You need to sign in to do that
Don't have an account?
Veera Goriparthi
Session expired or invalid
Hi,
I am using REST API call to get SF account details. I am able to get OAuth token, but when I use this token to get Account details it gives below rror.
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
Here is the flow
Request:https://ap1.salesforce.com/services/oauth2/token?grant_type=authorization_code&code=aPrxqJ8A8kLOza8Stjpv6sovqPjwgt9wJxzcIaPRsCnGPyxvpLJSOUhmEHkQ7qCNO84np7gXZQ%3D%3D&client_id=3MVG9ZL0ppGP5UrBx8LU.vAPd80ozIo4JMB66N3r1IPzsiMMPzIYm3pklapNDhi24wcd3Ik8JtlQZqr_opatH&client_secret=5390506801126798324&redirect_uri=https://local/user/connector/generic/redirectoauth
Response:
{"id":"https://login.salesforce.com/id/00D28000000KMl1EAG/00528000000MwpQAAS","issued_at":"1428631322872","scope":"id full custom_permissions api web openid visualforce refresh_token chatter_api","instance_url":"https://ap2.salesforce.com","token_type":"Bearer","refresh_token":"5Aep861TSESvWeug_wBae_.NiEYtLVbgA9FW1UDMAq7zqGYpEeyCgRS1jLbqFuSuC2vJd5RyDOmpU.pSPn.Q1zV","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjE5NCJ9.eyJleHAiOjE0Mjg2MzE0NDIsInN1YiI6Imh0dHBzOi8vbG9naW4uc2FsZXNmb3JjZS5jb20vaWQvMDBEMjgwMDAwMDBLTWwxRUFHLzAwNTI4MDAwMDAwTXdwUUFBUyIsImF0X2hhc2giOiJlbF9iOXBzSlJCMVFOMGI5cXJib0V3IiwiYXVkIjoiM01WRzlaTDBwcEdQNVVyQng4TFUudkFQZDgwb3pJbzRKTUI2Nk4zcjFJUHpzaU1NUHpJWW0zcHRsYXBORGhpMjR3Y2QzSWs4SnRsUVpxcl9vcGF0SCIsImlzcyI6Imh0dHBzOi8vbG9naW4uc2FsZXNmb3JjZS5jb20iLCJpYXQiOjE0Mjg2MzEzMjJ9.XXfxxvNwQgWrSP-eFoUhFbzDfqxsASntM1slTjhQXN_vgHAp-Wv0rJYBWg6QXcIWwQEsvfCAvGi9JkbRIZ5UYqLPSrnhxsje4StPfvwwHMBMarimqeKKWt24Xb6Hri0DMdp6FjN9y9RneJpVcZeLHbkFnOIUf11cgMk1d3kI9KrgmkoDn8TI1yfPU0NLbJtafnYw2S9cdHrcju31i-9eLjy-yeMrJtinS5TqUdWcalEL1uqZq_KGEnsWkmN8sjEaSgtCio33ZZwDL6IKTgdHeDZedEZfRqhUoyBni14qYdpRX9ANSd1B61HtCVLiAeetc156KB4KYr-oR0Byg7oqAswhU41OQ9RmNp5VDQVVKspgwImauJzhpLs59W64SH5dP
h4xn5SF7fCGK534idYP_HQOey2KxBNrS5ATOATbNHsDt0maztiPK0K8rNjjnARya8QCqPJoumeJddchsmYhMIWPrxtwzNdpPXMuSz3hY3xIALFf0cDW_OwBPWT4P3_KZqfE7w0lPihzwhTwHy4tSu_kq4t4ikMu-xc6TNkZoy4HJP_qNZ7f7CCENHvUHjF_vgjSqNcPVJnpp-g3ImN6eBbstsndoktkdxpSC8N34WyWwKxiC5S5NVtgJBbLI2J9Q8xdBvcArvvoANt6_nhjsDf6417kRstohZio1aOoSW8","signature":"3yrSoEaIoCEtGXZpMHaLnV8B6z/njamvHSPTOHUB9ME=","access_token":"00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd"}
token 00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd
Request:https://ap1.salesforce.com/services/data/v31.0/query?q=SELECT+Name+From+User+WHERE+Id='00528000000MwpQAAS'
Authorization:Bearer 00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd
Error while sending Salesforce request {}HTTP_401 : [{"message":"Session expired
or invalid","errorCode":"INVALID_SESSION_ID"}]
Thanks,
Veera.
I am using REST API call to get SF account details. I am able to get OAuth token, but when I use this token to get Account details it gives below rror.
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
Here is the flow
Request:https://ap1.salesforce.com/services/oauth2/token?grant_type=authorization_code&code=aPrxqJ8A8kLOza8Stjpv6sovqPjwgt9wJxzcIaPRsCnGPyxvpLJSOUhmEHkQ7qCNO84np7gXZQ%3D%3D&client_id=3MVG9ZL0ppGP5UrBx8LU.vAPd80ozIo4JMB66N3r1IPzsiMMPzIYm3pklapNDhi24wcd3Ik8JtlQZqr_opatH&client_secret=5390506801126798324&redirect_uri=https://local/user/connector/generic/redirectoauth
Response:
{"id":"https://login.salesforce.com/id/00D28000000KMl1EAG/00528000000MwpQAAS","issued_at":"1428631322872","scope":"id full custom_permissions api web openid visualforce refresh_token chatter_api","instance_url":"https://ap2.salesforce.com","token_type":"Bearer","refresh_token":"5Aep861TSESvWeug_wBae_.NiEYtLVbgA9FW1UDMAq7zqGYpEeyCgRS1jLbqFuSuC2vJd5RyDOmpU.pSPn.Q1zV","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjE5NCJ9.eyJleHAiOjE0Mjg2MzE0NDIsInN1YiI6Imh0dHBzOi8vbG9naW4uc2FsZXNmb3JjZS5jb20vaWQvMDBEMjgwMDAwMDBLTWwxRUFHLzAwNTI4MDAwMDAwTXdwUUFBUyIsImF0X2hhc2giOiJlbF9iOXBzSlJCMVFOMGI5cXJib0V3IiwiYXVkIjoiM01WRzlaTDBwcEdQNVVyQng4TFUudkFQZDgwb3pJbzRKTUI2Nk4zcjFJUHpzaU1NUHpJWW0zcHRsYXBORGhpMjR3Y2QzSWs4SnRsUVpxcl9vcGF0SCIsImlzcyI6Imh0dHBzOi8vbG9naW4uc2FsZXNmb3JjZS5jb20iLCJpYXQiOjE0Mjg2MzEzMjJ9.XXfxxvNwQgWrSP-eFoUhFbzDfqxsASntM1slTjhQXN_vgHAp-Wv0rJYBWg6QXcIWwQEsvfCAvGi9JkbRIZ5UYqLPSrnhxsje4StPfvwwHMBMarimqeKKWt24Xb6Hri0DMdp6FjN9y9RneJpVcZeLHbkFnOIUf11cgMk1d3kI9KrgmkoDn8TI1yfPU0NLbJtafnYw2S9cdHrcju31i-9eLjy-yeMrJtinS5TqUdWcalEL1uqZq_KGEnsWkmN8sjEaSgtCio33ZZwDL6IKTgdHeDZedEZfRqhUoyBni14qYdpRX9ANSd1B61HtCVLiAeetc156KB4KYr-oR0Byg7oqAswhU41OQ9RmNp5VDQVVKspgwImauJzhpLs59W64SH5dP
h4xn5SF7fCGK534idYP_HQOey2KxBNrS5ATOATbNHsDt0maztiPK0K8rNjjnARya8QCqPJoumeJddchsmYhMIWPrxtwzNdpPXMuSz3hY3xIALFf0cDW_OwBPWT4P3_KZqfE7w0lPihzwhTwHy4tSu_kq4t4ikMu-xc6TNkZoy4HJP_qNZ7f7CCENHvUHjF_vgjSqNcPVJnpp-g3ImN6eBbstsndoktkdxpSC8N34WyWwKxiC5S5NVtgJBbLI2J9Q8xdBvcArvvoANt6_nhjsDf6417kRstohZio1aOoSW8","signature":"3yrSoEaIoCEtGXZpMHaLnV8B6z/njamvHSPTOHUB9ME=","access_token":"00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd"}
token 00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd
Request:https://ap1.salesforce.com/services/data/v31.0/query?q=SELECT+Name+From+User+WHERE+Id='00528000000MwpQAAS'
Authorization:Bearer 00D28000000KMl1!ARAAQPLIuaRCKyXQPB1LDjuiF4Bg1QAVfzXNFpq7C4zYRVurh3JxqYpcu5IIf98P1XOB7oEwLkbSJwdq4Mc0pxkmaQCbjbgd
Error while sending Salesforce request {}HTTP_401 : [{"message":"Session expired
or invalid","errorCode":"INVALID_SESSION_ID"}]
Thanks,
Veera.
Two things -
1. I see that the instance URL returned along with the Access Token is: https://ap2.salesforce.com, but you are using ap1 in the final query request. You should use ap2 over there.
2. If the above still does not work then give a try with the endpoint as: http://ap2.salesforce.com/services/data/v31.0/sobjects/Account/00528000000MwpQAAS (http://ap1.salesforce.com/services/data/v31.0/sobjects/Account/00528000000MwpQAAS)
Thanks
AR
If the reply solves your problem then please mark it as best answer.
All Answers
Are you doing all this through Apex code (getting the code, then the access token and then making the call)?
Thanks
AR
See, I also faced this error when I tried to use 'Web Server OAuth Authentication Flow' programatically. Therefore I switched to 'Username-Password OAuth Authentication Flow'.
The difference in these two flows is that -
- The latter uses a User credentials who has API access to the Salesforce instance. The benefit it provides is that this user is used only for Integration purpose and therefore we can restrict the access it has to the SFDC objects etc.
- Using the latter approach, we do not require any web server redirection in place and the number of round trips are reduced by one because the extra trip of taking the authorization code and retrieving the access token is removed
These are the steps that you can implement for this flow ('Username-Password OAuth Authentication Flow') in your application to invoke REST Api -
1. Make a HTTP POST call to the endpoint: https://login.salesforce.com/services/oauth2/token with the following body -
String reqbody = 'grant_type=password&client_id='+clientId+'&client_secret='+clientSecret+'&username='+username+'&password='+password; Here, replace the clientId, clientSecret, username and password with the Connected App Consumer Key, Secret, SFDC Username and SFDC Password+Security Token
2. The response to this call will be the access token.
3. Use the access token to make the required GET call with the endpoint similar to: https://[SFDCOrg/services/data/v32.0/sobjects/Account/[AccountId]
4. The response is the JSON or XML (depending on Content-Type set by you) with the Account Details.
And you are done.
Thanks
AR
If the reply solves your problem then please mark it as best answer.
For your reference I am also pasting the APEX code that I used to make a REST API call from one SFDC Org to another SFDC Org.
Two things -
1. I see that the instance URL returned along with the Access Token is: https://ap2.salesforce.com, but you are using ap1 in the final query request. You should use ap2 over there.
2. If the above still does not work then give a try with the endpoint as: http://ap2.salesforce.com/services/data/v31.0/sobjects/Account/00528000000MwpQAAS (http://ap1.salesforce.com/services/data/v31.0/sobjects/Account/00528000000MwpQAAS)
Thanks
AR
If the reply solves your problem then please mark it as best answer.
I am a little unclear about the step on which you are receiving this error now. I am listing down the steps that are there in 'Web Server OAuth Authentication Flow'. Please let me know on which step you are getting the error now. (Also, check once that you are actually following this flow.)
1. Send request to end point https://login.salesforce.com/services/oauth2/authorize with the following parameters
response_type=code
client_id=[Consumer Key of the destination SFDC Instance]
redirect_uri=[Callback URL as mentioned in the Connected App record]
This should redirect you to the call back URL appended with the code.
2. Extract the code programatically from the call back URL.
3. Send request to end point https://login.salesforce.com/services/oauth2/token with the following parameters
grant_type=authorization_code
client_id=[Consumer Key of the destination SFDC Instance]
client_secret=[Consumer Secret of the destination SFDC Instance]
redirect_uri=[Callback URL as mentioned in the Connected App record]
code=[Authorization Code returned after Step 1 and extracted in Step 2]
If everything works fine then you should get a response that contains the access_token, instance_url etc. And I guess you are already getting this as per your initial question here.
4. Extract the access_token and instance_url.
5. Finally, make the required call to the end point extracted in Step 4 using the access_token extracted in Step 4.
Thanks
AR
I am also trying to authorize and getting same error. (Username-password authentication)
my curl command to authorize is:
curl https://na24.salesforce.com/services/data/v20.0/ -H 'Authorization: Bearer 00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3SgrIyher9mDTJ3PnjI6fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'
I received below response after username-password authentication:
{"id":"https://login.salesforce.com/id/00D1a000000Jb4ZEAS/0051a000000IWqcAAG","i
ssued_at":"1430255351114","token_type":"Bearer","instance_url":"https://na24.sal
esforce.com","signature":"9Bco9NuS98A+iQz2GnSPXOqIa0Anzr99zPNDxNQ1W3Q=","access_
token":"00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3SgrIyher9mDTJ3PnjI6fU_KN8pMbb
CKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x"}
Can you please tell me what is missing here?
Thanks,
Meenakshi
curl -k https://na24.salesforce.com/services/data/v32.0/sobjects/Account/0051a000000IWqcAAG' -H 'Authorization: Bearer 00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3SgrIyher9mDTJ3PnjI6fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'
What is the error that you are receiving?
Share the complete code that you are using to interface using Username-Password OAuth Authentication Flow.
Thanks
AR
Here is the complete request and response:
REQUEST:curl -k -v https://na24.salesforce.com/services/data/v32.0/sobjects/Account/
0051a000000IWqcAAG' -H 'Authorization: Bearer 00D1a000000Jb4Z!ARkAQChPkjf9B0psZY
Y7tQIJRl3SgrIyher9mDTJ3PnjI6fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'
RESPONSE:
* Connected to na24.salesforce.com (136.146.210.94) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2, TLS Unknown, Unknown (22):
* TLSv1.2, TLS handshake, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server hello (2):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, CERT (11):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server finished (14):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Client key exchange (16):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES256-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Salesforce.com, Inc.;
OU=Applications; CN=*.salesforce.com
* start date: 2014-10-21 00:00:00 GMT
* expire date: 2015-10-22 23:59:59 GMT
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of
use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 International Ser
ver CA - G3
* SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
* SSLv2, Unknown (23):
> GET /services/data/v32.0/sobjects/Account/0051a000000IWqcAAG' HTTP/1.1
> Host: na24.salesforce.com
> User-Agent: curl/7.42.0
> Accept: */*
>
* SSLv2, Unknown (23):
< HTTP/1.1 401 Unauthorized
< Date: Thu, 30 Apr 2015 20:14:43 GMT
< Set-Cookie: BrowserId=WzAVgL6hSaSgfnIBPg8IaQ;Path=/;Domain=.salesforce.com;Exp
ires=Mon, 29-Jun-2015 20:14:43 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< WWW-Authenticate: Token
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]* SSL
v2, Unknown (23):
* Connection #0 to host na24.salesforce.com left intact
* Rebuilt URL to: Bearer/
* Could not resolve host: Bearer
* Closing connection 1
curl: (6) Could not resolve host: Bearer
* Rebuilt URL to: 00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3SgrIyher9mDTJ3PnjI6
fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'/
* Could not resolve host: 00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3SgrIyher9mD
TJ3PnjI6fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'
* Closing connection 2
curl: (6) Could not resolve host: 00D1a000000Jb4Z!ARkAQChPkjf9B0psZYY7tQIJRl3Sgr
Iyher9mDTJ3PnjI6fU_KN8pMbbCKtYPSaZUwll.9St7WFjWqJtY0J5ld.3XTrBxp_x'
You must have created a connected app in Salesforce. Did you give appropriate access in it?
I have also used curl earlier and it works fine. Even today I am able to create or search Account records using it. Here are the URLs for your reference -
curl https://login.salesforce.com/services/oauth2/token -d "grant_type=password" -d "client_id=[replace with the Consumer Key from Step 1]" -d "client_secret=[replace with Consumer Secret from Step 1]" -d "username=[SFDC Username]" -d "password=[SFDC Password along with the security token]" (http://curl https://na12.salesforce.com/services/data/v20.0/sobjects/Account/ -H "Authorization: Bearer [sessionId from step 2]" -H "Content-Type: application/json" -d "@newaccount.json")
curl https://na24.salesforce.com/services/data/v20.0/sobjects/Account/ -H "Authorization: Bearer [sessionId from above URL]" -H "Content-Type: application/json" -d "@newaccount.json" (http://curl https://na12.salesforce.com/services/data/v20.0/sobjects/Account/ -H "Authorization: Bearer [sessionId from step 2]" -H "Content-Type: application/json" -d "@newaccount.json")
Here newaccount.json is a json file containing a new account record to be created like shown below -
{
"Name" : "Account From cURL using JSON"
}
Thanks
AR
http://stackoverflow.com/questions/6095352/salesforce-rest-api-invalid-session-id-error
I am calling
https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9eQyYZ1h89He3VvnqPCFegrhOQskN00qhVU4NN5hMcuseXkWModAtjOyf4Wltf4tg1h2ANobcOQJMDp.j
&redirect_uri=callbackurl
and I received the code in the response.
https://test.salesforce.com/services/oauth2/token?
code=aPrxMSH98lvEq.zZ9M9MaIy1f.bPLmczz5gjBYxuOw6SxoE9cnNB9Qp99.kL31BEwzA1b9SNwQ%3D%3D&grant_type=authorization_code&
client_id=3MVG9eQyYZ1h89He3VvnqPCFegrhOQskN00qhVU4NN5hMcuseXkWModAtjOyf4Wltf4tg1h2ANobcOQJMDp.j&client_secert=1078477293339379160&redirect_uri=callbackurl
When I call the second url usinf advanced RESRT client chrome plugin, I get
"error": "invalid_client"
"error_description": "invalid client credentials"
What am I doing wrong?
&redirect_uri=callbackurl from the java application requires the user to login into salesforce?