Pushing Custom Secret-IDs via the API in Powershell

I understand that you can push custom secret-ids to the app role via the API, however, we have a CICD app role that is supposed to have the capabilities to do this for my app roles, here’s my policy:

# Grant permissions on the 'auth/approle/role/+/secret-id' path
path "auth/approle/role/+/secret-id" {
   capabilities = [ "create", "update" ]

# Grant permission on the 'auth/approle/role/+/custom-secret-id' path
path "auth/approle/role/+/custom-secret-id" {
   capabilities = [ "create", "update" ]

Using the CLI works

vault write -f auth/approle/role/<MyAppRole>/custom-secret-id secret_id=<new-secret-id>

but I’m having issues with my Powershell script.
$approle is passed in to the function

	$uri = "$($env:VAULT_ADDR)" + "/v1/auth/approle/role/$($approle)/custom-secret-id"
	$header = @{
    $GUID = [guid]::NewGuid()

    $payload = 
        } | ConvertTo-Json
    Write-Host "Sending Custom Secret-ID"
	$response = Invoke-RestMethod -Headers $header -ContentType 'application/json' -Method POST -Uri $uri -Body $payload
	# Here, I'll be pushing the new secret-id to another PS script
	# so that it can be set in the environment variables on the
	# server that our software is being deployed to.
catch [System.Net.WebException]
	$msg = $_.Exception.Message + ": in PushCustomSecretID: $($response)"
	$status = $_.Exception.Status
	$hr = "{0:x8}" -f ($_.Exception.HResult)
	$innerException = $_.Exception.InnerException
    $h = $header | ConvertTo-Json
	#Just issue a warning about being unable to send the notification...
	Write-Warning("`n`t[$status] `n`t[0x$hr] `n`t[$msg] `n`t[$innerException]`n`n[URI] $uri`n`t[Header] $h`n`t[Payload] $payload")
    return $False

I’m getting a 403 Forbidden error for some reason.

Any ideas on what is causing this?

Repost of Policy required to push Custom Secret-IDs via API not working ?

No relies on that one. That post asked about the policy, this is the continuation of it.

The last post on that one is literally a reply from me.

It’s way too much trouble to set up a local vault to do that

Alright, I can tell when my help is not appreciated, I’ll stop responding.

As replied in the other post, after setting things up locally, I get NO ERRORS when running locally

I noticed that I was using a PUT vs. a POST, maybe that was it? Because when I changed it to a POST, it looks like it has begun working.