Hi Luciano,
403 forbidden HTTP status code happens when the server refuses to take action for the request. A reason could be that you are not passing the X-CSRF-TOKEN with the header.
Make a GET request first, it should get the X-CSRF-TOKEN in the response. Pass this value for the POST operation in the header.
Regards, Midhun
SAP Technology RIG