Misbehaving REST API for inbound call using OAuth2

I have a client that is having problems accessing custom SF Rest API.

Login is successful using oauth2 token (services/oauth2/token) with grant_type = password. Attempt to access custom REST API using services/apexrest/myRESTInterface with received access_token & instance_url from login response, results in 403 (error code = MUTUAL_AUTHENTICATION_FAILED) from http POST of REST url.

Also, configured a connectedApp (restricted IPs) & profile for the login user.

Help ! I have checked thousands of settings & have performed a ton of googling. And, yep, not a premier customer either.

Here is some code ==>
1. Login call:
URL==> HTTPS://login.salesforce.com/services/oauth2/token

Payload ==> username=XXXXX%40myCompany.org&password=YYYYYYY&grant_type=password&client_id=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ&client_secret=NNNNNNNNNNN

2. Custom Rest Call (using access_code & instance_url from login response):
URL==> HTTPS://NA18.SALESFORCE.COM/services/apexrest/myRESTInterface
Header ==> Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X-PrettyPrint: 1
Payload ==> {"myPayload":["attribute1"]}

December 11, 2015
·
Answer
·
Like
1
·
Follow
3

pcon
This could be this issues [1]. I would try the password reset as recommended in Apex REST Method Considerations section of the Apex REST Methods document. If this does not fix your issue, is it possible that you have Mutual Authentication enabled [2] and are not properly passing the client certificate to verify?

[1] https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_rest_methods.htm
[2] http://docs.releasenotes.salesforce.com/en-us/winter14/release-notes/rn_186_forcecom_security_two_way_mutual_auth.htm