Having issues with authentication when running Postman collection

I’m working with a Postman collection for SAP C4C APIs, where I’ve configured all necessary authentication, including CSRF tokens. The collection runs successfully when executed manually in Postman, but fails with a 403 Forbidden error when triggered via webhook.

What kind of authentication adaptations or settings should I apply to make sure the collection can execute properly when triggered by a webhook? Any insights into how webhook-triggered runs handle authentication differently would be appreciated.

Cheers.

Hi @duartepresa. Welcome to the Postman Community.

A 403 error does not look like an authentication error. It looks to me like the server is blocking this request from the webhook for some reason. I am not sure why that’s the case, but you may want to double-check to be sure.

Hi!

Not sure how to check that, but I believe that the CSRF Token (a header) is blocking the request. However, it works fine when triggered directly.

Does Postman not retain the session and authentications with a webhook-triggered run? Because at the collection level everything is working as expected.

Might this be related to Cookies? I don’t have the Interceptor on (due to admin blocks). Is it necessary?

Thanks.

@duartepresa Can you share a screenshot of how authentication is set up?

For example, If these credentials are stored in the current value of a collection variable, it won’t make it to the triggered webhook.

@gbadebo-bello the stored variables are on the environment level. The remaining headers are hard-coded.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.