Hello,

I've obtained an access token via OAuth. When I use that access token to make a call to a custom Apex REST class I receive the error below:

[{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}]

The strange thing is if I try to get a session ID using an username/password with SOAP API, I receive a valiad session ID and I am able to use it in my application. For security reasons, I don´t wat to store username and password in my app, so I am going to the OAuth Authentication.

Below are the steps that I am following to authorize the access: (I have omitted the last characters of the tokens and codes.)

1) Get the authorization code: 

https://na15.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9A2kN3Bn17htJ...

&redirect_uri=https://www.exior.com.br

2) Get the session ID and refresh token: (Method POST)

Request:

Endpoint:

https://na15.salesforce.com/services/oauth2/token

Header:

Content-type: application/x-www-form-urlencoded

Body:

grant_type=authorization_code&code=aPrxMZkm7lCkgfTjSLFeTxyHVa55QG9Gpj8v6YpU6QMRHwCgwpcOuVi5feu66Rcn4IDpaXXXXX%3D%3D&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX &client_secret=77219427916XXXXXXXX&redirect_uri=https://www.exior.com.br

Response:

<Response xmlns="https://na15.salesforce.com/services/oauth2/token">

<access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token> <id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id>

<instance_url>https://na15.salesforce.com</instance_url>

<issued_at>1373031879062</issued_at> <refresh_token>5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX</refresh_token> <scope>refresh_token</scope>

<signature>FRS81Y6zTT5kMinx0SZugV18POV4VwQOg1KgXTyXXXXX</signature> </Response>

3) Use the refresh token to get a new session ID: (Method POST)

Request:

Endpoint:

https://na15.salesforce.com/services/oauth2/token

Header:

Content-type: application/x-www-form-urlencoded

Body: 

grant_type=refresh_token&client_id=3MVG9A2kN3Bn17htJkkaw42HqCS3pFMwu7ccGARiPuX.LpTrz9D1x4ugq_DHyPSTPP2botyAx8c.02.YXXXXX&client_secret=77219427916XXXXXXXX&refresh_token=5Aep861z80Xevi74eUm_l7LnvGMm1nrPXfF_JmNfABiGpb0DBP6O4qSboHB9ZZnxpUeErpFgrQl5So9ZgMXXXXX

Response:

<Response xmlns="https://na15.salesforce.com/services/oauth2/token"> <access_token>00Di0000000abPx!AQYAQM4Nyzez6GRtdtn0L76pjODKcgZJY.jKWZ.QeM60uuffkZyIMH_AS8pokvWSAMm8JY5K6DaiqM9ISd64MyjjMKjXXXXX</access_token> <id>https://login.salesforce.com/id/00Di0000000abPxEAI/005i0000000w9RpAAI</id> <instance_url>https://na15.salesforce.com</instance_url> <issued_at>1373031978095</issued_at> <scope>refresh_token</scope> <signature>Nf210fXLTsUkWAaE3ACeo8KprYaEFOHs3psVgLyXXXXX</signature> </Response>

When I try to use the session ID received with the "authorization_code call" or"refresh_token call" I receive the error [{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}].

Below is how I am using this session id in my application:

public String ValidaCredenciais(String Usuario, String Senha, String SessionId) {

HttpRequest req = new HttpRequest();         

Http http = new Http();         

req.setMethod('POST');         

req.setEndpoint('https://na15.salesforce.com/services/apexrest/validalogin');         

req.setBody('{"usuario": "' + Usuario + '", "senha": "' + Senha + '", "orgId": "' + System.Userinfo.getOrganizationId() + '"}');

req.setHeader('Content-Type', 'application/json');

req.setHeader('Authorization', 'OAuth ' + SessionId);

HTTPResponse resp = http.send(req);

String RetornoValida = resp.getBody();    

return RetornoValida;

}