Using Write API with cookie auth

You were correct. I wasn't passing on a CSRF-token. Now everything works ok. The documentation about CSRF-tokens is very sketchy. It's documented in some places that you need tokens, but not in other places.

From what I can find I can only get the CSRF-token from the /api/config endpoint. Are there other options?

Also after working with this and finding basically no documentation on CSRF-tokens I am leaning on using bearer-auth to access the API instead. Which method is the most stable, bearer-auth or cookies?

Hi

I've managed to login to NodeBB via the API and I am using cookies to store the session.
I can also read data from the API using this cookie to authenticate myself.

But when I try to use the /api/v3/ write API functions to write stuff to NodeBB I get an error "Forbidden".
If I use Bearer-authentication everything works ok.

The documentation says cookie auth should be enough. But is this trure?

OK: curl --request PUT -H "Authorization: Bearer 123456-b123-1234-1234-123123123123" --header 'Content-Type: application/json' --data '{"delta":1}' https://www.mynodebbthing.com/api/v3/posts/123/vote

NOT OK: curl --request PUT --cookie "express.sid=s:kYz-N-SAiyq_DNtjPep6Msq3x2eEW_o.IXPlo3AaW5jxQCZ97G1rNvhjUU; Path=/; HttpOnly; Secure; SameSite=Lax" https://www.mynodebbthing.com/api/v3/posts/123/vote