Re: Authentication - API inconsistent behavior ( wrong credentials accepted generating invalid token)

Anonymous
Not applicable

Authentication - API inconsistent behavior ( wrong credentials accepted generating invalid token)

Hi everyone, here the issue we're hitting.

We have 2 sandbox

Each of them has (by design)  different endpoints and different credentials to authenticate as described on http://developers.marketo.com/documentation/rest/authentication/

If we use the the endpoing of the sandbox A but the client id and secret of the sandbox 2 the token request succeed but the token is invalid

// TOKEN REQUEST 
https://ABC.mktorest.com/identity/oauth/token?grant_type=client_credentials&client_id=********&clien...
// RESPONSE
{     access_token: "81e05494-a776-42c0-935f-65b1d798b04d:ab",     token_type: "bearer",     expires_in: 2961,     scope: "***" }
----------------------------------------
// REQUEST
https://ABC.mktorest.com/rest/v1/activities/types.json?access_token=81e05494-a776-42c0-935f-65b1d798...

// RESPONSE
{     requestId: "*****",     success: false,     errors: [         {             code: "603",             message: "Access denied"         }     ] }   
Tags (2)
2 REPLIES 2
Kenny_Elkington
Marketo Employee

Re: Authentication - API inconsistent behavior ( wrong credentials accepted generating invalid token)

Access Denied does not indicate an invalid token, it means that the user associated to your service does not have sufficient permissions to undertake the action designated.  To access activities in your example, your would need the Read-Only Lead or Read-Write Lead permission.  You'll need to modify the associated role of your user so that it has the requisite permissions.

Anonymous
Not applicable

Re: Authentication - API inconsistent behavior ( wrong credentials accepted generating invalid token)

Hi Kenny, the strange thing is that the endpoing for the access token request belongs to another service, they're not related, so I'm trying to understand why I get a token instead of an error on the first request