FAQ Authentication

Link to copy

How do I get an API access authorization token?

The Sage Active Public API V2 is secured by Oauth 2.0 authentication.

The example of obtaining a token is explained: How to find?

Http 403 error - Forbidden Access

If you receive a 403 Forbidden error, it indicates that the authenticated user for the API does not have access to Sage Active.
This situation can occur if the user has never logged into Sage Active.

img

Troubleshooting Steps:
  • Ensure that the user is authorized to use Sage Active.
    Permissions and access rights may need to be configured for the user account.
  • Verify that the user has logged into Sage Active at least once.

Http 400 error - Invalid request when get new access token

If the error invalid_request occurs when requesting a new access token:

img

Check the following points :
  1. CallBack URL

    Check that the CallBack URL mentioned in the Postman environment variable CallBackUrl is the same as the one of your application :
    img

  2. Client ID

    Check that the value filled in the Postman environment variable ClientId is the correct Client ID in your application. img

  3. Scopes

    Check that the scopes are not empty but filled in with RDSA and / or WDSA depending of the permissions defined in your application. img

  4. Code Challenge Encoding

    In case of a SHA256 encrypted Code Challenge, ensure it is properly encoded in Base64 format.
    A common mistake that leads to the invalid_request error is neglecting to encode the SHA256 encrypted value in Base64.
    This encoding is crucial as it converts the encrypted value into a URL-safe format, making it compatible for transmission during the authentication process.
    Key concepts / API - Authenticate (Single Page App)

Authentication failed

If this error occurs when requesting a new access token:

img

Check the following points :
  1. Check that the AuthUrl is the correct Auth URL.
  2. Check that the ClientSecret is the correct Client Secret in your application. img