REST Web Service ActionController::InvalidAuthenticityToken

I am trying to write a REST web service

testing locally is fine but whane I deploy the server and try test it
via curl

curl -i -X POST -H 'Content-Type:application/xml' -d ''
http://mytesteddomain.tld/user/posts/createReference.xml

I get an error :

ERROR TYPE: ActionController::InvalidAuthenticityToken

ERROR MESSAGE: ActionController::InvalidAuthenticityToken

I don't have any protection in my app as I put a filter to avoid the
login check
before_filter :login_required, :except => [ :createReference]

my Apache vhost.conf doesn't block :

<Directory "/var/rails/mytesteddomainname/current/public">
   Options FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

where should I start looking for ?

thansk for your help