+ Start a Discussion
Cheryl JuddCheryl Judd 

Misbehaving REST API for inbound call using OAuth2

I have a client that is having problems accessing custom SF Rest API.  

Login is successful using oauth2 token (services/oauth2/token) with grant_type = password.  Attempt to access custom REST API using services/apexrest/myRESTInterface with received access_token & instance_url from login response, results in 403 (error code = MUTUAL_AUTHENTICATION_FAILED) from http POST of REST url.

Also, configured a connectedApp (restricted IPs) & profile for the login user.

Help !  I have checked thousands of settings & have performed a ton of googling. And, yep, not a premier customer either.

Here is some code ==>
 1.  Login call:
  URL==>  HTTPS://login.salesforce.com/services/oauth2/token

  Payload ==>  username=XXXXX%40myCompany.org&password=YYYYYYY&grant_type=password&client_id=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ&client_secret=NNNNNNNNNNN

 2. Custom Rest Call (using access_code & instance_url from login response):
  URL==> HTTPS://NA18.SALESFORCE.COM/services/apexrest/myRESTInterface
X-PrettyPrint: 1
  Payload ==>  {"myPayload":["attribute1"]}
This could be this issues [1].  I would try the password reset as recommended in Apex REST Method Considerations section of the Apex REST Methods document.  If this does not fix your issue, is it possible that you have Mutual Authentication enabled [2] and are not properly passing the client certificate to verify?

[1] https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_rest_methods.htm
[2] http://docs.releasenotes.salesforce.com/en-us/winter14/release-notes/rn_186_forcecom_security_two_way_mutual_auth.htm
@Cheryl Judd, curious whether you tried the password reset, and whether it worked?
Pradheep KPradheep K
I faced the same issue and resetting password helped to resolve!