function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

OAuth problem

I use the password flow to get the access token like this:


curl -k -d "grant_type=password" -d "client_id=[clientid]" -d "client_secret=[clientsecret]" -d "username=[myusername]" -d "password=[mypassword][mysecuritytoken]"


which returns




Then I do


curl -k -H 'Authorization: Bearer 00D...vZ1'


but I get this error response:


[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

curl: (6) Could not resolve host: Bearer
curl: (6) Could not resolve host: 00D...vZ1'


Any idea of what is wrong?


Pat PattersonPat Patterson

Hi Ugo,


I think you need to put the URL last on the curl command line:


curl -k -H 'Authorization: Bearer 00D...vZ1'





Hi Pat,


I tried that but unfortunately it does not work either.



Pat PattersonPat Patterson

What error message did you get the second time? What OS are you on - Windows/Mac/Linux? (It makes a difference in the quotes).


I am running curl-7.30.0-ssl-sspi-zlib-static-bin-w32 under win7. Here is my exact command:


curl -k -H "Authorization: Bearer 00D...tep5" -X GET


which returns exactly the following


[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]


The same identical request information used under Workbench REST Explorer works just fine. So there is something wrong with the curl command I am using, but I cannot figure out what.

Pat PattersonPat Patterson

Hmm - tried to recreate, compensating for the different quoting on Mac OS X, but it just works:


$ curl -k -H 'Authorization: Bearer 00D...WWP' -X GET
{"address":{"state":"CA", ...LOTS MORE JSON...


Try verbose (curl -v ...) and see if there are any clues. In particular, look at how the Authorization header is being sent - check that the token is intact.


Also double check the instance - does it definitely say na15 in the OAuth response? Are you on the same IP address from which you authenticated?


I tried to get the access token using the username and password flow (instead of using the Web Server flow as I had been doing before), and then use the same curl request on the Chatter resource, and it worked.


Then I tried again my Web Server flow, and finally also that access token started to work with my curl request.


I have no clue of what might have caused it to start working. I read in another thread that somebody else noticed a similar erratic behavior ...

Michiel van FeliusMichiel van Felius

I know this is a very old topic, but still actual for me. I fixed is using double quotes(") arround the -H "Authorization:..." part. 

This sould work:
curl -k -H "Authorization: Bearer 00D...vZ1"

Hopefully this helps someone.

Niket ShahNiket Shah
@Michiel - it worked for me..thanks
Susannah PSusannah P
@Michiel- thanks so much, this was driving me crazy!!
Mike B 31Mike B 31
Wow, Michiel, thank you, tried everything, this needs to be updated and reflected in the apex web services trailhead
Eduardo AndradeEduardo Andrade
I've got through this problem from Trailhead too, thanks @Michiel :)
Peter SeynaevePeter Seynaeve
thanks michiel
Eduards SpilaEduards Spila
Problem still actual. Thank you Michiel for the solution.
Shridhar Mudalagi 4Shridhar Mudalagi 4
@Michiel - It worked for me too, thanks :-)
Joseph OlatiregunJoseph Olatiregun
Michiel's solution worked for me too. Thanks!