CSRF token mismatch error when calling api.php routes with swagger

Question

please note this question is about api routes in api.php which dont have CSRF protection , i know how CSRF works but im not using web routes here so there shouldnt be any CSRF check

im writing a backend api for a vue application , im trying to use swagger instead of postman for api documentation and testing

my backend is php/laravel and im using a json file to run my swagger

for some reason when i test my api routes with swagger i get CSRF token mismatch error

curl -X 'POST' \
  'http://127.0.0.1:8000/api/v1/csadmin/partners/create' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {token}' \
  -H 'Content-Type: application/json' \
  -H 'X-CSRF-TOKEN: ' \
  -d '{
  "name": "ourpartner",
  "contact_name": "contact_ourpartner",
  "email": "ourpartner@gmail.com",
  "country_id": 1,
  "city": "santa monica",
  "zip_code": "1234",
  "phone": "+14845101873",
  "address": "some address",
  "membership_status": "a"
}'

Request URL

http://127.0.0.1:8000/api/v1/csadmin/partners/create

response

419
Undocumented
Error: unknown status

Response body
Download
{
  "message": "CSRF token mismatch.",
  "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
  "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
  "line": 379,
  "trace": [
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
      "line": 353,
      "function": "prepareException",
      "class": "Illuminate\\Foundation\\Exceptions\\Handler",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Pipeline.php",
      "line": 51,
      "function": "render",
      "class": "Illuminate\\Foundation\\Exceptions\\Handler",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 185,
      "function": "handleException",
      "class": "Illuminate\\Routing\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Session\\Middleware\\StartSession.php",
      "line": 121,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Session\\Middleware\\StartSession.php",
      "line": 64,
      "function": "handleStatefulRequest",
      "class": "Illuminate\\Session\\Middleware\\StartSession",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Session\\Middleware\\StartSession",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse.php",
      "line": 37,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\EncryptCookies.php",
      "line": 67,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\sanctum\\src\\Http\\Middleware\\EnsureFrontendRequestsAreStateful.php",
      "line": 26,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 162,
      "function": "Laravel\\Sanctum\\Http\\Middleware\\{closure}",
      "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 116,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\sanctum\\src\\Http\\Middleware\\EnsureFrontendRequestsAreStateful.php",
      "line": 34,
      "function": "then",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 116,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
      "line": 726,
      "function": "then",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
      "line": 703,
      "function": "runRouteWithinStack",
      "class": "Illuminate\\Routing\\Router",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
      "line": 667,
      "function": "runRoute",
      "class": "Illuminate\\Routing\\Router",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
      "line": 656,
      "function": "dispatchToRoute",
      "class": "Illuminate\\Routing\\Router",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
      "line": 167,
      "function": "dispatch",
      "class": "Illuminate\\Routing\\Router",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 141,
      "function": "Illuminate\\Foundation\\Http\\{closure}",
      "class": "Illuminate\\Foundation\\Http\\Kernel",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
      "line": 21,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull.php",
      "line": 31,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
      "line": 21,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TrimStrings.php",
      "line": 40,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize.php",
      "line": 27,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance.php",
      "line": 86,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\HandleCors.php",
      "line": 62,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Http\\Middleware\\HandleCors",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\TrustProxies.php",
      "line": 39,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 180,
      "function": "handle",
      "class": "Illuminate\\Http\\Middleware\\TrustProxies",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
      "line": 116,
      "function": "Illuminate\\Pipeline\\{closure}",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
      "line": 142,
      "function": "then",
      "class": "Illuminate\\Pipeline\\Pipeline",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
      "line": 111,
      "function": "sendRequestThroughRouter",
      "class": "Illuminate\\Foundation\\Http\\Kernel",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\public\\index.php",
      "line": 52,
      "function": "handle",
      "class": "Illuminate\\Foundation\\Http\\Kernel",
      "type": "->"
    },
    {
      "file": "C:\\wamp64\\www\\myproject\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\resources\\server.php",
      "line": 16,
      "function": "require_once"
    }
  ]
}

same route works fine in postman

i've no idea what is going on

here is som dummy text to get rid of It looks like your post is mostly code; please add some more details. error SO is giving me

Answer 1

i also faced same problem. After checking through all round i found series of solution depending on the laravel version.

for older versions you may try. Add it to the web route

Route::group(['middleware' => 'web'], function () {
Route::get('api/documentation', '\L5Swagger\Http\Controllers\SwaggerController@api')->name('l5swagger.api');

});

For Laravel 8. Add the code below to your l5swagger.php. default-route-middleware-api

\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,

Answer 2

Fixed this issue by updating file app/Http/Middleware/VerifyCsrfToken.php

Add /api/* item to $except array:

protected $except = [
  "/api/*"
];