403 Forbidden on Rest-API when trying to use Post or Patch

Copper Contributor

Hello everyone,


I'm trying to use the REST-API of Sharepoint (On-Premise). When I use Get-Requests everything is just fine. As soon as I try to change data using either a Patch or Post Request I get an error (403 Forbidden). We are using the NTLM-Authentication and I'm requesting a X-RequestDigest freshly before doing any Post or Patch requests. The IT-department, which is managing Sharepoint is reporting that it has given me every possible permission. On the web interface I'm also able to change any data I'm trying to change by API. I have added the response from sharepoint down below. I'm at my wits' end. What could I be missing?


HTTP/1.1 403 FORBIDDEN [Cache-Control: private, max-age=0, Transfer-Encoding: chunked, Content-Type: application/json;odata=verbose;charset=utf-8, Expires: Tue, 22 Aug 2023 07:02:48 GMT, Last-Modified: Wed, 06 Sep 2023 07:02:48 GMT, Server: Microsoft-IIS/10.0, X-SharePointHealthScore: 0, DATASERVICEVERSION: 3.0, X-AspNet-Version: 4.0.30319, SPRequestGuid: 9db7d7a0-0572-00fe-99d8-050af9941b52, request-id: 9db7d7a0-0572-00fe-99d8-050af9941b52, X-RequestDigest: 0x17E4E36582E5A4C697907CDBBF37BDD925BCBFF44BC53AC79CD9E6550967E3A0F041C30D197D2315537C92D078D5A03A94B0FBF00F1D267084CB8EEF3B8882E9,06 Sep 2023 07:02:48 -0000, X-FRAME-OPTIONS: SAMEORIGIN, Persistent-Auth: true, X-Powered-By: ASP.NET, MicrosoftSharePointTeamServices:, X-Content-Type-Options: nosniff, X-MS-InvokeApp: 1; RequireReadOnly, Date: Wed, 06 Sep 2023 07:02:48 GMT] ResponseEntityProxy{[Content-Type: application/json;odata=verbose;charset=utf-8,Chunked: true]}
4 Replies



I got the same problem like you. I wonder if you have any solution to this. 

Thank you and have a nice day,


Hi Tra,
my problem was, that each request was made with a new connection. You have to keep open the connection you used for getting the XRequestDigest and you need to request a new Digest, if that connection ever closes unexpectedly.
Have a nice day,


Thanks for reply. I did it too. 

If the request got 403 Forbidden, I would call the function to get the new digest value.

Have a nice day.


Hi Mbeenen,
I got a problem when uploading a file to attachment files. For example (http:mysharepoint/sites/mysite/items(1)/AttachmentFiles(FileName='F:/testfile.pdf'). And they cannot understand the ":". I used to work with SP online and there is no problem but with on premise, I don't know how to deal with it. There may be a solution in modifying web.config but I still cannot find it in the server.
If you used to have the same problem, feel free to share with me.
Thank you and have a nice day,