Passing csrf token when making PATCH/POST request to API

[mattailor007]

Dear community,

I need to send a csrf token in the header when making a PATCH/POST request to our API.

The token I get via a GET request which works without issues.

But how to add the csrf token so that the llm can make a corresponding call to update entries?

Would using a TrackedRequestsWrapper be the recommended way to go?

 auth = HTTPBasicAuth(
              username=user,
              password=pw
             )
  request_wrapper_raw = TrackedRequestsWrapper(
      headers={'X-CSRF-TOKEN': x_csrf_token}
  )
  requests_wrapper = auth(request_wrapper_raw)

Thanks a lot for the input!

[dosubot[bot]]

🤖

Hello,

To add a CSRF token to the header for a PATCH/POST request to your API using the LangChain framework, you can modify the _MockTextRequestsWrapper class that is used in the RequestsPatchTool and RequestsPostTool classes. The _MockTextRequestsWrapper class should have a method to add headers to the requests it makes, and you can use this to add the CSRF token.

Here is an example of how you might modify the _MockTextRequestsWrapper class to add a CSRF token to the headers:

class _MockTextRequestsWrapper(TextRequestsWrapper):
    @staticmethod
    def post(url: str, data: Dict[str, Any], headers: Dict[str, Any] = None, **kwargs: Any) -> str:
        if headers is None:
            headers = {}
        headers['X-CSRFToken'] = 'your_csrf_token'
        # rest of the method...

    @staticmethod
    async def apost(url: str, data: Dict[str, Any], headers: Dict[str, Any] = None, **kwargs: Any) -> str:
        if headers is None:
            headers = {}
        headers['X-CSRFToken'] = 'your_csrf_token'
        # rest of the method...

    @staticmethod
    def patch(url: str, data: Dict[str, Any], headers: Dict[str, Any] = None, **kwargs: Any) -> str:
        if headers is None:
            headers = {}
        headers['X-CSRFToken'] = 'your_csrf_token'
        # rest of the method...

    @staticmethod
    async def apatch(url: str, data: Dict[str, Any], headers: Dict[str, Any] = None, **kwargs: Any) -> str:
        if headers is None:
            headers = {}
        headers['X-CSRFToken'] = 'your_csrf_token'
        # rest of the method...

In the context shared, there is no mention or usage of a TrackedRequestsWrapper, so I can't definitively say whether it would be the recommended approach.

Also, the LangChain framework does have a built-in method for adding headers to requests. This is done in the from_llm_and_api_docs class method of the APIChain class. The headers parameter is an optional dictionary that can be passed to this method. This headers dictionary is then passed to the TextRequestsWrapper when it is instantiated, which is used for making the actual requests.

Here is the relevant code:

@classmethod
def from_llm_and_api_docs(
    cls,
    llm: BaseLanguageModel,
    api_docs: str,
    headers: Optional[dict] = None,
    api_url_prompt: BasePromptTemplate = API_URL_PROMPT,
    api_response_prompt: BasePromptTemplate = API_RESPONSE_PROMPT,
    **kwargs: Any,
) -> APIChain:
    """Load chain from just an LLM and the api docs."""
    get_request_chain = LLMChain(llm=llm, prompt=api_url_prompt)
    requests_wrapper = TextRequestsWrapper(headers=headers)
    get_answer_chain = LLMChain(llm=llm, prompt=api_response_prompt)
    return cls(
        api_request_chain=get_request_chain,
        api_answer_chain=get_answer_chain,
        requests_wrapper=requests_wrapper,
        api_docs=api_docs,
        **kwargs,
    )

In this code, requests_wrapper = TextRequestsWrapper(headers=headers) is where the headers are passed to the TextRequestsWrapper instance.

I hope this helps! Let me know if you have any other questions.

Sources

• libs/langchain/langchain/chains/api/base.py
• libs/langchain/tests/unit_tests/tools/requests/test_tool.py
• libs/langchain/langchain/utilities/requests.py

---

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[mattailor007]

@dosu-bot Thanks a lot for the detailed input! I will definitely try this today!