Upload assets (image) with Postman returns 403

I have…

  • [ ] Checked the logs and have provided the logs if I found something suspicious there
  • [x] nothing suspicious in the logs

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [ ] Bug report
  • [ ] Performance issue
  • [X] Documentation issue or request

Current behavior

When I POST a request to local Squidex implementation, I get 403 Forbidden.

Expected behavior

Response should be 200 OK

Minimal reproduction of the problem

curl --location --request POST ‘http://dbocca.cms.io/api/apps/mobilapp/assets
–header ‘Content-Type: multipart/form-data’
–header 'Authorization: Bearer
–form ‘file=@/<path_to_file>/_MG_9369b_preview_featured.png’

(Redacted Token and path_to_file)
(Curl created from postman request)


  • [X] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: [VERSION]


  • [ ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge


Please provide documentation for uploading an image assets through API.
Postman header/body information or curl request would be nice.


Have you checked the bearer token with another request?

Recommend this too. Because I don’t use Postman regularly, my bearer token had expired once, which led to some confusion.

1 Like

@Sebastian Yes, my /api/content/ work great for all request.

@marcus_hum I have a pre-test to keep the token updated.

Are you using a normal client or custom permissions?

I would upload an asset with the UI, then “clone” the request with postman.

I create a new client and it work ok.

Thanks for the help.