Web Messaging file upload 400 Bad Request on PDF

NICE CXone API & Integrations
1

Trying to handle customer file uploads in our .NET bot backend. The docs say PDFs are allowed up to 10MB.

“Accepted MIME types: application/pdf, image/png… Max size: 10MB”

I’m sending a 5MB PDF via the guest attachment endpoint but getting a 400 Bad Request. No useful error message in the response body.

var response = await _httpClient.PostAsync($“/api/v2/webmessaging/guests/{guestId}/attachments”, new MultipartFormDataContent());

Am I missing a specific header or is the SDK handling the multipart wrong?

2

The 400 is almost certainly because you’re not setting the Content-Type of the individual form part to application/pdf. Genesys Cloud’s attachment endpoint is picky. If the part just has a generic boundary without the specific MIME type, the parser rejects it before it even checks the size or extension.

You also need to make sure the filename is included in the Content-Disposition header. It’s not enough to just dump the stream.

Here’s how I usually handle this in .NET with HttpClient. Note the FileName property on the MultipartFormDataContent item. That’s the bit that trips people up.

var fileBytes = File.ReadAllBytes("document.pdf");
var fileContent = new ByteArrayContent(fileBytes);
fileContent.Headers.ContentType = MediaTypeHeaderValue.Parse("application/pdf");
fileContent.Headers.ContentDisposition = new ContentDispositionHeaderValue("form-data")
{
 Name = "file",
 FileName = "document.pdf" // Must match the actual file name
};

var formData = new MultipartFormDataContent();
formData.Add(fileContent);

// Ensure your auth header is set on the client
var response = await _httpClient.PostAsync(
 $"/api/v2/webmessaging/guests/{guestId}/attachments", 
 formData
);

if (!response.IsSuccessStatusCode)
{
 var errorBody = await response.Content.ReadAsStringAsync();
 Console.WriteLine($"Upload failed: {response.StatusCode} - {errorBody}");
}

Don’t forget to include the Authorization: Bearer <token> header on the request itself. If you’re using a service account token, make sure it has the webmessaging:guest:write scope. If the scope is missing, you get a 403, but sometimes the gateway returns a 400 if the token structure is malformed or expired.

Check the raw request headers in Fiddler or Postman if you’re still stuck. The platform logs usually show “Invalid attachment format” for these kinds of MIME mismatches, but the API response body stays empty for security reasons.