Incorrect response status code for invalid POST request in API v2 token flow

(Gastón Avila) #1

I am rebugging some of my code and found that a
with the correct payload but an outdated refresh token gives me back a 200 OK response with the following payload

{u'error_description': u'Invalid refresh token.', u'error': u'access_denied'}

so clearly an error. Shouldn’t the status code be in the 40* range?


(Jared Dellitt) #2

Hey @Gaston_Avila, yes ideally this would be a 400 level error, but this endpoint is a remnant of our V1 API and is used by quite a few apps - which means changing it would break quite a few integrations.

If you’re using our V2 API, the status codes will be much more meaningful along with helpful error messages.

Thanks for the feedback!

(Gastón Avila) #3

The API v2 docs list this endpoint as the one to be used, see
so I’m not quite following… is this V1 or V2 ?

(Jared Dellitt) #4

I apologize - my response was confusing. /oauth/v2/token is/was part of our V1 API and we chose to re-use it for the OAuth flow in V2. Similar to the issue you mentioned, our V1 API returns 200 response codes even when an error occurred - where V2 does not. There is currently no other way to go through the OAuth flow.

Let us know if you have any other questions!

(Cory Anderson) #5

(Cory Anderson) #6

(Cory Anderson) #7