function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Testing Salesforce RestApi : INVALID_SESSION_ID


I am facing an issue while testing a RestApi service using cURL. I am getting "INVALID_SESSION_ID" error everytime.

Here are the steps I followed:

1. Create a rest apex class.

@RestResource(urlMapping ='/Cases/*')
global class getCases
    global static List<Case> fetchCase(String limits,Date startDate, Date endDate)
        List<Case> lstCase;
           RestRequest req = RestContext.request;
           Integer intLimit = Integer.valueOf(req.params.get('limits'));
           DateTime strtDate = DateTime.valueOfGmt((req.params.get('startDate')).replaceAll('/','-'));
           DateTime enDate = DateTime.valueOfGmt((req.params.get('endDate')).replaceAll('/','-'));
           lstCase = [Select Id,OwnerId,CaseNumber from Case where createdDate>=: strtDate and createdDate<=:enDate limit :intLimit];
           return lstCase;
         catch(Exception e)
           return lstCase;
2. Create a connected app with Callback URL as ""
3. Call the web service using cURL:
curl --form client_id=XXXXXXX.000XXXXXX --form client_secret=000999999--form grant_type=password --form --form password=*********** -k
This call gave the access_token which I used to make a HTTP Post call:
curl -H "Authorization: OAuth 00XXXXXPPP" -H "Content-Type:application/json" -d @C:\input.json -k

This is resulting in the following error:
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

Can anyone help me here?


Have you added the security token with the password when calling the webservice: 
curl --form client_id=XXXXXXX.000XXXXXX --form client_secret=000999999--form grant_type=password+ security token --form --form password=*********** -k

Hello Sonam,

Yes I have appended the security token with the password, (forgot to mention in the post though). I have also gone through the reference blog post but couldn't find any reason behind getting Invalid Session Id. I also tried from a Chrome extension called Postman and got the same error as before. 

Hello, did you ever figure out what the problem was? I know it was almost a year ago, but hoping that you have some insight, I'm running into the same problem! 
David Ellis 24David Ellis 24


I don't know what the above user's specific resolution was, but I can tell you that INVALID_SESSION_ID does not always mean INVALID_SESSION_ID. We are in the middle of testing an integration from a home-grown app to SFDC and after many successful tests, we started seeing this INVALID_SESSION_ID error. After much frustration researching any possible issues with authentication or sesssion timeouts, it was eventually discovered that the issue was caused by a ListException: List index out of bounds: 0 in the web service class. Once this was addressed, the INVALID_SESSION_ID was no longer a problem.

So, in the wise words of a old developer of whom no one now speaks, "Errors don't always mean what they say!"