403 when trying to upload sourcemaps via API

I am trying to upload sourcemap files to sentry via the Releases API (https://docs.sentry.io/api/releases/post-project-release-files/) and I am getting back a 403 response. I am using the NPM request package to send the request as follows:

return request(
      url: `https://sentry.io/api/projects/${org}/${project}/releases/${version}/files/`,
      method: 'POST',
      auth: {
        bearer: <token>,
      formData: {
        name: filePath,

If i try to upload the same files via sentry-cli, it works. I can also confirm that the token is correct and the version exists. Creating a new release via node works (https://docs.sentry.io/api/releases/post-organization-releases/)

Here is the response from the request:

REQUEST onRequestResponse https://sentry.io/api/projects/${org}/${project}/releases/${version}/files/ 403 { server: 'nginx',
  date: 'Fri, 02 Jun 2017 22:53:24 GMT',
  'content-type': 'text/html',
  'content-length': '3051',
  connection: 'close',
  vary: 'Accept-Encoding, Accept-Language, Cookie',
  'x-xss-protection': '1; mode=block',
  'content-language': 'en',
  'x-content-type-options': 'nosniff',
  'content-security-policy': 'default-src *; script-src \'self\' \'unsafe-eval\' \'unsafe-inline\' a0wx592cvgzripj.global.ssl.fastly.net cdn.ravenjs.com assets.zendesk.com ajax.googleapis.com ssl.google-analytics.com www.googleadservices.com analytics.twitter.com platform.twitter.com *.pingdom.net js.stripe.com statuspage-production.s3.amazonaws.com s3.amazonaws.com *.google.com www.gstatic.com aui-cdn.atlassian.com www.hipchat.com *.atlassian.net *.jira.com *.zopim.com; font-src * data:; connect-src * wss://*.zopim.com; style-src \'self\' \'unsafe-inline\' a0wx592cvgzripj.global.ssl.fastly.net s3.amazonaws.com aui-cdn.atlassian.com www.hipchat.com; img-src * data: blob:; report-uri https://sentry.io/api/54785/csp-report/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=d7ff6d8f957cb2815dff8130aebc0fb782bb8241',
  'x-frame-options': 'deny',
  'x-served-by': 'app-27281a',
  'strict-transport-security': 'max-age=31536000; includeSubDomains; preload' }

How can I fix/debug this error?

Never mind, this was a URL typo: https://sentry.io/api/projects needed to be https://sentry.io/api/0/projects

As an aside unless you have very good reasons for doing it through the API we recommend using sentry-cli instead.

Thanks @mitsuhiko, I will switch to using the CLI