1

I have created a connected app in which I have selected the OAuth Scopes "Access and manage your data (api)" and "Full access (full)" through the consumer key and consumer secret that was available in the new connected app, I have generated an access token.

But when I send a new put request to the RestResource that I have created in my sandbox instance, with the header key as "Authorization" and value as "Bearer my_access_token" I am receiving the below error.

[
  {
    "message": "Session expired or invalid",
    "errorCode": "INVALID_SESSION_ID"
  }
]

the url to which I am sending the request looks like this

https://my_instance_url/services/apexrest/CustomerAccountSync

I tried changing the way I send access token by adding "OAuth" instead of "Bearer" in the header. But I am still receiving the same error response.

Can anyone please let me know why this is happening? I am using "Insomnia" to make the API call.

Akshay Vasu
  • 445
  • 1
  • 12
  • 33
  • Do other API calls work OK? Like `/services/data/v50.0/query?q=SELECT Id FROM Account LIMIT 5`? Are you using the instance url base that came back from login call? Maybe the profile needs rights to execute that Apex class, ask your SF admin to check. – eyescream Nov 05 '20 at 08:01
  • No, I again tried sending a get request with the above URL you have mentioned as https://my_instance_url/services/data/v49.0/query?q=SELECT Id FROM Account LIMIT 5. It still gave me the same error – Akshay Vasu Nov 05 '20 at 08:18
  • And you're sure you're sending to different endpoint? login call can go against generic `login.salesforce.com` or `test.salesforce.com`. But all requests after login need to use the `instance_url` that came back in the response, just like you have to use `access_token` from now on. It'll be in `https://mycompany.salesforce.com` format so you need `https://mycompany.salesforce.com/services/data/v50.0/query?q=SELECT Id FROM Account` – eyescream Nov 05 '20 at 13:15
  • I was sending it to the instance URL that I was seeing that I used to see when I login to my instance i.e https://mycompany.salesforce.com/ but I was supposed to send it to the instance URL that I received in the response that I got while generating the access token. Which was https://mycompany.my.salesforce.com/. When I did that, it worked. It was the endpoint issue. – Akshay Vasu Nov 05 '20 at 13:49
  • Can you put the above comment as answer. So that I can accept it as the answer. – Akshay Vasu Nov 05 '20 at 13:50

2 Answers2

3

And you're sure you're sending to different endpoint? login call can go against generic login.salesforce.com or test.salesforce.com. But all requests after login need to use the instance_url that came back in the response, just like you have to use access_token from now on.

It'll be in https://mydomain.my.salesforce.com format so you need https://mydomain.my.salesforce.com.salesforce.com/services/data/v50.0/query?q=SELECT Id FROM Account

Bit more info how to test: https://stackoverflow.com/a/63255845/313628

Documentation: https://developer.salesforce.com/docs/atlas.en-us.api_iot.meta/api_iot/qs_auth_access_token.htm (it's from different REST API but same idea applies)

eyescream
  • 18,088
  • 2
  • 34
  • 46
  • 1
    Anybody reading this answer in 2023 - "enhanced domains" update changes the format of the urls. But the logic stays the same. DO NOT hardcode urls in your integration. Use what's coming back from the successful login() call. – eyescream Jan 08 '23 at 08:07
0

I faced same issue on Postman web, and fixed using the way: enter image description here

Nur Uddin
  • 1,798
  • 1
  • 28
  • 38