Cannot retrieve valid token

GT1GT1 Member Posts: 4

Hi,

Today I returned to a project that was being actively developed for approximately 4 months up until January. On returning to the project today I'm unable to retrieve a valid access token. Any attempt to authorise results in an invalid token.

In the following example I was using Postman to authorise and then call an API endpoint.

At the start of the process two URLs are logged:

GET https://test.lightspeedapis.com/resto/oauth2/v1/authorize?response_type=code&state=state&client_id=<CLIENT_ID>&scope=read%3Aorg&redirect_uri=https%3A%2F%2Fwww.kojo.co.uk%2Fauth&code_challenge=LpJtLE8onko6SjQ0ryvvMziRYjnW49kx4iWXWV9Ckug&code_challenge_method=S256

GET https://accounts.lightspeedappstg.com/?client_id=<CLIENT_ID>&response_type=code&response_mode=query&scope=openid+profile+email&redirect_uri=https://www.kojo.co.uk/auth&prompt=&state=state

This results in the Lightspeed sign-in screen being showed. On clicking "Sign in" the following two calls are logged:

POST https://accounts.lightspeedappstg.com/login

GET https://accounts.lightspeedappstg.com/consent?scope=openid+profile+email&redirect_uri=https://www.kojo.co.uk/auth&state=state&client_id=<CLIENT_ID>

Resulting in the screen being shown to allow or deny access. Allowing access results in two calls being logged:

POST https://accounts.lightspeedappstg.com/consent

POST https://test.lightspeedapis.com/resto/oauth2/v1/token

The response body of this final call includes an access token that I then immediately use as a Bearer token in the Authorization header to make a further call to the Lightspeed API. This results in a 401 response with a description of "Invalid token".

I have full logs available but this forum is not the place to share them.

I believe this to be the correct process, since exactly this process worked a month ago. Has our API access expired or become dormant? Have some other credentials changed?

Many thanks,

Gareth.

3 comments

  • Ali_MasoumieAli_Masoumie Moderator, Lightspeed Staff Posts: 137 moderator

    Hi @GT1 ,

    Can you try again?

  • GT1GT1 Member Posts: 4

    I am able to authenticate now thanks Ali.

    Has there been an API release to test? I notice there is a new globalId property being returned on by the /rest/core/company GET endpoint?

    Are there any other changes?

  • Ali_MasoumieAli_Masoumie Moderator, Lightspeed Staff Posts: 137 moderator

    We have recently added the globalId to the /company endpoint and also started to return tax information on the line items when tax classes are enabled.

Sign In or Register to comment.