web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Request Verification T...
Power Pages
Answered

Request Verification Token - Missing on custom web template

(1) ShareShare
ReportReport
Posted on by dgray304 217
Hello,
 
I'm using a custom web template in Power Pages.  When I run an api call, it fails because the request verification token is not available. 
 
If I use the "Default Studio Template" instead of my custom web template, the API call works.
 
Anyone have an idea how to get that (verification token) generated in my custom web template?  So it is available on every page?
 
Thanks,
Doug
Categories:
Design & build
I have the same question (1)
  • Verified answer
    Jon Unzueta Profile Picture
    Jon Unzueta 1,827 Super User 2025 Season 2 on at
     

    You're encountering a common issue in Power Pages when using custom web templates: the Request Verification Token (__RequestVerificationToken) is missing, which causes API calls to fail due to CSRF protection.

    Here’s how to fix it and ensure the token is available on every page:

     Why it works in the Default Studio Template

    The default template automatically includes the necessary scripts and markup to inject the verification token into the page. Custom templates, however, require you to manually include this logic.

    🛠️ How to include the Request Verification Token in your custom template

    You can use the following approach to retrieve and use the token:

    1. Add the token to your page using Liquid

    In your custom web template, add this snippet inside the <head> or before your script:

    <meta name="csrf-token" content="{{ request.verificationToken }}">

    2. Use the token in your JavaScript API calls

    Here’s a wrapper function using jQuery to include the token:

    function safeAjax(ajaxOptions) {

        var token = $('meta[name="csrf-token"]').attr('content');

        if (!ajaxOptions.headers) {

            ajaxOptions.headers = {};

        }

        ajaxOptions.headers['__RequestVerificationToken'] = token;

        return $.ajax(ajaxOptions);

    }

     

    Then use it like this:

    safeAjax({

        type: "POST",

        url: "/_api/accounts",

        contentType: "application/json",

        data: JSON.stringify({ name: "Test Account" }),

        success: function (res) {

            console.log("Success:", res);

        },

        error: function (err) {

            console.error("Error:", err);

        }

    });

     

    🔐 Alternative: OAuth 2.0 Implicit Grant Flow

    If you're calling external APIs or need more secure authentication, consider using OAuth 2.0 implicit grant flow.

    🏷️ Tag me if you have any further questions or if the issue persists.

    ✅ Click "Accept as Solution" if my post helped resolve your issue—it helps others facing similar problems.
    ❤️ Give it a Like if you found the approach useful in any way.
  • dgray304 Profile Picture
    dgray304 217 on at
    @Jon Unzueta,  Thanks for your response.  Worked like charm.
     
    This is slightly off topic, but related to web template behavior.
     
    Follow up regarding working with web template as master template.
     
    In Power Pages (pPages), once you change your page template from the 'Default Studio Template', the pPages editor is disconnected from the code base.
     
    Anyway to enhance my web template to make it interact with the Power Pages Design Studio (PPDS)?  Other than working in vs code.
     
    Apologies if this follow-up is out of bounds.
     
    Doug
  • Jon Unzueta Profile Picture
    Jon Unzueta 1,827 Super User 2025 Season 2 on at

    When using custom web templates, especially for forms or authenticated actions, you must manually include the Request Verification Token to avoid CSRF (Cross-Site Request Forgery) issues. The default Studio templates handle this automatically, but custom templates require explicit inclusion.

    To fix this, include the following Liquid tag inside your form:

    <input type="hidden" name="__RequestVerificationToken" value="{{ request.verificationToken }}" />
     
    Absolutely right: once you switch from the Default Studio Template to a custom Web Template, PPDS loses its ability to visually render and edit the page. This is by design, as PPDS relies on a specific structure and metadata that custom templates override.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 89 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 75

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans