Webmaster API returning 400 error "Origin and Referer request headers are both abscent/empty"

Alight Analytics 6 Reputation points
2022-01-21T22:30:16.257+00:00

We have been making requests to the Webmaster API for many months now and just recently we've been receiving 400 errors stating "Origin and Referer request headers are both abscent/empty." I cannot find anything in the Webmaster API documentation that refers to this error or tells me what the "origin" and "referer" headers should be since we haven't been using them. I've tried using my app's registered URL as a referer, but I would get the error, "Could not extract anti-forgery token."

Copy of request and response below

< POST /webmasters/oauth/token HTTP/1.1
< Host: www.bing.com
< User-Agent: python-requests/2.22.0
< Accept-Encoding: gzip, deflate
< Accept: */*
< Connection: keep-alive
< referer: channelmix
< Content-Length: 964
< Content-Type: application/x-www-form-urlencoded
<
< client_id=xxxxxxxx&client_secret=xxxxxxxx&grant_type=refresh_token&refresh_token=xxxxxxxxx
> HTTP/1.1 400 Bad Request

> Content-Length: 45

> Vary: Cookie

> Content-Security-Policy: frame-ancestors 'self'

> X-Powered-By: ASP.NET

> X-Cache: CONFIG_NOCACHE

> Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

> X-MSEdge-Ref: Ref A: 23B99E30D7754B7EBD964DE121B7779D Ref B: CHGEDGE1821 Ref C: 2022-01-21T22:21:25Z

> Date: Fri, 21 Jan 2022 22:21:24 GMT

>

Could not extract expected anti-forgery token

Microsoft Advertising API
Microsoft Advertising API
A Microsoft API that provides programmatic access to Microsoft Advertising to manage large campaigns or to integrate your marketing with other in-house systems.
271 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erika Wiedemann 1 Reputation point
    2022-01-24T20:18:30.777+00:00

    Since January 11th I've also started seeing this error, with no resolution. It's been running for many months without any changes on our side.
    I see msads has a new MFA banner here: https://learn.microsoft.com/en-us/advertising/guides/authentication-oauth?view=bingads-13

    However, I've been following https://learn.microsoft.com/en-us/bingwebmaster/oauth2 exactly as written with no luck.

  2. Kyle Thompson 1 Reputation point
    2022-02-03T14:41:25.887+00:00

    This issue is still persisting on our side. Error when exchanging refresh token for Access token on missing origin in request header.

    I have also had no luck finding reference to this in the Webmaster Oauth Documentation.

  3. alex sunny 1 Reputation point
    2022-02-07T14:31:28.447+00:00

    thanks for the awesome information.

  4. Erika Wiedemann 1 Reputation point
    2022-02-24T17:38:54.817+00:00

    I've had total success since Feb 07, with no changes on my part. I am assuming something was fixed within Bing.