Laravel 5.4 post request token mismatch

I am learning to create API in Laravel. I created a CRUD controller, and I have an empty store function:

public function store(Request $request)

When I try to make a post request with Postman I get the token mismatch exception:

"IlluminateSessionTokenMismatchException">TokenMismatchException in
   "/Users/andrei/Desktop/ line 68">VerifyCsrfToken.php line 68

I have no form for the post method to put {{csrf.. }}. How can this be solved? Thank you!

Source: stackoverflow-php

Add JWT token to assets within an iFrame

So I am currently working on merging an old legacy system into a new system. The system loads a .HTML file in an iFrame using an API proxy.


That is secure and nailed down. The only issue is within the .HTML file none of the assets have the token. So when it tries to load an image it looks like this (without a token).


My first answer was to append the token to all URLs within the .HTML file. This worked, however other assets might be loaded in via JavaScripts on the page. So say you have a script called “index.js” it might try and load a file into a div but then that image would not have the token so it return 401.

Is there anyway of intercepting each request between the iFrame and the endpoint to add the token to it?

I am using Laravel/PHP but it doesn’t really matter just as long as the solution is in PHP or JS.


Source: stackoverflow-php

Bitso Api – Building the request

Bitso Say This

HTTP Request


Authorization Header Parameters

Parameter Default Required Description

key – Yes See Creating and Signing Requests

signature – Yes See Creating and Signing Requests

nonce – Yes See Creating and Signing Requests

Body Parameters

Body parameters should be JSON encoded and should be exactly the same as the JSON payload used to construct the signature.

Parameter Default Required Description

amount – Yes The amount of BTC to withdraw from your account

address – Yes The Bitcoin address to send the amount to

My Code Whats Wrong?

    $bitsoKey = "kayhere";
  $bitsoSecret = 'secrethere';
  $nonce = round(microtime(true) * 1000);
  $HTTPMethod = "POST";
  $RequestPath = "/v3/bitcoin_withdrawal/";
  $JSONPayload = "";

  // Create signature
  $message = $nonce . $HTTPMethod . $RequestPath . $JSONPayload;
  $signature = hash_hmac('sha256', $message, $bitsoSecret);

  // Build the auth header
$postData = array(
    'amount' => '0.12216614',
    'address' => '17bj3CkAByaKT8VZdi3zrRHpMJB1ktSHw3',


  $format = 'Bitso %s:%s:%s';
  $authHeader =  sprintf($format, $bitsoKey, $nonce, $signature);

  // Send request
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, '');
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array(
      'Authorization: '.$authHeader,
      'Content-Type: application/json'
  CURLOPT_POSTFIELDS => json_encode($postData);


  $result = curl_exec($ch);

if($result === FALSE){

// Decode the response
$responseData = json_decode($response, TRUE);

// Print the date from the response
echo $responseData['published'];


Source: stackoverflow-php