Sometimes you have to disable the CSRF protection. A common reason for this is because you have an incoming API webhook.

You can exclude URLs from the CSRF middleware by editing app/Http/Middleware/VerifyCsrfToken.

Edit the $except property.

<?php
protected $except = [
  "incoming/api/*",
];