Created anonymous webservice with method POST return code 403


I'm trying to create an anonymous we folllowing the guide from:…

The example provided is only for Verb GET and it works fine, but as soon as i change it to POST i get 403 code returned instead.

I tried changing different settings on the .config files to allow verb post but with no luck. What am i missing?

Is the system only meant to expose GET anonymous services?



Like 0



No. The system allows post requests. Probably you're trying to convert the GET request to the POST one. Please don't copy/paste. Write the service and the request manualy. This way you'll not make mistakes.

Hi Eugene,

Are you sure you are not talking about normal authenticated webservices?

It turns out that i had to add the svc path to DisableCsrfTokenValidationForPaths for the anonymous  in order to make it work.

Keep in mind that i need to call the POST method from outside bpm and without any authentication.




I'm sure.

I tested without CSRF on localhost. 

That's not the behavior i'm seeing on my local environment. After creating the svc and registering the service on all the .config files i kept getting 403 until i enabled the path on DisableCsrfTokenValidationForPaths. Otherwise i was always getting 403.

I notice from you screenshot that you were also getting 403 before the 400 bad request,, did you change something?


Luciano De Munno,

Try to check how the GeneratedObjectWebFormService registered. It works with post and it seems like it doesn't require disabling CSRF.

>did you change something?

- I stoped copy-pasting and wrote the request manually from scratch. Anyway the request is on the screenshot. Please compare they on your own.


Show all comments