I'm trying to learn Sails JS and obviously REST API.

I've created a user model wich I think works fine (it communicates datas with my db). I've also created a signup controller with 4 needed inputs to store a new record in my user collection. (Some other datas are generated by this controller to complete the record at the moment of the registration)

I would like to test this controller with POSTMAN, so I go to my routes.js and see :

'POST  /api/v1/entrance/signup': { action: 'entrance/signup' },

But when i enter a POST request at 192.168.1.13:1338/api/v1/entrance/signup with my 4 needed inputs declared I have this answer : Forbidden

I don't know what I do wrong. I've also enabled rest, shortcuts and actions in my blueprints.js

Does someone has an idea ? :)

The issue is indeed related to cross-site request forgery, but disabling the corresponding security rule altogether is quite obviously not a solution. CSRF and its treatment in sailsjs are well described in the corresponding part of the manual. In short, for POSTs to work you have to include _csrf in your requests. E.g. in a view template:

<form>
   <input type="hidden" name="_csrf" value="<%- _csrf %>" />
</form>

As said below, removing CSRF protection is not an answer as it may expose the api to a security breach. I currently use JWT but it doesn't seems to be as secure as CSRF token so the only right way is to include the token in every HTTP's request header.