Error: "form tampered with"

Hello. I am learning API cybersecurity concepts and am using the Pixi API which I imported into postman. Upon attempting to register as a new user, I have begun getting this error, which wasn’t presenting itself a couple days ago. It simply responds with “form tampered with”.

I’m unsure what I could have changed to cause this as this is the second time I’m attempting to play around with this API. I searched on google and couldn’t seem to find this error anywhere.

I have attached a screenshot, please see below.

I would be grateful for any help!

The error message seems to be a custom response from the server where you’re sending the login credentials.

Looking at the data that you’re sending, most backend APIs should not allow a user to specify an ID value for a resource, nor setting a flag like “is_admin” … but I’m not sure if that’s what you’re attempting to thwart with the cybersecurity lessons you’re examining.

My thought is that perhaps the backend API is seeing those fields (“id” and “is_admin”) and is sending back a generic error like “form tampered with” to alert you that something in your payload is wrong.


You should change the default hostname and port in Postman variable for the next value:

http://(your hostmame):8090 → In my case: http://localhost:8090

This is mentioned in the same page of Pixi (share pictures)