Thanks for your feedback!
EDIT
Why is my API returning an invalid token?
If your API has a token validation interceptor and when calling it, we receive the status code 401-Unauthorized, this indicates that the inserted token is invalid, this can be caused because:
-
It is wrong, expired or revoked
-
It does not have access to that resource/API
| The token validation interceptors are: OAuth, Access Token validation, JWT Validation, Client ID Validation, CSRF Validation, Time Token Validation, Digital Signature |
The response of the API call tells us which element carries the invalid token.
-
In the case of being the
access_token(expired/revoked/incorrect/no access to the called resource/not informed) the message will be:-
Access Token in the request, identified by HEADER access_token, is invalid. Check docs.sensedia.com
-
-
In the case of being the
client_id(expired/revoked/incorrect/no access to the called resource/not informed) the message will be:-
Client Id in the request, identified by HEADER client_id, is invalid. Check docs.sensedia.com
-
-
For the case of interceptors where the name of the element carrying the key (header, cookie, queryParam) is defined by the user, the message will be:
-
%s in the request, identified by HEADER %s, is invalid. Check docs.sensedia.com
-
In the General trace logs, we can find a more detailed breakdown of the error, indicating whether the token is wrong, expired, revoked or has no access to the resource.
-
If the token is wrong, expired or revoked, the trace will show the following log:
-
Access token in HEADER access_token HAS NOT BEEN FOUND (causes: is invalid, expired or revoked); rejecting call
-
-
If the token does not have access to the resource, the trace will show the following log:
-
Access token in HEADER access_token DOES NOT HAVE ACCESS TO THIS RESOURCE; rejecting call
-
Share your suggestions with us!
Click here and then [+ Submit idea]