I am able to hit my local (and AWS) server with the following curl (which is generated by Postman)… and by another API Client (Rested) using the same params/headers/body. I’ve turned off SSL cert verification and Send Postman Token header in settings (per Stack Overflow answers)… but still getting unauthorized response from server when using Postman (but not when using curl or Rested.
I just solved my own Q… and posting this answer because I’ve seen other questions re: curl working but postman not on SO and Postman communities. My solution was to check the Content-Length header and Connection headers. They were auto populating anyway, so after ‘accepting’ them as headers, the Postman request worked.
In my case it was the Host header. Postman’s little tooltip for that header and the MDN docs both say that servers will likely return 400 without this header. Thanks for suggesting to check/uncheck different Postman headers @funcmakerDan!