question

deepseed avatar image
deepseed asked David Marginian edited

OAuth 2.0 API Token Request - 400 Error

When I go through the OAuth 2.0 process for a new user of my web app, I occasionally get a 400 error in "Step 3: Request an API token". The API is very simple so I cannot explain why it works most of the time but occasionally fails.

I'm calling the API from a server (Node.js), not from the web app. In my REST Configuration in the Clover Developer portal, the Default OAuth Response is set to 'Token'. The API call uses the following URL format:

https://www.clover.com/oauth/token?client_id=MCG1EPP7NVTQ4&client_secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&code=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz

I cannot recreate this problem with my production Clover account, and I have not found any pattern with users that get the 400 error. Their verification code value looks to be valid, the API call looks to be correctly formatted.

Could there be a timing issue in play here? I request the token immediately after I receive the code, so is a short delay needed before the Clover API is ready to handle the token request?

Any ideas would be helpful. I'm losing business because of this issue.


OAuthAPI Tokenaccess token
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered David Marginian edited

Looking at the logs you make multiple requests with the same code. You can only use a code ONE time. All subsequent requests will fail with a 400. It appears you are trying to re-auth every time with the same code, that isn't going to work.

10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

deepseed avatar image
deepseed answered David Marginian edited

Thank you for your quick response, David!

After the error occurred, I manually tried to recreate the problem using Postman. That's why you saw so many repeat calls in the logs. However, the initial error occurred on the server, so perhaps there was an unhandled error in my code that caused the token request to be retried -- which would have triggered the 400 error.

I'll add more logging to my server code to get more details if this happens again. Thank you again for your help!

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Just FYI - I looked at all auth calls your app has made over the last 6 weeks and ALL of the 400s are a result of using the same code. These are not always back-to-back calls, sometimes there is 40+ minutes in-between the calls (and you are using the same code for each).

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community