Try removing all stuff from the header except for "X-IG-API-KEY: 6ee4e97eca7d1dc5afa51a8f8028f3cff725bb27". As to my knowledge, the curl library sets "Content-Type: application/json" automatically for json data.
When I use the full header I get the JSON result above in MS Network Monitor. If I remove everything but the key, it gives me
- ContentType: application/x-www-form-urlencoded
MediaType: application/x-www-form-urlencoded
HeaderEnd: CRLF
payload: HttpContentType = application/x-www-form-urlencoded
and Zorro returns
n{"errorCode":"Media type [mediaType=application/x-www-form-urlencoded] not supported."}
Interestingly, when I remove everything but the key but use an invalid key, I get this error message:
n{"errorCode":"error.security.api-key-invalid"}
But if I keep the full header and use an invalid key, I just get the same 403 result that I've been getting all along - it doesn't even pick up the invalid key. So the problem IS with the header? But what? Is the format of my header for the http function wrong?