Skip to content
Login
  • There are no suggestions because the search field is empty.

Troubleshooting ScopeStack API Authentication

Quick fixes for common authentication errors.

invalid_grant Errors

Error: invalid_grant

Description: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

Most Common Cause: Postman OAuth Helper Misconfiguration

If you're using Postman and selected "Password Credentials" in the OAuth 2.0 helper (Authorization tab → OAuth 2.0 → Grant Type dropdown), that's your problem.

Postman's OAuth helper sends a redirect_uri parameter even for password grants. ScopeStack's OAuth server sees this and rejects the request because password grants shouldn't have redirects.

The Fix

Option 1: Switch to Authorization Code in the Grant Type dropdown. This uses browser-based login and works with Postman's OAuth helper.

Option 2: Bypass the OAuth helper entirely. Make a direct POST request:

  1. Create a POST request to https://app.scopestack.io/oauth/token
  2. Set Authorization tab to No Auth
  3. In Body tab, select x-www-form-urlencoded
  4. Add: grant_type=password, client_id, client_secret, username, password
  5. Click Send

Other Causes

Cause

Solution

Callback URL mismatch

Your callback URL must exactly match what's registered for your client credentials.

Expired authorization code

Authorization codes expire quickly. Complete the token exchange promptly after receiving the code.

Wrong client credentials

Double-check your client_id and client_secret. Contact ScopeStack support if unsure.

401 Unauthorized Errors

This means your access token is missing, invalid, or expired.

Check

Solution

Authorization header missing

Add header: Authorization: Bearer {your_token}

Token expired

Use your refresh_token to get a new access_token

Token malformed

Make sure you're using the access_token value, not the entire JSON response

User account deactivated

The user account associated with this token was deactivated. Re-authenticate with an active account.

403 Forbidden Errors

This means your token is valid, but you don't have permission for the requested action. Unfortunately, the error doesn't specify which permission is missing.

Check

Solution

User role lacks permission

Check the user's role in ScopeStack. You may have read access but not write access for this resource type.

Wrong account

Call GET /v1/me to verify which account you're operating in. You might be authenticated to a different account than expected.

Resource in different account

The resource exists but belongs to an account your user can't access.

Token expired (edge case)

Sometimes expired tokens return 403 instead of 401. Try refreshing your token.

API Call Errors

"Missing Accept header" or unexpected response format

ScopeStack requires the Accept header on all API calls:

Accept: application/vnd.api+json

"Resource not found" when it exists

Check your URL format. Most endpoints require the account slug:

https://api.scopestack.io/{account-slug}/v1/clients

Get your account-slug by calling GET /v1/me after authenticating.

Quick Reference: Authentication Endpoints

Purpose

Endpoint

Authorization (browser login)

https://app.scopestack.io/oauth/authorize

Get/refresh token

https://app.scopestack.io/oauth/token

Verify token / get account info

https://api.scopestack.io/v1/me

API documentation

https://api.scopestack.io

 

Still stuck? Contact ScopeStack support via chat or email. Include the exact error message, what you were trying to do, and whether you're using Postman, Workato, or custom code