The ticket must be passed along as "real" cookie, but you pass it along as GET "query" parameter, our API does not checks those at all (as GET params should not have sensible information anyway).
Postman should allow to "set" cookies too, just create one.
In the near future (PVE 6.1, end of this year) we'll also allow to pass the ticket along with the "Authentication" header, so it should be a little bit easier for some API clients which have no possibility to set cookies (if they're in a browser context, which forbids that - as cookies are only headers)