@hnipps said in Invalid CSRF token when authenticating via third-party app: I'm trying to use NodeBB as a headless forum (i.e. just a REST API with a separate front end) but keep getting an "invalid csrf token" error when I try to authenticate. I've confirmed I can authenticate via the NodeBB UI on the same instance. I've also tried getting the NodeBB config and using the csrf token from there in my requests but it still does not work. My frontend is a NextJS app that rewrites all /api/:path* requests to http://<MY-NODE-BB-INSTANCE>/api/:path*. It also rewrites the auth paths. I can see the requests reach NodeBB but always get "invalid csrf token". I've verified that I can successfully call GET endpoints from my app, e.g. I can get the user list from /api/users. This is a 2 yr old thread, but @hnipps have you gone any further with the React/NextJS frontend with a headless nodebb? If you have made any progress I would love to contribute on the frontend build. It is daunting to start as a new project but if any foundations were laid I would love to jump in and build upon it.