Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
OAuth 2.0 is a secure but complicated authentication pattern. Many customers report OAuth issues with their custom connectors because their services aren't implementing it correctly. Troubleshooting these issues is technical and it might help to have some background in how OAuth works.
Learn more about OAuth 2.0:
Limitations
- APIHub only supports the authorization code method of OAuth 2.0 configuration.
- Gateways don't support Microsoft Entra ID or OAuth.
Symptoms
- A connection is failing after X amount of time (where X is consistent).
- 401 unauthorized is returned when the custom connector is using OAuth.
Troubleshoot the OAuth flow
The problem almost always lies within the configuration of the custom connector or the third party service you're using. The first step is to walk through the OAuth flow with the third party service through Postman:
Call the token endpoint using the same client ID, client secret, and redirect URI (if used) as the custom connector.
- Verify the endpoint returns an access token.
- Does the endpoint return a refresh token? If not, verify the access token doesn't expire.
Call the API action using the access token.
Verify the token is inside the Authorization header prefixed by 'bearer'. Following is an example from Postman:
Verify the response is successful and the action succeeds.
If you have an expiring access token, call the refresh URL with the refresh token (or access token if you don't have the refresh token). Learn more about refresh tokens in the Microsoft identity platform.
- Verify a new access token is returned.
- If the refresh token expires, verify a new refresh token is returned.
Call the API with the new access token like in step 2.
- Verify the response is successful.
If you verified steps 1 through 4, then check the custom connector:
- Verify the client Id is the same as the client Id used in step 1.
- Verify the client secret is the same.
- Verify the token URL is the same.
- Verify the refresh URL is the same or, if not used, make sure it's the same as the token URL in this step.
Provide feedback
We greatly appreciate feedback on issues with our connector platform, or new feature ideas. To provide feedback, go to Submit issues or get help with connectors and select your feedback type.