REST Web Service ActionController::InvalidAuthenticityToken

I am trying to write a REST web service

testing locally is fine but whane I deploy the server and try test it via curl

curl -i -X POST -H 'Content-Type:application/xml' -d '' http://mytesteddomain.tld/user/posts/createReference.xml

I get an error :

ERROR TYPE: ActionController::InvalidAuthenticityToken

ERROR MESSAGE: ActionController::InvalidAuthenticityToken

I don't have any protection in my app as I put a filter to avoid the login check before_filter :login_required, :except => [ :createReference]

my Apache vhost.conf doesn't block :

<Directory "/var/rails/mytesteddomainname/current/public">    Options FollowSymLinks    AllowOverride None    Order allow,deny    Allow from all </Directory>

where should I start looking for ?

thansk for your help