Skip to Content
HelpIntegrationsAPI Auth Troubleshooting

API Auth Troubleshooting

invalid_client error when generating a token

If your Client ID and Secret are correct but you’re getting invalid_client or invalid_grant, check for character confusion when copying credentials from email. Common mix-ups:

  • Uppercase I (eye) vs lowercase l (ell)
  • Uppercase O vs digit 0 (zero)
  • Digit 1 vs lowercase l (ell)

Copy credentials from the source system directly (ScopeStack or your identity provider) rather than from an email, where proportional fonts make these characters indistinguishable. If in doubt, paste the value into a monospace text editor to verify each character.

invalid_grant — Most Common Cause

If you’re using Postman and selected “Password Credentials” in the OAuth 2.0 helper (Authorization tab > OAuth 2.0 > Grant Type dropdown), that is likely the cause.

Postman’s OAuth helper sends a redirect_uri parameter even for password grants. ScopeStack’s OAuth server rejects the request because password grants should not include redirects.

Option 1: Switch to Authorization Code in the Grant Type dropdown. This uses browser-based login and works with Postman’s OAuth helper.

Option 2: Bypass the OAuth helper entirely. Make a direct POST request:

  1. Create a POST request to https://app.scopestack.io/oauth/token
  2. Set Authorization tab to No Auth
  3. In Body tab, select x-www-form-urlencoded
  4. Add: grant_type=password, client_id, client_secret, username, password
  5. Click Send

For other invalid_grant causes (expired authorization codes, callback URL mismatches, wrong credentials), see the OAuth Token Errors table in the API Error Codes reference.

Missing Accept header

ScopeStack requires the Accept header on all API calls:

Accept: application/vnd.api+json

Omitting this header may produce unexpected response formats or errors.

”Resource not found” when it exists

Check your URL format. Most endpoints require the account slug:

https://api.scopestack.io/{account-slug}/v1/clients

Get your account slug by calling GET /v1/me after authenticating.

Authentication Endpoints

PurposeEndpoint
Authorization (browser login)https://app.scopestack.io/oauth/authorize
Get/refresh tokenhttps://app.scopestack.io/oauth/token
Verify token / get account infohttps://api.scopestack.io/v1/me
API documentationhttps://api.scopestack.io

HTTP Error Codes (401, 403, 422, etc.)

For a complete reference of all API error codes, causes, and solutions, see API Error Codes.

Still stuck? Contact ScopeStack support via chat or email. Include the exact error message, what you were trying to do, and whether you are using Postman, Workato, or custom code.

Last updated on
Service Account CredentialsAPI Error Codes