You need to send the x-CSRF-token with the XAS request to Mendix.
First make the login request to Mendix (with an authorized user), the response will contain the x-csrf-token. Store this in a variable so you can re-use it in jMeter. Each logged in user will have an unique token, so login in multiple user to do the load testing with various tokens.
In the browser console you can see which payload and headers are sent per request, to give you an impression how to create the jMeter requests
With kind regards,
Stephan