Skip to content

Jenkins RestAPI call with Error 403 No valid crumb was included in the request


Reasons behind Error 403

When making a RestAPI call to Jenkins, a crumb is required to authenticate the request. A crumb is a unique token generated by Jenkins to prevent cross-site request forgery (CSRF) attacks. CSRF attacks are malicious activities that exploit the user’s session to perform unauthorized actions on their behalf. Jenkins uses crumb tokens to ensure that the request is coming from a trusted source.

Method 1: Disable Cross-Site Request Forgery (CSRF) Protection

Under “Configure Global Security” in Jenkins, uncheck the “Prevent Cross Site Request Forgery exploits” option.

Method 2: Include CRUMB in Request

Obtain the user’s API token


Click “show API Token” to view the token, which we will call API_TOKEN.

Calculate the CRUMB

CRUMB=$(curl -s 'http://USER:API_TOKEN@Jenkins_IP:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

Include the CRUMB information in the request

curl -X POST -H "$CRUMB" http://USER:API_TOKEN@Jenkins_IP:8080/reload

  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback, replace # with @