To further investigate a failing workflow, I wanted to manually trigger the app function it calls using a https request. However, doing just that returns a 403 Forbidden with a missing CSRF token, as expected. What kind of authorization do I need to provide for the request to go through? Please tell me that there is a way that does not involve me going digging for a X-CSRF value in the numerous requests that we send.
Solved! Go to Solution.
in case you want to authenticate your requests to platform APIs from outside the platform, you need to authenticate them via oAuth. If you are an account admin of your environment, you can create an oAuth client in the Account Management UI. Make sure to select "app-engine:apps:run", as this scope is needed for the functions endpoint.