function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
PathikritPathikrit 

Testing Salesforce RestApi : INVALID_SESSION_ID

Hi,

I am facing an issue while testing a RestApi service using cURL. I am getting "INVALID_SESSION_ID" error everytime.

Here are the steps I followed:

1. Create a rest apex class.

@RestResource(urlMapping ='/Cases/*')
global class getCases
{
@HttpPost
    global static List<Case> fetchCase(String limits,Date startDate, Date endDate)
    {
        List<Case> lstCase;
        try
        {
           RestRequest req = RestContext.request;
           Integer intLimit = Integer.valueOf(req.params.get('limits'));
           DateTime strtDate = DateTime.valueOfGmt((req.params.get('startDate')).replaceAll('/','-'));
           DateTime enDate = DateTime.valueOfGmt((req.params.get('endDate')).replaceAll('/','-'));
           lstCase = [Select Id,OwnerId,CaseNumber from Case where createdDate>=: strtDate and createdDate<=:enDate limit :intLimit];
           return lstCase;
         }
         catch(Exception e)
         {
             system.debug('Exception'+e);
         }
           return lstCase;
      }
}
2. Create a connected app with Callback URL as "https://ap1.salesforce.com/services/oauth2/token"
3. Call the web service using cURL:
curl --form client_id=XXXXXXX.000XXXXXX --form client_secret=000999999--form grant_type=password --form username=gupta.pathikrit@domain.com --form password=*********** -k https://ap1.salesforce.com/services/oauth2/token
This call gave the access_token which I used to make a HTTP Post call:
curl https://ap1.salesforce.com/services/apexrest/Cases/ -H "Authorization: OAuth 00XXXXXPPP" -H "Content-Type:application/json" -d @C:\input.json -k

This is resulting in the following error:
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

Can anyone help me here?

Regards,
Pathikrit
Sonam_SFDCSonam_SFDC
Pathikrit,

Have you added the security token with the password when calling the webservice: 
curl --form client_id=XXXXXXX.000XXXXXX --form client_secret=000999999--form grant_type=password+ security token --form username=gupta.pathikrit@domain.com --form password=*********** -k https://ap1.salesforce.com/services/oauth2/token

reference: http://blogforce9.blogspot.in/2013/09/salesforce-rest-webservices-part-i.html
PathikritPathikrit
Hello Sonam,

Yes I have appended the security token with the password, (forgot to mention in the post though). I have also gone through the reference blog post but couldn't find any reason behind getting Invalid Session Id. I also tried from a Chrome extension called Postman and got the same error as before. 
AmandaSilberAmandaSilber
Hello, did you ever figure out what the problem was? I know it was almost a year ago, but hoping that you have some insight, I'm running into the same problem! 
David Ellis 24David Ellis 24

ALERT!!! I FOUND THE ANSWER!!!

I don't know what the above user's specific resolution was, but I can tell you that INVALID_SESSION_ID does not always mean INVALID_SESSION_ID. We are in the middle of testing an integration from a home-grown app to SFDC and after many successful tests, we started seeing this INVALID_SESSION_ID error. After much frustration researching any possible issues with authentication or sesssion timeouts, it was eventually discovered that the issue was caused by a ListException: List index out of bounds: 0 in the web service class. Once this was addressed, the INVALID_SESSION_ID was no longer a problem.

So, in the wise words of a old developer of whom no one now speaks, "Errors don't always mean what they say!"