CakePHP4 - Skip CSRF Check for Prefixes With Api
When you have CSRF enabled globally in your Application.php file in CakePHP4, and you want to disable CSRF for prefixes with 'Api', add the following:
In your Application.php file
$csrf->skipCheckCallback(function($request) { ... // Skip token check for API URLs. if ($request->getParam('prefix') === 'Api') { return true; } ... });