Flask thorwing 400 at POST json endpoint

Question

One of my endpoints in a flask app is returning 400 for every request and I have absolutely no idea why.

Can anyone help me understand the issue? Also, is there any tool to debug 400 messages in flask?

This is the request cURL:

curl --location --request POST 'https://vegaz.bet/api/tibiacoin/confirmation' \
--header 'Authorization: Bearer token_here' \
--header 'Content-Type: application/json' \
--header 'Cookie: session_cookie_here' \
--data-raw '{
    "id": "620ef8bafb429c69efca3546",
    "amount": 25,
    "status": "OK",
    "character": "Denis Santos"
}'

This is the endpoint:

@api_blueprint.route("/tibiacoin/confirmation", methods=["POST"])
def tibicoin_withdrawal_confirmation():
    validate headers
    auth_token = request.headers.get("Authorization")
    if auth_token != "Bearer " + os.environ["TOKEN"]:
        response_dict = {"status": False}
        return jsonify(response_dict)

    content = request.get_json()
    withdrawal_id = content["id"]
    withdrawal_status = content["status"]

    if withdrawal_status == "OK":
        withdrawal_object = TibiaWithdrawal.objects(pk=withdrawal_id)[0]
        withdrawal_object.is_processed = True
        withdrawal_object.save()

    response_dict = {"status": True}
    return jsonify(response_dict)

Answer 1

Just figured it out, turns out I was using CRSF protection from flask-WTForms. Since this specific endpoint was an API endpoint, I needed to remove the protection by adding the following code to the view:

from app import csrf

@api_blueprint.route("/tibiacoin/confirmation", methods=["POST"])
@csrf.exempt
def tibicoin_withdrawal_confirmation():
 ...