InvalidClientIdentifier when request Access Token

I already have a developer account and follow the documentation when request access token from here

Generally what I am going to achieve is to access my own accounts data.

Is there a problem with my developers account

@Bobby_Mahallati ,

More often than not, this question comes from misunderstanding the oauth flow. You’ll first get an authorization toke. That token is not your access token. You’ll us that auth token (good for about five minutes) to get your access/refresh token pair. The access token will be good for 24 hours. The refresh token is good for either 3 or 6 months (I forget which as it’s changed a number of times). I’ll place my video on this below, but if you’re only accessing your own app, you may want to go for using the api token rather than oauth…before you ask, no, it’s not going to be sunset anytime soon.

@John_Borelli I did try generating access token using api access via and get access and refresh token with client_id and _client_secret generated from developers account and it successfully response with access_token and refresh_token.

But when I request access_token using the rest api with same client_id and client_secret it says

“error”: “invalid_request”,
“error_description”: “Invalid Authorization Code”

I tried to follow the documentation here Getting Started with OAuth2 - Keap Developer Portal in section Access Token Request and all params is on body form data

You need to change the grant type to refresh_token

When refreshing the token it says
“error”: “InvalidClientIdentifier”,
“error_description”: “Invalid client identifier {0}”

Here’s the header params

in authorization I already did " Basic base64_encode(CLIENT_ID:CLIENT_SECRET)" still same error

Here’s the body params

the refresh_token is coming from base on generated token

I don’t think you’d need to base64 the basic auth and I think you’re supposed to include client secret with every call even when it’s not part of the oauth process. Regardless, I’ll paste a code segment below that I use often. It is easier to use the sdk for token management and then use straight curl calls for functions.

// php snippet for oauth process

if (!isset($_GET['code'])) { // either first run or access token
	if (isset($_GET['access_token'])) {
		file_put_contents('.oauth', $json);
		// write the above to a file
	} else {
		header('Location: '.$authURL);
} else {
	//echo $response;
	//header('Location: '.$tokenURL);

The refresh cycle runs on CRON every hour and checks for any token(s) that are 4 hours or less from expiring. Again, the refresh cycle works with the sdk and then any functional calls I normally use curl for

	$appObj=new iSDK();
	$appObj->setRefreshToken ($refreshToken);
	$appObj->setSecret (CLIENT_SECRET);
	$appObj->setClientId (CLIENT_ID);
	$appObj->setTokenEndpoint (TOKEN_URL);
	$appObj->setAuthEndpoint (AUTH_URL);

	$new = $appObj->refreshAccessToken ();

Just to make sure, because I am not that familiar with postman, did you really did a base_64 encode of the client_id + : + cielnt_secret? Also if you got a successful response on the refresh token and you didn’t notice, your current tokens will not work so you would need to request new ones.

1 Like

That was the answer, but I can’t still use the Access Token Request from here Getting Started with OAuth2 - Keap Developer Portal only use refresh token.