Response code 401 while retrieve an access Token

I’m trying to make a token request by calling by cUrl in POST and passing the parameters suchc as specified in the guide

To request a token i send the following values:

client_id => ‘my_app_key’ wich is the api_key taken from developer portal in myApps section
client_secret => ‘my_app_secret’ the api_secret taken from developer portal in myApps section
grant_type => ‘authorization_code’ such as specified in documetation is the only current valid value
code => ‘the_auth_code’ received from
redirect_uri => ‘my_calback_url’

Morover the headers are settedup to “Content-type: application/x-www-form-urlencoded” just as indicated in your documentation

now I’m expecting to catch the token in my callback url, but the call instead always response by code 401 and this response message

[error] => invalid_grant
[error_description] => Unable to authenticate username and password

so i’m unable to obtain the token.

here my PHP code that execute the request

 $params = array(
            'client_id' => static::$clientId,
            'client_secret' => static::$clientSecret,
            'code' => $code,
            'grant_type' => 'authorization_code',
            'redirect_uri' => $oAuthRedirectUri,

        $curl_headers = array(
            'Content-type: application/x-www-form-urlencoded',
$ch = curl_init("");
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

response = curl_exec($ch);

        if ($response == false) {
            $curlError = curl_error($ch);
            throw new Exception($curlError);


but, even if after the /authorize request i catch the code, when i use it to make the call to request a token i always get a code 401

i also tried to send params in json format with the content length within the headers,using the http_build_query($params), sending the authorization: Basic base64_encode(api_key:api_secret), and i can write a book with my attempts,but all of them have responded with the same invalid_grant error

Can anybody helps me?



there is a mistake in the official documentation, the request for token must be in GET and not in POST such as specified in docs.

We should not be allowing a GET to /token are you sure a GET is working. It really is supposed to be a POST. The error you are getting is hiding the real error due to a known issue on our side. That fix should be deployed soon so you get the real error, but usually the main mistake is not sending the same redirect_uri that was provided during the initial authorization step.