Hi Wayne,

Yes, there have been some changes in how we handle API POSTs, specifically dealing with CSRF.

https://www.labkey.org/Documentation/wiki-page.view?name=csrfProtection

For your API calls to work, you need to pass a CSRF token if your CSRF settings in the Admin Console > Site Settings are set to "ALL POST REQUESTS". You can temporarily set it to "Admin Only" to eliminate the need to do this. However, in LabKey 19.1, this option will no longer be available and all POSTs will require a CSRF token to be passed.

Regards,

Jon