I am making a request to an endpoint that returns a cookie in the headers, I will use said cookie later in a request that I will pass said cookie as a header. So the steps I need to take are:
1. Make a request to the endpoint that returns the cookie.
2. Make another request to the endpoint where I authenticate with username and password and as header I send the CSRF TOKEN obtained in step 1.
3. I make another request being already authenticated, passing only the Cookie obtained in step 1, said endpoint returns the json that will be the da with which I will work.
What interests me most is being able to obtain the cookie to pass it to the authentication endpoint.
I am currently trying the following to solve the problem in step 1:
let
vUrlGetCSRFTOKEN = "https://my-domain.com/api/csrf-cookie",
TokenBaseUrl = Text.Combine({Uri.Parts(vUrlGetCSRFTOKEN)[Scheme],"://",Uri.Parts(vUrlGetCSRFTOKEN)[Host]}),
TokenRelativePath = Uri.Parts(vUrlGetCSRFTOKEN)[Path],
TokenQuery = Uri.Parts(vUrlGetCSRFTOKEN)[Query],
md = Value.Metadata(Web.Contents(vUrlGetCSRFTOKEN, [
Headers=[Accept="application/json", Connection="keep-alive",
#"Accept-Encoding"="gzip, deflate"],
IsRetry=true
]
))
in
md
But when looking in the headers I don't see the cookie anywhere.
I have previously replicated all this functionality in postman in the following way:
pm.sendRequest({
url: 'https://my-domain.com/api/csrf-cookie', //This is Step 1, GET THE COOKIES
method: 'GET',
headers:{
'Accept': 'application/json',
'Connection':'keep-alive',
'User-Agent': 'PostmanRuntime/7.29.0',
'Accept-Encoding': 'gzip, deflate, br',
},
}, function (error, response, { cookies }) {
console.log("GET COOKIE");
console.log(response);
console.log(cookies);
if (!error) {
pm.environment.set('xsrf-cookie', cookies.get('XSRF-TOKEN'));
pm.sendRequest({
url: 'https://my-domain.com/api/auth',
method: 'POST',
header:{
'X-XSRF-TOKEN': cookies.get('XSRF-TOKEN'),//STEP 2, AUTHENTICATE ME AND PASS THE COOKIE FROM STEP 1
'Accept': 'application/json',
'Connection':'keep-alive',
'User-Agent': 'PostmanRuntime/7.29.0',
'Accept-Encoding': 'gzip, deflate, br',
},
body: {
mode: 'formdata',
formdata: [{
"key": "email",
"value": "email@myemail.com",
},
{
"key": "password",
"value":"111122333"
}]
}
}, async function(err, res){
console.log("RESULT TO LOGIN");
console.log(res);
pm.sendRequest({
url: 'https://my-domain.com/api/get_list', //GET THE DATA TO WORK
method: 'POST',
header:{
'X-XSRF-TOKEN': cookies.get('XSRF-TOKEN'),
'Accept': 'application/json',
'Connection':'keep-alive',
'User-Agent': 'PostmanRuntime/7.29.0',
'Accept-Encoding': 'gzip, deflate, br'
},
body:{
mode:'raw',
raw: JSON.stringify(
{
page: 1,
pageSize: 50,
sort: {},
type: "page"
}
)
}
}, async function(err, res){
console.log("RESULT PBI RESPONSE");
console.log(res);
});
});
}
})
Thank you !
Helpful resources
Join our Fabric User Panel
This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.
Power BI Monthly Update - June 2025
Check out the June 2025 Power BI update to learn about new features.
Fabric Community Update - June 2025
Find out what's new and trending in the Fabric community.
