The problem was in the security middleware blocking API requests due to character validation. The middleware was incorrectly flagging JSON colons ( as dangerous characters even for API endpoints.
What was fixed:
Updated security middleware to properly exempt /api/remoteTransfer and other API endpoints from
restrictive character validation
The middleware now allows JSON structure characters for API calls while maintaining security for regular
requests
I’ve pushed the code in a development branch for now, i will merge soon with current stable branch.