CSRF check failed

I was trying to use provisioning api to search a user by url
http://admin:secret@example.com/ocs/v1.php/cloud/users?search
by shows CSRS check failed .
I searched the reason is OCS-APIRequest header to be set true`
but how and where to set it?

Are you using curl? Because then the parameter

--header "OCS-APIRequest: true"

should be used in your curl command. Basically the same parameter can be used in any type of connector you use for the API.

curl will tell me

status code 907
message current user is not logged in

then I tried curl -s http://localhost/nextcloud/index.php/login -c cookiefile -d “user=xxx&password=xxx”
nothing happened ,
still not logged.

Thanks! works with curl -u username:password -X GET ‘https://example.com/abcdefg…’ -H “OCS-APIRequest: true”
But I acutually want to call it from outside. by Ajax .
but seems doesn’t work

even I set headers{
“OCS-APIRequest”:“true”
}

from the tutorial
https://docs.nextcloud.com/server/12/developer_manual/app/tutorial.html?highlight=ajax

I think I can modify some source code to add@NoCSRFRequired

anyone think it will work?

please help

@tflidd maybe you have insight?