Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm testing an API using Postman. I am posting with Body form_data and api_token is a parameter.
This works perfect on my Forge server if I change the APP_ENV to local
But of course this is a production server, and every time I change APP_ENV to production I get 403 Forbidden.
I should point out this is a Laravel Forge server. I've turned logging on in the NGINX file, and this is the what is displayed:
x.y.189.140 - - [29/May/2020:23:42:29 +0000] "POST /api/v1/product HTTP/1.1" 403 50 "-" "PostmanRuntime/7.25.0"
This is how I am protecting my routes:
Route::group(['prefix' => 'v1', 'middleware' => 'auth:api'], function () {
Route::post('/product', 'Api\ProductsController@store');
});
Please help.
Your APP_ENV won't give you the 403 response. There must be something somewhere else in your code that checks against the value of the environment and throws this error.
This can also happen because you have a certain Policy or Guard set up for this case.
If that all doesn't work I would probably start disabling middlewares and checking the controllers itself to see if something changes. Another good place to look for this is your service providers
Please or to participate in this conversation.