Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

refresh token request results in invalid_request

Started by Wallace Turner -   in API Authentication

I am following 'Getting Started' in Postman.

The 'Refresh token' request is working 100% in Postman - I am using the "Code" button to execute the same request in C#

This results in an error:
{"error":"invalid_request"}

I am sure it is using the correct refresh_token - (the latest one)

The same request also fails when attempted with curl and wget

What can i try?

nb I have removed the client secret and refreshToken from below

var client = new RestClient("https://identity.xero.com/connect/token?=");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("grant_type", "refresh_token");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Cookie", "Device=7db7dcb0928a4259a1e3c9f7c2668afb; bm_sz=064E813CAC5D44EA4FBE0A4DDDCFC2E7~YAAQJN43F+jC7bd1AQAAwjGv2AkFTJkNoJdKhOuVwItMEYRHv2rmvQUW+h9cMlgB75ycm4lKSkWfOYa1JjHv9l26c21UAlzd3FQxY2uN8jzfj05srj3etdNNJGu6YGU9buSTedpjaH00Al6CzxIxr+MgKHQyjIHbEy57M72asr7v5Yqmpde0Ac4vxXdyKQ==; _gcl_au=1.1.246899077.1605658163; _fbp=fb.1.1605658163337.509878383; _gid=GA1.2.1727028737.1605658163; _ga_Q622B96ZEQ=GS1.1.1605658162.1.1.1605658197.0; _ga=GA1.2.766351251.1605658163; RT=\"z=1&dm=xero.com&si=fhok40heg0n&ss=khmng6v4&sl=1&tt=0&obo=1&ld=2wj&r=877b1643b39a8c25be7fb9c256cc2354&ul=7i9&hd=7ib\"; ak_bmsc=5972B4013574BBB7D9EAA0816C5A549C1737DE24947600003166B45FA4E17C23~plIXw4mDH7Earmi21xOFD4JuX5+tE5XUJkHa4PZ1AIr663S3vMgRELCpgQ8++9jmM4tRgb1ofYBabqJWGdzMeTfXVj0JLcuV+p9weihy7h+W5AGp5u6Xv9W6g8fjCV/3nsxmAzasqwDhC4FB17fpMrN3r7WY/ukQV+GjDIk9OwSF2yCtsg5kdK/1SM56KU8gZ/88FoScXTInuq6QDcGvFlDCDyd9nohkDGtxjD5d+TuLR9rXz5EkGiX0lLoTJ0wXpG; _abck=113595CE4BED5E7EAFB4CE59F0A43DC9~-1~YAAQLd43F2kTP8F1AQAADIKw2ASTmmhXdg6ajQUfOIVsJheZkNvALaMB0ghKy015XSSuabij86ctTx6nGO7u2T29cFCSDTmSDuBxHMX2DgLUCa7OMs5zShQNmNaQ2T6EKPlb0B8sX+qL/Rb4L48O+iniMmjEt5c7wklKQ1Fsbtm278UK6tgj4Nh0QGwoNyFMnCpM2Nv//wSMW0lmUZb5JYhyPPMcMkz6ol5e0596yQpypTttGntubB/KhUzqZdsLlyZfRkEMlVCVUm3WZug8RAywQOeEbbgdI4kVYxlTrU6s847oRHKv92mLeRTxiqBChY3ymOiOCaxTweo66f2xzRid8AA=~0~-1~-1; bm_sv=50DA147021CFCAF3D5BEBB2DFD6D813D~J2oBja51snLZO9ja2mg1A7rUC2p6qdD6erSHnhsmd773E4hH4LV1ciElSlFexnk043xm+Pxa3TxWzknNIuBTWlZTMzcvxmAAOTb8SvC5a+2hB46P2xKsow3W4kFTmqj9wR6fA7BMxLwN4mIV9iegSsyGZ7ZdqDq1JXUUF1+bTk0=");
request.AlwaysMultipartFormData = true;
request.AddParameter("grant_type", "refresh_token");
request.AddParameter("refresh_token", "removed");
request.AddParameter("client_id", "001008248527470FBFC083C691424C90");
request.AddParameter("client_secret", "removed");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
this is caused by this line
>request.AddHeader("Content-Type", "application/json");

If you remove this line it works - this header should be removed from your postman examples - its likely postman ignores this which is the reason it works in Postman but then fails everywhere else

setting this header is wrong as it should be 'multipart/form-data' not json
 

Wallace Turner  

Thanks for the update Wallace.. We are currently working on refreshing the postman examples so getting started should be much easier..

Appreciate you re-posting what solved it!
 

Christopher Knight (Xero Staff)