API Authentication Issues

I have a GET endpoint which requires user to be logged in so I have set allow_guest=False. I have another POST endpoint which is hit by an external form, but no authentication is required hence I have set allow_guest=True.

I get a 400 Status (Bad Request) everytime I do a POST and when I am logged in to Frappe. If I log out and try the POST request it’s 200 OK. Why such a strange behaviour?

Is there anything I need to take care of, with respect to session ??

Please check data payload!

@saurabh6790 I analyzed the network request in both cases and the difference is only

curl 'http://path.to.method' -H 'Cookie: io=-LSQ....; user_image=; user_id=Guest; system_user=yes; full_name=Guest; sid=Guest' 


curl 'http://path.to.method' -H 'Cookie: io=0TFlLHl8s....; user_image=; user_id=Administrator; system_user=yes; full_name=Administrator; sid=b69.....' 

Can I change frappe.session.sid ? That’s the only thing which I changed in both curl request and it worked.

This looks like CSRF token. Can I disable it using frappe.conf['ignore_csrf'] = True

Hi MR karan
did you solve it , i am facing same issue i have created the page and want to use whitelist method in JS but once i login and try it says bad request and if i do without login the it works as allowguest is true i need access it after login.
Please help