I can request an API method via http://requestmaker.com/ using GET, but when I use POST or PUT it returns...
HTTP/1.1 403 Forbidden
Here is the method...
[HttpPost]
[Route("api/sales")]
public object Put([FromBody] Sale sale)
{
sale.DateTime = DateTime.Now;
paymentRepository.Insert(sale);
paymentRepository.Save();
return Ok(new { id = sale.SaleId });
}
Any ideas?
Request headers are...
POST /admin/api/sales HTTP/1.1 Host: hello.com Accept: / Content-Type: text/html Content-Length: 17
Request data...
TourId=3&UserId=1
Oh silly me, it was looking for an anti-forgery token. I thought I'd commented the filter out, but I'd done it for MVC and not Web Api. Oops.
I also needed to set the content type to application/json and set the data as { "TourId":"3", "UserId":"1" } in order for model binding to work.