How can we make it easier for you to develop on top of Wild Apricot?

API V2 authorization "invalid_client" error

Hi, I'm trying to do v2 authorization (from Java), and getting an invalid client error.

My setup reads (edited for brevity):

HttpPost post = new HttpPost(AUTH_URL+"/auth/token");

post.addHeader("Content-Type","application/x-www-form-urlencoded");

post.addHeader("Authentication","Basic "+Base64.encodeBase64String("APIKEY:"+API_KEY));

List <NameValuePair> nvps = new ArrayList <NameValuePair>();

nvps.add(new BasicNameValuePair("grant_type", "client_credentials"));

nvps.add(new BasicNameValuePair("scope", "account"));

post.setEntity(new UrlEncodedFormEntity(nvps));This seems a perfect mirror of the php and c# samples, but in return, I'm getting the remarkably useful:{"error":"invalid_client","error_description":null,"error_uri":null} Any ideas?Thanks,GeePawHill

0 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    GeePawHillGeePawHill shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Resolved  ·  DmitryDmitry responded  · 

    The problem was caused by invalid header name.

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Whiterose1Whiterose1 commented  ·   ·  Flag as inappropriate

        Agreed: the login button gadget does not have an option to remove this (if it has I can't see it), and the form itself (on the Authorization Required system page) also has no such option.

        Adding features like this is good: but enabling them by default is not good.

        ________________

        white

      • GeePawHillGeePawHill commented  ·   ·  Flag as inappropriate

        Here's the current state of play.

        1) My original problem was trivial. I'm sure a WA developer would have spotted it instantly: used the wrong header Authentication vs. Authorization.

        2) Debugging that problem was a bear. I finally wound up using Fiddler to compare the two requests, which itself took several hours of coercing java to use a proxy w/o a security certificate.

        3) I'll announce elsewhere, too, but there's now a project on GitHub called WildApricotApiV2 which contains the in-progress code.

        Thanks to the couple of folks who checked with me offline about this, and I hope the new project will help someone else!

        GeePawHill

      Feedback and Knowledge Base

      Wild Apricot Inc. 144 Front Street West Suite 725, Toronto, Ontario, Canada M5J 2L7