This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Invalid access token when request to an Apigee API

Posted on 01-09-2019 05:00 AM
pavanalaxmik
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I'm getting invalid access token in response when get request send to an Apigee API. I'm using angular 6 which makes get request to Apigee API. For OPTIONS request, getting status OK 200, but when get request is sent it is throwing 401 unauthorized error.

Response shown in network :

{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}

error displayed in console:

7984-cors.png

I can see following in Trace:

7985-cors1.png

Also tried in Postman, there it is giving same invalid access token response.

@Siddharth_Barahalikar

1 2 5,415
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Maskiri PL, This error means that No Auth Header is found by Oauth policy.

{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}

Did you try calling the APIGEE Proxy URL directly from postman with Oauth token in header?

What is the other policy in the Trace? Is it from Fault rules? If yes, what is the Conditions mentioned for it?

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

That means the token is invalid!

(Maybe that was obvious to you)

WHY is the token invalid. There are several possibilities.

  1. you are passing no string, no token at all. When the OAuthV2/VerifyAccessToken policy is invoked, it looks in the Authorization header. If you don't pass one, then a null value is returned and the policy will throw this "invalid access token" error.
  2. You are setting the Authorization header to a value that does not conform to the pattern "Bearer TOKEN_GOES_HERE". The Bearer string is fixed, required and is case sensitive.
  3. You have configured your OAuthV2/VerifyAccessToken policy to look in a header other than Authorization, or a different variable , and THAT variable is not set correctly.
  4. You are passing a true access token in the correct form, in the correct header, but ... the API Proxy is not included in any API Product for which the token is valid.

The first case is probably most likely.

If you simply send a GET request, chances are there is no authorization header.

If your proxy uses a OAuthV2/VerifyAccessToken policy, then it implicitly expects an inbound Authorization header. Therefore, you get the error.

The fix is to make sure you are passing a header of the correct form, with a valid token.

If you are now wondering "how can I get a token?" ... try this video.