API - Post request over network returns HTTP 400


  • Used Zammad version: 2.1.x
  • Used Zammad installation source: (source, package, …)
  • Operating system: CentOS 7
  • curl version used: 7.56.1

POST request to execute:

curl -v -H "Authorization: Token token=TokenAdminUser -i -H “Content-Type: application/json” -X POST -d ‘{“firstname":“Test”,“lastname”:“User”,“email”:"test@examplemail.net”,“roles”:[“Customer”],“password”:“test”}’ http://IP:Port/api/v1/users

Expected behavior:

  • GET request returns wanted information.
  • POST request creates new user and returns HTTP Status 201

Actual behavior:

  • GET request returns wanted information.
  • POST request, sended over network, doesnt create new user, returns error below

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=UTF-8
X-Request-Id: e2447e64-28a2-406c-9bfd-f73d6e59e7fe
X-Runtime: 0.008918
Content-Length: 0

  • Same POST request, sended directly from the Zammad-server (localhost), creates new user like expected (Returning HTTP 201)


  • Is there some more configuration necessary to allow JSON POST requests over network?
  • Are there some Ports that i need to open especially for JSON (even though allowing all Ports didnt seem to work)?
  • Can you help me with my problem?
  • Do you need any more information?


can you please post the actual requests you sent. For POST and for GET
You can’t use the same request and just change GET -> POST or vice versa.
Please see:

As you can see an your URL you are using HTTP. So you just need to open Port 80 or, if you use no WebServer (as nginx for example) you need to enable Port 3000. There is no special trick.


Hi Hannes,

my GET request send is pretty much the same as in the api introduction (except the -v for http status). I testet it again right now, it returns HTTP 200 and the expected userdata:

curl -v -H “Authorization: Token token=TokenAdminUser” http://cfs-zammad:3000/api/v1/users

The POST request send (took away the -i from earlier, because it didnt change anything on the outcome, also added one " behind the token, because i accidentally deleted them earlier, while editing the token. This is copied from my used command, only changed the mail and the token). :

curl -v -H “Authorization: Token token=TokenAdminUser” -H “Content-Type: application/json” -X POST -d ‘{“firstname”:“Test”,“lastname”:“User”,“email”:“test@examplemail.net”,“roles”:[“Customer”],“password”:“test”}’ http://cfs-zammad:3000/api/v1/users

Below you see the HTTP return of the same command (copied & pasted) on two different machines. On the left you can see the response when send from the CentOS 7 server. On the right you see the HTTP return when send from my Windows 10 PC (other subnet, but Port 3000 is open).

Can you post a snippet of your production.log for the time the request failed is our terminal server.

I dont se any request which results in status 400, these would be logged there. Also I don’t se the endpoint you use.
Are you sure the requests are processed or did you just pasted the wrong image?

Oh, excuse me, I looked a the wrong timeperiod.
I send a new request which you can see below:

there are some more lines in the same style following (vendor/bundle/ruby…)

P.S. is my local machine

Like the error message suggestes:

"unexpected token at '' firstname:Test..."

This is no valid JSON. When the log is correct, this is just a complete string. Or at least a complete String, without quotes i s passed.

I would say this is no zammad issue but one of your client / encoding / …


Ok, i will look further into encoding problems and do some more testing if this is not a known problem with zammad / the JSON API.
I just find it strange that JSON POST requests don’t seem to work on other machines in our network besides the CentOS cfs-zammad server, so i figured it would have to do something with the server handling the request.

Thank you for your time Hannes. If you learn something new regarding this problem i would appreciate it, if you could inform me.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.