Title
Create new category
Edit page index title
Edit category
Edit link
Why does MetaDefender MFT return HTTP 400 on GET /vault_rest/transfer?
MetaDefender Managed File Transfer (MFT) — all supported versions
Issue Description
Calling the MetaDefender MFT API endpoint GET /vault_rest/transfer to initiate or list transfers returns HTTP 400 with the message below when the uploader group context is not resolvable:
Cause (why this 400 error happens)
API must resolve exactly one uploader-enabled group for the authenticated user.
If zero or multiple uploader-capable groups are found, the request is rejected as ambiguous.
Unlike the UI, the API never prompts for "Upload as group"—the group must be inferable or provided by the flow.
When the server cannot resolve a single uploader group, it returns HTTP 400 with ui_message_key UPLOAD_FILE_UPLOADER_GROUP_IS_REQUIRED.
Example (ambiguous uploader context):
This response is produced by request validation before any transfer object is created.
Ambiguity in the uploader context causes the 400 error; ensure the account resolves to exactly one uploader-capable group for the request.
Recommended Solution
Use a dedicated service account or a system-level API key for automation, and assign exactly one appropriate uploader group.
Ensure each API user has unambiguous group membership (avoid multiple uploader-capable groups for the same account).
Keep the initial transfer request minimal—send only
Authorization: Bearer {token}when initiating the transfer and follow the documented sequence.Optionally enable the feature that lets uploads proceed without explicit group selection: Allow Users to Upload Files Without Specifying Group Membership. Review general upload behavior here: Upload files (UI).
If you require further assistance, please follow the instructions on creating a support package before creating a support case or chatting with our support engineer.