Support Topics Documentation Slack YouTube Blog

[Angular 1.x] $http POST request -> 403 Forbidden

Hi, when I make POST request with Angular $http, it gives me back a 403 error Forbidden.

  • I’ve set up default headers into my app configuration
  • GET (on same URL obviously) works well
URI = ""
data = {
'name': hintName,
'nexthintmessage': hintDescription,
'isreal': hintIsReal,
'isatreasure': hintIsTreasure,
'points': hintPoints
$'', data)
.then(function (response) {

That’s headers in my app.js

$httpProvider.defaults.headers.common['application-id'] = 'XXXXXXXXXXXXXX';
$httpProvider.defaults.headers.common['secret-key'] = 'XXXXXXXXXXX;
$['Content-Type'] = 'application/json';
$httpProvider.defaults.headers.put['Content-Type'] = 'application/json';
$httpProvider.defaults.headers.common['Application-Type'] = 'REST';

Did you configure any security permissions in your backend?

Nope Mark, I am currently not using “db users”, only custom tables with no restrictions at all.

On GET methods on same URL i get no errors, and I think 403 is returned before passing the body (so not body related error)

Furthermore, when I make POST request from Xamarin (using sendRequest, async or sync not a matter) it works like a charm!

Hi Mike,

Could you check in the Network tab of the browser’s developer tools what the POST request looks like? (URL, http headers and body)


Hi Mark, not sure to have understood your request, sorry!

P.S.: Not sure it’s coherent with your question, but I use WebStorm + Chrome

I am talking about this:

Ok, I think I’ve understood! In Chrome on Network TAB it says me it’s unable to save the object due a Malformed body request, infact I passed “yes” and not “true” for a Boolean property!

But why it says me “403 Forbidden”? Maybe the URL generated by Backendless’ Response is in some manner forbidden to be shown when a “bad body” is generated?

Yes sorry ! I’ve understood with a little bit of “lag” :wink:

I’l find out why server reports 403 for this.

Is the problem now resolved for you?

Absolutely solved. It works now.

Thanks for support, Mark!