Where should I put the csrfToken? [Solved]

Hi there, I’m trying to implement passbolt on our workspace, but we have to use API for automation on user creation.

I’ve managed to login and get crsfToken, when I GET into ‘/’ it gives me a response 200 OK, so it is logged in and working, I can read all the fields, but when I try to create a group it gives me “403 Forbidden”, “token from either the request body or request headers did not match or is missing.”

What is the sintax for sending the token? I tryed in the header, like this:

  headers: {
    'Content-Type': 'application/json; charset=utf-8',
    'X-CSRF-Token': 'e0e649[...]1939c7'

but it didn’t work…

[EDIT] Solved, don’t know the reason but when I removed the ‘content-type’ from the header it worked…