Sorry, you need to enable JavaScript to visit this website.

Oauth2 errors and troubleshooting guide

This page contains the list of errors and its explanation which helps the API consumers to understand more about the problem and helps to take an appropriate action.

Authorization request

401 Unauthorized - Invalid client id or secret

Please verify whether your application is subscribed to OAuth 2.0 Services. If it is subscribed, then make sure that you are passing the correct client id in the request.

Redirect URI mismatch

When requesting authorization, if you provide a “redirect_uri” which doesn’t match with the one registered with your application. You will see this error message.

To solve this error, either provide a correct redirect_uri (or) leave out this parameter to use the default one registered with your application.

Requesting access token

Invalid authorization code (grant type code flow)

The authorization code should be sent to token endpoint to get access token. Sending invalid authorization code (expired, invalid or posting code more than once) will result in below error.

Http status: 400 (Bad request)
{"error": "invalid_grant"}

To solve this problem, make sure that you pass the correct authorization code within the expiration time period of 5 minutes. Also make sure you are not calling token endpoint multiple times with same authorization code.

Note: we recommend you to add a slight delay of 1000ms before calling this endpoint. This delay will make sure the authorization code are synchronised across our servers.

Invalid refresh token

Sending invalid refresh token to get access token will result in the below error message.

Http status: 401 (Unauthorized)
{"error": "invalid_grant"}

To solve this problem, make sure you are passing correct refresh token.

The refresh token can be used once, using it more than once will result in same error message as above.

Invalid authorization header

Calling the token endpoint with invalid authorization header will result in the below issue.

Http status: 401 (Unauthorized)
{"error": "invalid_client"}

If you are getting this error, check your client id and client secret are correct. Also validate with oauth2 documentation on how to prepare the authorization header.

Grant type mismatch

When the ‘grant_type’ passed is not matched with the input passed. You will get this error.

Example: when grant_type=code, then you should pass authorization code in your request body. If you pass refresh token instead. You will end up in this error.

Http status: 400 (Bad request)
{"error": "invalid_request"}

To solve this issue, check oauth2 documentation. The input passed should be compatible with grant type value.

Unknown error – invalid input parameters

When you pass any of the input parameter invalid, then you will see this error message.

Example: passing invalid value for grant type.

Http status: 400 (Bad request)
{"error":"unknown "}

To solve this problem, check your input parameters are valid.

Requesting resource with access token

Access token invalid (401 Unauthorized)

The access token issue by the authorization server is valid for 1 hour. Passing expired (or) invalid access token while accessing resource will result in the below error.

{
  "httpCode": "401",
  "httpMessage": "Unauthorized",
  "moreInformation": "This server could not verify that you are authorized to access the URL"
}

To solve this problem, check the expiry time associated with access token. If access token is expired, use the refresh token to get new access token.

If you are still facing problem using the refresh token to get new access token, most probably the user consent has expired (or) revoked by the user.

You can re-initiate the consent flow by calling the /authorize endpoint.

How to check if the user consent expired (or) revoked?

You can check the status of the user consent using the consent detail API, by passing the “consentId” in path parameter and TTP certificate in header.

https://developer.rabobank.nl/reference/api-consent-details-service/1-0-11

If the consent status is “invalid” then the user should provide the consent again by re initiating authorization flow.

403 Forbidden

You will see this error message. when the access token passed in the request which doesn't contain the scope for the API you are requesting.

Example: Let's say you got access token for scope 'paymentRequest' and you are trying to access Account information API which requires scope 'ais.balances.read'. You will get this issue.

{
  "httpCode": "403",
  "httpMessage": "Forbidden",
  "moreInformation": "Internal Server Error"
}

To solve this problem, start the authorization flow with correct scope required for your API.

429 Too many request

There is a rate limit associated with each plan. if the number of calls exceeded the rate limit of plan you have subscribed, then you will get this error.

You can check the rate limit information in product documentation.