400 REST API error when trying to advance a workitem


I'm testing the REST API to advance a case on the Bizagi Help Desk example process.

The authentication is performed using the Oauth2 credentials obtained for a Help Desk Agent stakeholder. This user can successfully

Example of JSON sent is attached. The following error is received when POSTing to /odata/data/cases(451)/workitems(1508)/next


"code": "400",

"type": "ODataException",

"status": "BadRequest",

"message": "Forbidden 'Ticket.TicketActivities' Fields were sent. "


The value of the Activity entity for "Report Activity" label is obtained from


where the Activity entity id is obtained from /odata/data/cases(451)/workitems(1506)/relatedEntities

What could be missing or incorrect?

I've also tried adding all the other columns in the Ticket.TicketActivities collection, but the same error is returned.



Comments (1)


Dear Joao,

The problem is not related to ODATA or to the parameter. Probably, there is any code line forbidding the parameter to be validated (The hint is highlighted in Bold in the example below).

private CEntity ValidateParameters(Guid processId, Guid formGuid, Hashtable accumulatedContext, JToken parameters)


List<string> missingRequiredFields;

Hashtable forbiddenFields;

CEntity applicationEntity = GetApplicationEntityFromProcessId(processId);

AddXPathsToAccumulatedContext(applicationEntity, accumulatedContext, parameters, false);

if (!ValidateForbiddenAndRequiredFields(formGuid, accumulatedContext, out missingRequiredFields, out forbiddenFields)) //No need to do it in catch, this one should have more xpaths that initAccumulatedcontext


string missingFieldsMessage = string.Empty;

string forbiddenFieldsMessage = string.Empty;

if (missingRequiredFields.Count > 0)


missingRequiredFields.ForEach(f => missingFieldsMessage += ", " + f);

missingFieldsMessage = missingFieldsMessage.Remove(0, 2);

missingFieldsMessage = $"Required Fields '{missingFieldsMessage}' were not sent. ";


if (forbiddenFields.Count > 0)


forbiddenFieldsMessage = string.Join(", ", forbiddenFields.Keys.Cast<object>()

.Select(x => x.ToString())


forbiddenFieldsMessage = $"Forbidden '{forbiddenFieldsMessage}' Fields were sent. ";


throw new HttpException(400, missingFieldsMessage + forbiddenFieldsMessage);


return applicationEntity;


So, review your code if there's something similar preventing the value to pass or to be processed as a parameter.

Hope this information might be useful for you.

¡Best regards!