You need to sign in to do that
Don't have an account?
joshr
Invalid Session Id For REST API
I've obtained an access token via OAuth. When I use that access token to make a call to a custom Apex REST class, I get back a 401 Unauthorized with the response body of
<?xml version="1.0" encoding="UTF-8"?><Errors><Error><errorCode>INVALID_SESSION_ID</errorCode><message>This session is not valid for use with the REST API</message></Error></Errors>
I've verified that the user I've authenticated with has API access. The user has a Sys Admin profile so full access to everything in the org.
Does anyone have any thoughts on why I might be receiving this error?
Try removing the scope=refresh_token from the initial request URL and see how that works.
All Answers
Hello joshr.
I am receiving the same error "This session is not valid for use with the REST API" when authenticating with OAuth. Did you solve this problem?
Thanks,
Rafael
I did. For my case, if I recall correctly, it was the wrong grant type in the initial request for a token. Can you post the URL strings you're using when making your requests? I'll compare that against what we eventually ended up using and see if there are differences.
Thanks for the return:
Here are the steps that I am following to authorize the access: (I have omitted the last characters of the tokens and codes.)
1) Get the authorization code:
https://na15.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX
&redirect_uri=https://www.exior.com.br&scope=refresh_token
2) Get the session ID and refresh token: (Method POST)
Request:
Endpoint:
https://na15.salesforce.com/services/oauth2/token
Header:
Content-type: application/x-www-form-urlencoded
Body:
grant_type=authorization_code&code=aPrxMZkm7lCkgfTjSLFeTxyHVa55QG9Gpj8v6YpU6QMRHwCgwpcOuVi5feu66Rcn4IDpaXXXXX%3D%3D&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX
&client_secret=77219427916XXXXXXXX&redirect_uri=https://www.exior.com.br
Response:
<Response xmlns="https://na15.salesforce.com/services/oauth2/token">
<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token>
<id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>
<instance_url>https://na15.salesforce.com</instance_url>
<issued_at>1373031879062</issued_at>
<refresh_token>5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX</refresh_token>
<scope>refresh_token</scope>
<signature>FRS81Y6zTT5kMinx0SZugV18POV4VwQOg1KgXTyXXXXX</signature>
</Response>
3) Use the refresh token to get a new session ID: (Method POST)
Request:
Endpoint:
https://na15.salesforce.com/services/oauth2/token
Header:
Content-type: application/x-www-form-urlencoded
Body:
grant_type=refresh_token&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX&client_secret=77219427916XXXXXXXX&refresh_token=5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX
Response:
<Response xmlns="https://na15.salesforce.com/services/oauth2/token">
<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token>
<id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>
<instance_url>https://na15.salesforce.com</instance_url>
<issued_at>1373031978095</issued_at>
<scope>refresh_token</scope>
<signature>Nf210fXLTsUkWAaE3ACeo8KprYaEFOHs3psVgLyXXXXX</signature>
</Response>
When I try to use the session ID received for both the "authorization_code" and "refresh_token" I receive the error [{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}].
Thanks in advance for the help.
Regards!
Try removing the scope=refresh_token from the initial request URL and see how that works.
Thanks, but same error here.
Below is how I am using this session id in my application:
public String ValidaCredenciais(String Usuario, String Senha, String SessionId) {
HttpRequest req = new HttpRequest();
Http http = new Http();
req.setMethod('POST');
req.setEndpoint('https://na15.salesforce.com/services/apexrest/validalogin');
req.setBody('{"usuario": "' + Usuario + '", "senha": "' + Senha + '", "orgId": "' + System.Userinfo.getOrganizationId() + '"}');
req.setHeader('Content-Type', 'application/json');
req.setHeader('Authorization', 'OAuth ' + SessionId);
HTTPResponse resp = http.send(req);
String RetornoValida = resp.getBody();
return RetornoValida;
}
That was what solved my issue. Are you sure the user you are logging in as has API access? Can you post your new requests and responses?
Hello Joshr. Thanks for the return.
Its working now. I did all the process again, getting a new authorization code and token and it worked. I guess that removing the attribute "scope" from the call is the solutin, but you have to start all the process again.
Thanks for yout help!