Access Token Revoked Error

comfort · 3 January 2022 14:03

Hi there,

I’m trying to make some Stuart API requests and I keep getting an error:

message: “The access token was revoked”
error: “INVALID_GRANT”

I’m not sure what’s causing this problem, and so I’m unable to do anything with Stuart at the moment.
Kindly help.

Harold · 3 January 2022 14:56

The access token has a 30 days duration, so it must be renewed when it expires.
You can find all the information you need here.

Notice that our client libraries already take into account our authentication process. We strongly recommend to use one of them and open a pull request if it is missing anything, we will be reactive to any of your PR.

comfort · 3 January 2022 18:29

Thank you @Harold,
I’ll let you know if I encounter any problems

comfort · 4 January 2022 12:32

Hello again @Harold,

I just tried to renew my access token by following the given instructions, but I’m still getting an error. When I send a post request to https://api.sandbox.stuart.com/oauth/token, with all the required info in the body i.e client_id, client_secret, grant_type and api; I get this error:

{
    "error": "invalid_client",
    "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}

Could you please assist me with this.

Harold · 4 January 2022 13:45

Hello @comfort,

I think the error comes from the fact that the parameters should not be sent in the body, but in the header, as shown in the documentation:

curl --location --request POST 'https://api.sandbox.stuart.com/oauth/token' \
--data-urlencode 'client_id=[your_oauth_client_id]' \
--data-urlencode 'client_secret=[your_oauth_client_secret]' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=api'

Could you try again this way please?
Thanks in advance,

comfort · 4 January 2022 15:06

Hi @Harold,

I just tried placing them in the header, and I’m still getting the same error.

Would creating a new account help?

Harold · 4 January 2022 15:43

Hi,
Could you check that you are targeting the correct environment:
For sandbox:

you have access to the sandbox dashboard, and you are using the credentials found here.
you are targeting the sandbox environment (https://api.sandbox.stuart.com/oauth/token) with these credentials.

For production:

you have access to the production dashboard, and you are using the credentials found here.
you are targeting the production environment (https://api.stuart.com/oauth/token) with these credentials.

If it is still not working, can you please give me the email address you are using?
Could you also give me an example of the request you are sending (without the client_id and client_secret) ?

Thanks in advance,

comfort · 4 January 2022 17:59

Hi @Harold,

It finally worked. Turns out I was using production credentials for sandbox testing.

Thanks very much for the help!

Harold · 5 January 2022 08:11

Happy to help!

Have a nice day!

yacine007 · 9 August 2023 12:53

Hello @Harold !
I’m using the Integrations Middleware https://middleware-docs.stuart.com
Sandbox : **https://integrations.sandbox.stuart-apps.solutions/api**
Production : **https://integrations.stuart-apps.solutions/api**
Unfortenatually i’m facing the mentioned error :

{
    "error": "INVALID_GRANT",
    "message": "The access token was revoked"
}

while when i use **(https://api.sandbox.stuart.com/oauth/token)** for the sandbox or **https://api.stuart.com/oauth/token** for the production for example it works correctly

Daniel · 9 August 2023 14:09

Hi @yacine007

This would be because the Stuart API & integration middleware uses different access tokens.

You would need to use our POST - Get an oAuth2.0 access token endpoint while pointing to your desired integration middleware environment.

https://integrations.sandbox.stuart-apps.solutions/api/oauth/token or https://integrations.stuart-apps.solutions/api/oauth/token would be the correct URL depending on which environment you are requesting access to.

I hope this helps & please let us know if you require further assistance.

yacine007 · 9 August 2023 14:21

Hello @Daniel !
Thank you for your reply !
To be more specific I’m using the https://integrations.sandbox.stuart-apps.solutions/api/oauth/token or https://integrations.stuart-apps.solutions/api/oauth/token for refreshing tokens, but it results the above error.

Daniel · 10 August 2023 14:58

Hi @yacine007

Please make sure you are using the sandbox client ID & secret found here Stuart, while pointing to the Integration Middleware sandbox environment https://integrations.sandbox.stuart-apps.solutions/api/oauth/token

Alternatively, please make sure you are using the production client ID and secret found here Stuart, while pointing to the Integration middleware production environment https://integrations.stuart-apps.solutions/api

Please let me know once you have retested and can confirm the correct credentials is in use and is pointing to the correct environment or if you have any further issues.

yacine007 · 15 August 2023 11:37

Hello Daniel !
Thank you for replying !
Can you explain to me the main difference between https://integrations.stuart-apps.solutions/api and https://api.stuart.com and what is your recommendation because it’s not clear in the documentation.
Thanks

Daniel · 15 August 2023 14:59

Hi @yacine007

The Integrations middleware is a proxy of Stuart’s API which mirrors (proxies) its endpoints but intercepts certain endpoints to apply custom logic.

I would recommend using just the Stuart API, as you have the same capabilities required for your integration.

May I also ask why initially you wanted to use the middleware as this may help my recommendation?
Feel free to continue this discussion and provide details via direct messaging.