Jenkins "Error 403 No valid crumb was included in the request"

Question

I am trying to trigger a Jenkins build by post request from my Windows computer, using the following commands.

First, I obtain the crumb using...

curl http://JENKINS-URL/crumbIssuer/api/xml?xpath=//crumb

The response is this...

<crumb>string-of-digits<\crumb>

I then use the command

curl -u USERNAME:PASSWORD -X POST -H "Jenkins-Crumb:string-of-digits" http://JENKINS-URL/job/my-job/buildWithParameters?token=my-token

The username is correct, the password is correct, the crumb is exactly the string of digits that I got from the first command (everything between the crumb> at the beginning and <\crumb> at the end), the token matches the token I have specified in Jenkins. But still, I am getting the response

Error 403 No valid crumb was included in the request

In Configure Global Security -> CSRF Protection, I also have "Enable proxy compatibility" checked and am using "Default Crumb Issuer".

Does it look like I am missing anything here? Forgetting any steps? Improperly formatted commands? Anything else you might be able to think of?

I have followed the steps and formatted my command like the solution here as well, and still no luck..

https://linuxacademy.com/community/posts/show/topic/28964-no-valid-crumb-was-included-in-the-request

In addition to this, I have also tried saving the cookies from the first request to get the crumb, and then I pass the file I saved the cookies to into the second curl command, see below for the command. Still I am getting the 403 No valid crumb...

Here are the commands using cookies...

wget --keep-session-cookies --save-cookies cookies.txt --auth-no-challenge --user admin --password my_password -q --output-document - http://JENKINS-URL/crumbIssuer/api/xml?xpath=//crumb

curl --cookie cookies.txt -u admin:my_password -H "JenkinsCrumb: string-of-digits-from-stdout" -X POST http://JENKINS-URL/job/my-job/buildWithParameters?token=my-token

Answer 1

I have finally discovered the answer. I thought that I could specify my actual account password, but it turns out that I needed to use an API token to authenticate. Using the API token instead of my password on the above commands with cookies allowed me to trigger my build remotely.