Geek Answers Handbook

How to use Postman to request Laravel $ _POST

How can I try sending a mail request to a Laravel application using Postman?

Usually, Laravel has a csrf_token , which we must pass with a POST / PUT request. How can I receive and send this value to Postman? Is this even possible without disabling CSRF protection?

+8
laravel postman
source share
4 answers

Edit:

Ah wait, I misunderstood the question. Do you want to do this without disabling CSRF protection? As Bharat Geleda said: you can make a route that returns only the token and manually copy it to the _token field in the postman.

But I would recommend excluding your api calls from CSRF protection, as shown below, and adding some API authentication later.

What version of laravel are you using?

Laravel 5.2 and higher:

Starting with 5.2, the CSRF token is only required on routes with web middleware. So put your api routes outside the group using web middleware.

See the topic “Default Route File” in the documentation for more information .

Laravel 5.1 and 5.2:

You can exclude routes that should not have CSRF protection in the VerifyCsrfToken , for example:

 class VerifyCsrfToken extends BaseVerifier { /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ 'api/*', ]; }

See the section "Excluding URIs from the CSRF Protection Section" for details.

+20
source share

1.You can create a new route to show the csrf token using your controller using the function below. (Use the Get request on the route)

  public function showToken { echo csrf_token(); }

2.Select the Body tab on the postman, and then select x-www-form-urlencoded.
3.Copy the marker and paste in the mail carrier as the value of a key named _token.
4. Complete your URL / Endpoint Submission Request

0
source share

If you save your sessions in Cookies, you can grab a Cookie from the auth request in the Developer Tools.

enter image description here

Copy and paste this cookie into the POSTMAN or Paw request header.

enter image description here

This approach allows you to limit API testing to your current session.

0
source share

In laravel, 5.3. Go to app/Http/Kernel.php find middlewareGroups , then comment on VerifyCsrfToken. Because it runs all the middleware before serving your request.

 protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, ***// \App\Http\Middleware\VerifyCsrfToken::class,*** \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' => [ 'throttle:60,1', 'bindings', ], ];
-2
source share

More articles:


All Articles