Sorry for the late reply. I discovered that Postman uses Windows Authentication method, so it works if you already had an opened session with the server (I believe it's enough by logging into the hub or the qmc). That's why you need to make a GET call before the POST, so you go through the authentication module.
However, if you use the server credentials by installing the windows client certificate in the machine that is executing the call you should be able to communicate with the API.
Then you can get the certificate with this command: