N8N API Forbidden error while it works in Postman

Shashank_Bindulbavi · February 25, 2026, 8:52am

Describe the problem/error/question

I am trying to Run the Forcepoint API to get the list of Categories and the sites within it.
Forcepoint_API: https://ws-custom-categories.api.forcepoint.io/v1.0.0
I need to generate the Bearer token using this: Forcepoint API Documentation which I did and when I use it in Postman I get the Results.
I am able to generate the token in n8n, but when I pass that token into the Forcepoint_API I get 403 error. Attaching snapshots for reference!
I have Added Added Headers as Accept: application/json and Content-Type: application/json. Doesn’t work with or without it. Also tried User-Agent:PostmanRuntime/7.51.1

What is the error message (if any)?

Please share your workflow

Share the output returned by the last node

{
“errorMessage”: “Forbidden - perhaps check your credentials?”,
“errorDescription”: “Forbidden”,
“errorDetails”: {
“rawErrorMessage”: [
“403 - "{\"message\":\"Forbidden\"}\n"”
],
“httpCode”: “403”
},
“n8nDetails”: {
“nodeName”: “HTTP Request”,
“nodeType”: “n8n-nodes-base.httpRequest”,
“nodeVersion”: 4.4,
“itemIndex”: 0,
“time”: “25/02/2026, 14:19:01”,
“n8nVersion”: “2.8.3 (Cloud)”,
“binaryDataMode”: “filesystem”,
“stackTrace”: [
“NodeApiError: Forbidden - perhaps check your credentials?”,
" at ExecuteContext.execute (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-nodes-base@file+packages+nodes-base_@[email protected]_asn1.js@5_8da18263ca0574b0db58d4fefd8173ce/node_modules/n8n-nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:864:16)“,
" at processTicksAndRejections (node:internal/process/task_queues:103:5)”,
" at WorkflowExecute.executeNode (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1043:8)“,
" at WorkflowExecute.runNode (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1222:11)”,
" at /usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1659:27",
" at /usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:2302:11"
]
}
}

Information on your n8n setup

n8n version: 2.9.2
Database (default: SQLite): Cloud
n8n EXECUTIONS_PROCESS setting (default: own, main): own
Running n8n via (Docker, npm, n8n cloud, desktop app): n8n cloud
Operating system: Windows 11

A_A4 · February 25, 2026, 9:41am

Shashank_Bindulbavi:

Share the output returned by the last node

{
“errorMessage”: “Forbidden - perhaps check your credentials?”,
“errorDescription”: “Forbidden”,
“errorDetails”: {
“rawErrorMessage”: [
“403 - “{"message":"Forbidden"}\n””
],
“httpCode”: “403”
},
“n8nDetails”: {
“nodeName”: “HTTP Request”,
“nodeType”: “n8n-nodes-base.httpRequest”,
“nodeVersion”: 4.4,
“itemIndex”: 0,
“time”: “25/02/2026, 14:19:01”,
“n8nVersion”: “2.8.3 (Cloud)”,
“binaryDataMode”: “filesystem”,
“stackTrace”: [
“NodeApiError: Forbidden - perhaps check your credentials?”,
" at ExecuteContext.execute (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-nodes-base@file+packages+nodes-base_@[email protected]_asn1.js@5_8da18263ca0574b0db58d4fefd8173ce/node_modules/n8n-nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:864:16)“,
" at processTicksAndRejections (node:internal/process/task_queues:103:5)”,
" at WorkflowExecute.executeNode (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1043:8)“,
" at WorkflowExecute.runNode (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1222:11)”,
" at /usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:1659:27",
" at /usr/local/lib/node_modules/n8n/node_modules/.pnpm/n8n-core@file+packages+core_@[email protected]_@opentelemetry+exporter-trace-otlp_9f358c3eeaef0d2736f54ac9757ada43/node_modules/n8n-core/src/execution-engine/workflow-execute.ts:2302:11"
]
}
}

Information on your n8n setup

n8n version: 2.9.2

Database (default: SQLite): Cloud

n8n EXECUTIONS_PROCESS setting (default: own, main): own

Running n8n via (Docker, npm, n8n cloud, desktop app): n8n cloud

Operating system: Windows 11

Hi @Shashank_Bindulbavi

looks like you accidentally hardcoded angle brackets into your authorization header.

if you look closely at your second screenshot, the expression is set to Bearer <{{ $json.token.trim() }}>. that makes n8n send the literal < and > characters wrapped around your token. postman doesn’t do that when you use its built-in bearer auth tab — it just sends the raw string.

just drop those brackets from your value field so the expression is exactly Bearer {{ $json.token.trim() }}.

also, you might want to strip the trailing slash off your URL just in case. your postman url ends in .../v1.0.0 but your n8n url has .../v1.0.0/. some strict apis instantly throw a 403 forbidden error if they see an extra slash at the end.

Shashank_Bindulbavi · February 25, 2026, 10:43am

Hi @A_A4 ,

I have done both, Removed <> and the / in the URL. This is just one of many things that I tried and still the same 403!

Looks like Forcepoint API doesn’t like the n8n’s IP?

A_A4 · February 25, 2026, 11:02am

@Shashank_Bindulbavi If Forcepoint does have any “trusted source” / IP / network controls on that API, whitelisting n8n Cloud’s IP ranges is the most likely fix.

some APIs issue tokens bound to client / redirect / audience that can differ between environments and return 403 even when the token string “looks valid”.[HTTP common issues]

jitesh · February 26, 2026, 2:46am

Upon looking carefully, I noticed you’re using different tokens on Postman vs on n8n.

Postman one starts with ‘12’ while the n8n one starts with ‘fp_oidc’

try the exact some token
remove the angular brackets (<>)
remove the forward slash (/)

Let us know how it goes.

Shashank_Bindulbavi · February 26, 2026, 5:22am

Hi @jitesh - That’s probably because its the middle/end part of the token! All 3 have been validated and its still the 403 error!

Hi @A_A4 , Thanks will have a read through and see if I have any luck with it today!

Shashank_Bindulbavi · March 9, 2026, 5:47am

Looks like this is related to Forcepoint Whitelisting the IPs when I checked with them!

Reference: [n8n Cloud] How to Whitelist n8n Cloud IPs for Accessing In-House APIs