Forum Discussion

silky27's avatar
silky27
Contributor
7 years ago

Rest API V1 calls failing with oAuth access token

I am using oAuth2 to generate the access token and use v1 rest api calls with them.

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <access token>" -H "client-id:<client-id>" 'https://api.stage.lithium.com/community/v1/arrival/boards/nested?restapi.response_format=json'

Response: 

{"response":{"status":"error","error":{"code":302,"message":"User authentication failed."}}}

However, using just the client-id in headers makes the API call successful.

curl -X GET -H "Content-Type: application/json" -H "client-id: <client-id>" 'https://api.stage.lithium.com/community/v1/arrival/boards/nested?restapi.response_format=json'
The above provides success response.
 

The calls with access token were working some time back, but don't work anymore. Have tried generating new tokens, but still get the same response with all API calls.
The documentation https://community.lithium.com/t5/Developer-Documentation/bd-p/dev-doc-portal?section=commv1&page=apicall also says that only client-id is needed in the header. Is this a recent change in the API or am I missing something? 

 
Thanks in advance.

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    7 years ago

    Hi silky27,

    I want to ask one question before I go to our Engineering team. I'm wondering if the problem is that the access token expired. After you get the access token once, you should be using calls using the refresh token. See Step 5 in the OAuth flow summary in the OAuth guide. If you're using that flow already, let me know and I'll I go talk to the team.

    • silky27's avatar
      silky27
      Contributor
      7 years ago

      Hi SuzieH

      We generated a new token and tested with it. We also refreshed the token using the refresh token and made API calls with it. Both resulted in the same error response.  

      {"response":{"status":"error","error":{"code":302,"message":"User authentication failed."}}}

      Also, to validate the access tokens generated, we are using the call 

      curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <>" -H "client-id:<>" "https://api.stage.lithium.com/auth/v1/validate/oauth"
      This gives a success response again 

      {"response":{"httpCode":200,"message":"OK","status":"success","data":{"valid":true,"appId":<>,"lithiumUserId":<>}}}