← Back to Scraping Central
Practice target. A fake marketplace built for scraping practice, no real businesses, people, or prices. View the matching lesson at Scraping Central / Learn.

Catalog108 / challenges / api/auth/csrf-form

Dynamically-extracted CSRF token

intermediate Matching curriculum →

What this challenge teaches

Teaches: Fetch the CSRF token from /challenges/api/auth/csrf-form?json=1, send it back on POST.

Expected output: GET ?json=1 → grab csrf → POST with _csrf=<token> → "Form accepted".

Submit your scraper's JSON output to /challenges/api/auth/csrf-form/grade (grader endpoint is part of a later phase; URL is reserved now).

Current token: 166c478f7824c27581513d6739487e90

# 1. GET the JSON endpoint for the current CSRF token
import requests
s = requests.Session()
token = s.get("https://practice.scrapingcentral.com/challenges/api/auth/csrf-form?json=1").json()["csrf"]

# 2. POST it back
r = s.post("https://practice.scrapingcentral.com/challenges/api/auth/csrf-form",
           data={"_csrf": token, "value": "anything"})
print(r.status_code, r.text)