forgery exploits” option.
Method 2: Include CRUMB in Request
Obtain the user’s API token
Click “show API Token” to view the token, which we will call API_TOKEN.
Calculate the CRUMB
CRUMB=$(curl -s 'http://USER:API_TOKEN@Jenkins_IP:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
Include the CRUMB information in the request
curl -X POST -H "$CRUMB" http://USER:API_TOKEN@Jenkins_IP:8080/reload