API Token stopped working

API Q&A
#1

We are trying to finish an API integration with our desktop app we built. As of two weeks ago we had no problem obtaining the token. However using all the same specs it stopped working this week. Has anyone else seen this?

Here is the response we are getting:
In the responding headers when I try to get an access token are the following
X-Error-Detail-Header: Account Inactive
X-Mashery-Error-Code: ERR_403_DEVELOPER_INACTIVE
X-Mashery-Responder:
prod-j-worker-us-west-1b-01.mastery.com

Any feedback is greatly appreciated!

#2

The ERR_403_DEVELOPER_INACTIVE message indicates that you have let your Token lapse; you likely need to re-authenticate and receive a new Refresh Token, then maintain that one via regularly scheduled refreshes so that you can generate Access Tokens.

#3

It was working just fine. Then we went on to work on something else for a few weeks, then came back to try to get another access token so we could test the refresh token code. Nothing in requesting the access token changed.
We can get an authorization code, but converting that to an access token fails. One note, the last time that it worked, we tried opening multiple apps using the same email and password at the same time. Is it possible that my IP address form where we are developing has been blocked, because the mashery server thinks we were trying to Spam it?

#4

What is your client_id?

#5

d24kwxpgr59dt4urmqunt3dt

#6

We discovered this morning through some tests that my developers ip address has been blocked by mashery. We need this resolved asap!! His ip address that needs to be unblocked is: 98.203.217.9

Due to all these delays we are on a tight deadline and need resolution on this asap.

Thanks for your help.

#7

In order for us to open up a case with Mashery we will need more information. Can you elaborate on how you determined this? Mashery will not typically block IPs without opening up a ticket with us first.

#8

All the errors and denials experienced were at my developers office. We had him come to our office and with the EXACT same code, execution, etc from our office IP it all worked perfect. The only thing we can conclude to cause this would be that his IP address is blocked.

#9

Where you able to get a tracert?

#10

Also if you are getting a response like below like your original post, then you are not blocked by Mashery. That is a response from Mashery. I did open a ticket with Mashery asking if they blacklisted the referenced IP. However it seems like that is not what is happening.

X-Mashery-Error-Code: ERR_403_DEVELOPER_INACTIVE

#11

tracert? are you referencing the auth code and token?

We were able to get everything from my office, but not from his.

#12

If it is not Mashery blocking us than is it Infusionsoft? Someone is blocking my developer.

  1. Every worked from my developers office a few weeks ago. Recently with the same code we get the errors I reference in my prior posts

  2. Everything works from my office with the same code, etc and we get everything correct and working as before.

  3. We tried it again at my developers office and again the same errors.

Any other ideas on what is causing these issues?

#13

tracert is a utility that traces the network hops to a given IP. It still is not clear to me what error you are getting at your developers office. If you are indeed getting a Mashery header that says ERR_403_DEVELOPER_INACTIVE then Mashery is not blocking you. Infusionsoft can’t be blocking you either because Mashery is a proxy and all calls to Infusionsoft originate from Mashery. We are most definitely not blocking Mashery :slight_smile:

  1. If the application running from your developers office is failing with a Mashery error and working at your office then something is configured differently somewhere.
  2. If you are getting a networking exception then I suspect something along the way network wise is the cause (firewall, DNS, ISP, etc).

Please confirm the exact error your developer is getting from their office.

#14

Here is the response:

This is from Postman after I got the Authorization Code and I trying to get the Access Token
Status: 401 Unauthorized
Body raw: {“error”:“invalid_client”}
Headers:
Cache-Control→no-store
Connection→keep-alive
Content-Length→26
Content-Type→application/json;charset=UTF-8
Date→Thu, 12 Jul 2018 00:13:24 GMT
Pragma→no-cache
Server→Mashery Proxy
WWW-Authenticate→Basic realm=“api.infusionsoft.com
X-Error-Detail-Header→Account Inactive
X-Mashery-Error-Code→ERR_403_DEVELOPER_INACTIVE
X-Mashery-Responder→prod-j-worker-us-west-1b-06.mashery.com

#15

Can you send me the post body, headers, and the url. Also **** out your client_secret if you are passing it in via query param or the basic auth header if you are going that route? Then PM me those values if possible.

#16

Source Code
FClientID = d24kwxpgr59dt4urmqunt3dt;
FClientSecret = ***********;
FAuthCode = erqk2jgcww9eh5w9qz5nhbf4; // as of the last response from the last request permission
FRedirect_uri := https://www.insurewithcompass.com;
FAccessTokenEndPoint = https://api.infusionsoft.com/token;
LClient := TRestClient.Create(FAccessTokenEndpoint);

LRequest := TRESTRequest.Create(LClient); // The LClient now “owns” the Request and will free it.
LRequest.Method := TRESTRequestMethod.rmPOST;
// LRequest.Client := LClient; // unnecessary since the client “owns” the request it will assign the client
LRequest.AddAuthParameter(‘code’, FAuthCode, TRESTRequestParameterKind.pkGETorPOST);
LRequest.AddAuthParameter(‘client_id’, FClientID, TRESTRequestParameterKind.pkGETorPOST);
LRequest.AddAuthParameter(‘client_secret’, FClientSecret, TRESTRequestParameterKind.pkGETorPOST);
LRequest.AddAuthParameter(‘redirect_uri’, FRedirectionEndpoint, TRESTRequestParameterKind.pkGETorPOST);
LRequest.AddAuthParameter(‘grant_type’, ‘authorization_code’, TRESTRequestParameterKind.pkGETorPOST);
LRequest.Execute;

This works at the office
This does not work at the development station at a different location (however it did work up until recently)

#17

Not sure if this code is just a sample, but if this is really what is being used you can’t hard code an authorization code. They are single use. It looks like the language is Delphi (which I am not familiar with), but that is the only thing sticks out to me.

I took those exact values, but with a new authorization code and it worked just fine.

Here is the curl of it:

curl -X POST \
  https://api.infusionsoft.com/token \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Postman-Token: c91cb4fe-f68a-4755-8306-baaa03ad0e34' \
  -d 'client_id=d24kwxpgr59dt4urmqunt3dt&client_secret=*******&code=*********&redirect_uri=https%3A%2F%2Fwww.insurewithcompass.com&grant_type=authorization_code'

And the response:

{
    "access_token": "**********",
    "token_type": "bearer",
    "expires_in": 86400,
    "refresh_token": "*********",
    "scope": "|soberscene.infusionsoft.com"
}
#18

Also it looks as if you are using the API to access your own data. If that is true you can just go to Account Central and get an Access Token and Refresh Token by plugging in your client_id and client_secret in to the API Access Section

#19

So does that mean we cannot use the REST? and must use the XML-RPC?

Using XML-RPC:
We are getting the response ‘failed to parse XML-RPC request: Premature end of file’
Fault code 0

Also on Account Central I do not see an API section (see attached screenshot)

2018-07-11%20(2)
2018-07-11 (2).png1920×1080 132 KB

#20

Not sure what you mean about REST vs XML-RPC. You are having issues even getting an access token. Once you have the token you can use either REST or XML-RPC. I looks like you are a Partner. We don’t have the API section exposed to partners right now :frowning: