function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Ken Gibson 15Ken Gibson 15 

curl returns session token which is immediately invalid

Good morning!

When I run the following command

curl -d "grant_type=password" -d "client_id=3MVG9jfQT7vUue.HI5A55FSLlIfXBOfWf4l6bdQyHB4_Z3H8bV_itfZVmljnrsiexgKzZYSoh1lqhS4" -d "client_secret=5061899374035891170" -d "username=ken.gibson@***" -d "password=***"

I get back 


Which looks like a successful response. If I follow that immediately by 

url -H 'Authorization: Bearer 00D5B000000D1Dp\!AQ8AQLY3VDQ2GBp_fw_W.kEmxxFs8wiLhhT26Q9olZ1mPA9B3geb22LShaZPaHoF1vgSJsgV9FYtiZqAVtgorQ1KIJY' -H "Content-Type: application-json" -d "@test.json"

I get

[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}

(Please note that all tokens have been horked to post here) 

Any idea why I'm not able to request REST resources with what appears to be a valid session key? Is there a way to force it to refresh? Please note I just changed my security token this morning.

Ken Gibson 15Ken Gibson 15
Here's the -v option just in case

curl ..... "Content-Type: application-json" -d "@test.json"
*   Trying
* Connected to ( port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *
* Server certificate: Symantec Class 3 Secure Server CA - G4
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> POST /services/data/v20.0/sobjects/Account/ HTTP/1.1
> Host:
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer 00D5B000000D1Dp\!AQ8AQLXPPYOY3VDQ2GBp_fw_W.kEmxxFs8wiLhhT2LShaZPaHoF1vgSJsgV9FYtiZqAVtgorQ1KIJY
> Content-Type: application-json
> Content-Length: 24

* upload completely sent off: 24 out of 24 bytes
< HTTP/1.1 401 Unauthorized
< Date: Fri, 17 Jun 2016 16:39:48 GMT
< Set-Cookie: BrowserId=55TVqpcqTkiV3wi01LRCmw;Path=/;;Expires=Tue, 16-Aug-2016 16:39:48 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< WWW-Authenticate: Token
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked

* Connection #0 to host left intact
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}
Daniel BallingerDaniel Ballinger
A bit of a long shot, but you appear to have picked up a '\' in your access token between the token response and subsequent request.
  • 00D5B000000D1Dp!AQ8AQLXPPYOY3VDQ2GBp_fw_W.kEmxxFs8wiLhhT26Q9olZ1mPb22LSha1vgSJsgV9FYtiZqAVtgorQ1KIJY
  • 00D5B000000D1Dp\!AQ8AQLY3VDQ2GBp_fw_W.kEmxxFs8wiLhhT26Q9olZ1mPA9B3geb22LShaZPaHoF1vgSJsgV9FYtiZqAVtgorQ1KIJY
It might just be an escaping requirement of your environment/curl.
Fatima 1Fatima 1
Hi @Ken Gibson 15,
were you able to resolve your issue.

I am facing similar issue. Please help.