How to disable a Jenkins job via curl?

No valid crumb means your Jenkins installation has a security option enabled which prevent requests send in a standard way to avoid one-click attacks. You can't use Jenkins CLI either, because it doesn't work yet.

Here are the steps using curl (replace localhost with your Jenkins address):

1. Note your user API Token (from /user/USER/configure).

2. Get your crumb:

   CRUMB=$(curl -s 'http://USER:TOKEN@localhost:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

3. Now you can disable the job by sending the crumb in the headers:

   curl -X POST -H "$CRUMB" http://USER:TOKEN@localhost:8080/<jobname>/disable

   ^{If the above won't work for some reason, you may try to use -u USER:TOKEN instead.}

The crumb error indicates you are using CSRF Protection. You need to include a proper crumb header in your request. The crumb can be obtained from the Jenkins API as described on the Jenkins wiki page linked above. The answer for "Trigger parameterized build with curl and crumb" shows the syntax to adding the crumb header in the curl request.

setup jenkins's "global security settings": Uncheck "Prevent Cross Site Request Forgery exploits"