Hello Dameon,

thank you for your help. These are the local appliance calls:

First, a request to check if the file exists (in this case, I use the eicar test string):

POST https://xx.x.x.xxx:18194/tecloud/api/v1/file/query HTTP/1.1
Content-Type: application/json; charset=utf-8
Host: 10.1.0.239:18194
Content-Length: 215
Expect: 100-continue
Connection: Keep-Alive

{"request":{"extraction":{"scrubbed_parts_codes":null,"method":null},"file_type":"type","file_name":"EICAR.txt","te":{"images":null,"reports":[]},"features":["te"],"sha1":"3395856ce81f2b7382dee72602f798b642f14140"}}

The response is as expected, and it shows that the communication with the local appliance works

HTTP/1.0 200 OK
Date: Wed, 27 Sep 2017 06:32:28 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: Keep-Alive
X-Frame-Options: SAMEORIGIN
Content-Length: 1093

{
"response" : {
"features" : [ "te" ],
"file_name" : "EICAR.txt",
"file_type" : "type",
"md5" : "",
"sha1" : "3395856ce81f2b7382dee72602f798b642f14140",
"sha256" : "",
"status" : {
"code" : 1004,
"label" : "NOT_FOUND",
"message" : "Couldn't find the requested file, please upload it"
},
"te" : {
"images" : [
{
"id" : "5e5de275-a103-4f67-b55b-47532918fa59",
"report" : {
"verdict" : "unknown"
},
"revision" : 1,
"status" : "not_found"
},
{
"id" : "e50e99f3-5963-4573-af9e-e3f4750b55e2",
"report" : {
"verdict" : "unknown"
},
"revision" : 1,
"status" : "not_found"
}
],
"status" : {
"code" : 1004,
"label" : "NOT_FOUND",
"message" : "Couldn't find the requested file, please upload it"
}
}
}
}

The file is not known to the application, so I try to upload:

POST https://xx.x.x.xxx:18194/tecloud/api/v1/file/upload HTTP/1.1
Content-Type: multipart/form-data; boundary="Upload----1234567457645"
Host: 10.1.0.239:18194
Content-Length: 503
Expect: 100-continue
Connection: Keep-Alive

--Upload----1234567457645
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=request

{"request":{"extraction":{"scrubbed_parts_codes":null,"method":null},"file_type":"pdf","file_name":"EICAR.txt","te":{"images":null,"reports":null},"features":null,"sha1":"3395856ce81f2b7382dee72602f798b642f14140"}}
--Upload----1234567457645
Content-Disposition: form-data; name=file

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
--Upload----1234567457645--

This upload request uses the multipart-format and is generated by the C# code shown in the question. The response gives an error:

HTTP/1.0 200 OK
Date: Wed, 27 Sep 2017 06:32:30 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: Keep-Alive
X-Frame-Options: SAMEORIGIN
Content-Length: 197

{
"response" : [
{
"status" : {
"code" : 1008,
"label" : "BAD_REQUEST",
"message" : "Invalid Multipart/form request"
}
}
]
}

Using the cloud host te.checkpoint.com, the upload works. There the results are "UPLOAD_SUCCESS". The only difference I see in the cloud (besides using the API key there, of course) is the te_cookie used in the session there. 

Hello Christof, if you are using the same routine for doing the request for both cloud and local apliance then you might be sending the te_cookie to the local appliance, this causes an error because TP API does not provide a cookie therefore it will not understand why you are sending it.  If you want to use the same routine, add a load balancer in the middle and insert te_cookie, you can choose whatever you want as a cookie, you will need to do this if you want an application to send files to a Private Cloud ( and mantain persistency ) and not just to a single appliance. So try removing the cookie and also the Authorization Headers, you don't need them for local emulation.