Hi everyone,
I spent a good amount of time debugging an issue that started after a recent Postman update, and I wanted to share the solution in case others are experiencing the same problem.
The Problem
I have an API that requires a custom header called Scope (with a capital “S”) with a value like Chatbot/Test. After a recent Postman update, the API started returning 500 Internal Server Error with the message:
{
"message": "The Scope in the
request headers is invalid.
Must be a string"
}
The exact same request worked perfectly when executed via curl in the terminal:
curl -X GET https://my-api.example.com/
endpoint \\
-H ‘Scope: Chatbot/Test’ \
-H ‘Authorization: Bearer ’ \
-H 'Content-Type: application/
x-www-form-urlencoded'
Root Cause
Postman now defaults to HTTP/2 (when the HTTP version is set to “auto”). The HTTP/2 protocol automatically converts all header names to lowercase. So Scope becomes scope, Authorization becomes authorization, etc.
This is part of the HTTP/2 specification (RFC 7540, Section 8.1.2), but it causes issues when the backend server performs a case-sensitive lookup on header names — which, while not ideal, is common in many APIs (especially those behind AWS API Gateway, custom middleware, etc.).
Meanwhile, curl uses HTTP/1.1 by default, which preserves the original casing of header names. That’s why the same request works in curl but fails in Postman.
Solution
-
Open your request in Postman
-
Go to the Settings tab (within the request, not the global settings)
-
Change “HTTP Version” from “auto” to “HTTP/1.1”
-
Send the request again — it should now work
Suggestion to the Postman Team
It would be great if Postman could:
-
Display a warning when custom headers with uppercase characters are detected and the request is using HTTP/2
-
Mention this behavior change in the update release notes, since it can silently break existing requests after an update
Hope this helps someone else save a few hours of debugging! 
Environment:
-
Postman Desktop (Windows)
-
HTTP Version: auto (defaults to HTTP/2)