Skip to content

`/api/v4/usage_data/track_event` returns `403` error when request is made with PAT

Endpoint /api/v4/usage_data/track_event returns 403 error when request is made with PAT.

Background

To track AI telemetry from editor extensions, API request is made with the PAT or OAuth token to authorize the user. Though the endpoint returns the following response:

   "response": {
        "status": 403,
        "headers": {},
        "body": "{\"message\":\"403 Forbidden - Invalid CSRF token is provided\"}"
      }

Sample request

curl https:/gitlab.com/api/v4/usage_data/track_event -X POST -H "Authorization: Bearer glpat-*****" -H 'Content-Type: application/json'