403 error (forbidden) on POST method from Freshservice while it works from Postman (REST API)

I have a Jira cloud account, free plan (not a trial but a very basic free accont). I’m trying to create an Issue using third party service webhooks. First I tried to make a POST request from Postman and it works fine. I also tested a GET request from this third party service (Freshservice) and it was successfull.

BUT if I try to make a POST request from Freshservice, I’m getting 403 error. I’m using the same request body as in Postman (copy-paste) and the same URL.

I also added headers I found in a similar thread: https://community.atlassian.com/t5/Jira-questions/Getting-403-Permission-Denied-through-Jira-REST-API-POST-request/qaq-p/734170

“Content-Type”, “application/json”
“accept”, “application/json”
“X-Atlassian-Token”, “nocheck”

and still have no luck.

While I researched, I found no information about any REST API limitations for free accounts.
What am I missing?

@SvetlanaTolstyakova welcome to the Atlassian developer community.

I’m not aware that the free plan does anything to API access. Could you elaborate on the request you are trying to make? Which endpoint, parameters, and headers are being sent? I know you already tried to make the request with Postman but maybe it would help to see what Freshservice is really sending by routing the request through a proxy like Beeceptor.


thank you for the tip!
Here’s what Freshservice is sending according to Beeceptor:


“content-length”: “426”,
“authorization”: “Censored (it should be correct since it works with GET request that is made from Freshservice)”,
“accept”: “application/json”,
“user-agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Freshdesk”,
“content-type”: “application/json”,
“x-atlassian-token”: “nocheck”,
“traceparent”: “00-2d4b5d4db627c2adf1d1b6db44c94069-5b160c7fbe5f1e62-00”

Request body (works with Postman):

“update”: {

"fields": {
    "project": {
        "key": "EVGE"
    "summary": "FD",
    "issuetype": {
        "id": "10001"
    "assignee": {
    "reporter": {
        "id": "5f1598369d9a1200297b41df"
    "labels": [
    "description": "description"





I copy/pasted from your request body above and it’s not valid JSON. When I send that from my HTTP client, I can reproduce a 400 error. Specifically, the quotes around update aren’t ASCII. Is that the problem? Or did those get injected on the way into this editor?

Or did those get injected on the way into this editor?

That’s the case. If I copy it directly from Freshservice input window and paste it to JSON validator, there’s no problems. Moreover, If I simply delete the “update”: {} part from the request body, I still have the same issue - 403. (and at the same time it works fine in Postman)

I can reproduce a 400 error.

I’m getting 403. Also I just tested the scenario with invalid JSON body, and in this case I’m getting 403 in Freshservice and 400 (as expected) in Postman.

So I just contacted Freshservice team and discovered that their webhook tester isn’t working correctly: when I used the same endpoint, body request and credentials in regular mode, everything worked fine. :unamused:

Anyways, @ibuchanan thank you for your help!

1 Like