Sharepoint 2013 via REST API: Error 403 Forbidden when trying to create item

Question

I'm trying to create a simple list item with the rest api on Sharepoint 2013. My code:

$.ajax({
    url: siteUrl + "/_api/web/lists/getByTitle('internal_Listname')/items",
    type: "POST",
    contentType: "application/json;odata=verbose",
    data: JSON.stringify({
         '__metadata': {
            'type': 'SP.Data.internal_ListnameListItem',
         },
         'K1F1': k1f1Result,
    }),
    headers: {
        "accept": "application/json;odata=verbose",
        "X-RequestDigest": $("#__REQUESTDIGEST").val(),
    },
    success: function (data) {
        console.log("done");
    },
    error: function (err) {
        console.log(JSON.stringify(err));
    }
});

When trying to send the data I get the 403 "Forbidden" error.

"error":{
   "code":"-2130575251, Microsoft.SharePoint.SPException",
   "message":{
        "lang":"en-US",
        "value":"The security validation for this page is invalid and might be corrupted. Please use your web browser's Back button to try your operation again."
    }
}

• I have full admin privileges on this site and the list.

Answer 1

Most likely this error occurs since form digest has been expired on the page.

In that case you could acquire a new form digest value by making a POST request to /_api/contextinfo endpoint.

Example

function getFormDigest(webUrl) {
    return $.ajax({
        url: webUrl + "/_api/contextinfo",
        method: "POST",
        headers: { "Accept": "application/json; odata=verbose" }
    });
}


function createListItem(webUrl, listName, itemProperties) {
    return getFormDigest(webUrl).then(function (data) {

        return $.ajax({
            url: webUrl + "/_api/web/lists/getbytitle('" + listName + "')/items",
            type: "POST",
            processData: false,
            contentType: "application/json;odata=verbose",
            data: JSON.stringify(itemProperties),
            headers: {
                "Accept": "application/json;odata=verbose",
                "X-RequestDigest": data.d.GetContextWebInformation.FormDigestValue
            }
        });
    });
}

Usage

//Create a Task item
var taskProperties = {
    '__metadata': { 'type': 'SP.Data.WorkflowTasksItem' },
    'Title': 'Order approval'
};

createListItem(_spPageContextInfo.webAbsoluteUrl, 'Workflow Tasks', taskProperties)
.done(function (data) {
    console.log('Task has been created successfully');
})
.fail(function (error) {
    console.log(JSON.stringify(error));
});

Answer 2

Found the solution a few days ago: I forgot to add the request digest form to the body. It should have the following structure;

<form runat="server">
   <SharePoint:FormDigest ID="FormDigest1" runat="server"></SharePoint:FormDigest>
</form>