function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
joshrjoshr 

Invalid Session Id For REST API

I've obtained an access token via OAuth. When I use that access token to make a call to a custom Apex REST class, I get back a 401 Unauthorized with the response body of 

 

<?xml version="1.0" encoding="UTF-8"?><Errors><Error><errorCode>INVALID_SESSION_ID</errorCode><message>This session is not valid for use with the REST API</message></Error></Errors>

 I've verified that the user I've authenticated with has API access. The user has a Sys Admin profile so full access to everything in the org.

 

Does anyone have any thoughts on why I might be receiving this error?

Best Answer chosen by Admin (Salesforce Developers) 
joshrjoshr

Try removing the scope=refresh_token from the initial request URL and see how that works.

All Answers

rafaferrerrafaferrer

Hello joshr.

 

I am receiving the same error "This session is not valid for use with the REST API" when authenticating with OAuth. Did you solve this problem?

 

Thanks,

Rafael
joshrjoshr

I did. For my case, if I recall correctly, it was the wrong grant type in the initial request for a token. Can you post the URL strings you're using when making your requests? I'll compare that against what we eventually ended up using and see if there are differences.
rafaferrerrafaferrer

Thanks for the return:

 

Here are the steps that I am following to authorize the access: (I have omitted the last characters of the tokens and codes.)

 

1) Get the authorization code: 

https://na15.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX

&redirect_uri=https://www.exior.com.br&scope=refresh_token

 

2) Get the session ID and refresh token: (Method POST)

 

Request:

 

Endpoint:

https://na15.salesforce.com/services/oauth2/token

 

Header:

Content-type: application/x-www-form-urlencoded

 

Body:

grant_type=authorization_code&code=aPrxMZkm7lCkgfTjSLFeTxyHVa55QG9Gpj8v6YpU6QMRHwCgwpcOuVi5feu66Rcn4IDpaXXXXX%3D%3D&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX
&client_secret=77219427916XXXXXXXX&redirect_uri=https://www.exior.com.br

 

Response:

 

<Response xmlns="https://na15.salesforce.com/services/oauth2/token">
<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token>
<id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>
<instance_url>https://na15.salesforce.com</instance_url>
<issued_at>1373031879062</issued_at>
<refresh_token>5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX</refresh_token>
<scope>refresh_token</scope>
<signature>FRS81Y6zTT5kMinx0SZugV18POV4VwQOg1KgXTyXXXXX</signature>
</Response>

 

3) Use the refresh token to get a new session ID: (Method POST)

 

Request:

 

Endpoint:

https://na15.salesforce.com/services/oauth2/token

 

Header:

Content-type: application/x-www-form-urlencoded

 

Body: 

grant_type=refresh_token&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX&client_secret=77219427916XXXXXXXX&refresh_token=5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX

 

Response:

 

<Response xmlns="https://na15.salesforce.com/services/oauth2/token">
<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token>
<id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>
<instance_url>https://na15.salesforce.com</instance_url>
<issued_at>1373031978095</issued_at>
<scope>refresh_token</scope>
<signature>Nf210fXLTsUkWAaE3ACeo8KprYaEFOHs3psVgLyXXXXX</signature>
</Response>

 

When I try to use the session ID received for both the "authorization_code" and "refresh_token" I receive the error [{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}].

 

Thanks in advance for the help.

 

Regards!
joshrjoshr

Try removing the scope=refresh_token from the initial request URL and see how that works.

This was selected as the best answer
rafaferrerrafaferrer

Thanks, but same error here.

 

Below is how I am using this session id in my application:

 

public String ValidaCredenciais(String Usuario, String Senha, String SessionId) {

        

HttpRequest req = new HttpRequest();         

Http http = new Http();         

req.setMethod('POST');         

req.setEndpoint('https://na15.salesforce.com/services/apexrest/validalogin');         

req.setBody('{"usuario": "' + Usuario + '", "senha": "' + Senha + '", "orgId": "' + System.Userinfo.getOrganizationId() + '"}');

req.setHeader('Content-Type', 'application/json');

req.setHeader('Authorization', 'OAuth ' + SessionId);

 

HTTPResponse resp = http.send(req);

String RetornoValida = resp.getBody();    

 

return RetornoValida;

 

}

 
joshrjoshr

That was what solved my issue. Are you sure the user you are logging in as has API access? Can you post your new requests and responses?
rafaferrerrafaferrer

Hello Joshr. Thanks for the return.

 

Its working now. I did all the process again, getting a new authorization code and token and it worked. I guess that removing the attribute "scope" from the call is the solutin, but you have to start all the process again. 

 

Thanks for yout help!