DeviantArt API now requires CSRF token #55

y-young · 2022-10-31T15:54:00Z

Describe the bug
DeviantArt API (https://www.deviantart.com/_napi/da-user-profile/shared_api/deviation/extended_fetch?type=art&deviationid=) now requires a valid CSRF token to be passed via csrf_token parameter.

To Reproduce
Steps to reproduce the behavior:

Send GET request to https://www.deviantart.com/_napi/da-user-profile/shared_api/deviation/extended_fetch?type=art&deviationid=93506493
Returns error:

{
  "error": "invalid_request",
  "errorDescription": "Invalid or expired form submission",
  "errorDetails": {
    "csrf": "missing"
  },
  "status": "error"
}

Expected behavior
Should be able to get deviation details.

Additional context

An invalid CSRF token will return:

{
  "error": "invalid_request",
  "errorDescription": "Invalid or expired form submission",
  "errorDetails": {
    "csrf": "invalid"
  },
  "status": "error"
}

A valid token can be obtained by visiting the home page and retrieving from window.__CSRF_TOKEN__ ([deviantart] KeyError: 'deviation' mikf/gallery-dl#2983)
CSRF token must be used along with the cookies returned (userinfo), otherwise will be considered invalid
A valid token can be reused during multiple requests, expiration time is yet unknown

The text was updated successfully, but these errors were encountered:

y-young added the upstream Something not on our side label Oct 31, 2022

y-young self-assigned this Oct 31, 2022

y-young closed this as completed in ea5b5d1 Nov 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DeviantArt API now requires CSRF token #55

DeviantArt API now requires CSRF token #55

y-young commented Oct 31, 2022 •

edited

Loading

DeviantArt API now requires CSRF token #55

DeviantArt API now requires CSRF token #55

Comments

y-young commented Oct 31, 2022 • edited Loading

y-young commented Oct 31, 2022 •

edited

Loading