Notifications

12 views

Description

A third party integration trying to retrieve OAuth token from the instance with a GET call fails with "access_denied"

Cause

To retrieve the token from the instance you can only make a POST call and not a GET call since you are passing data to the call like clientID, Client secret, grant type etc.

Resolution

Make a POST call instead of GET

Additional Information

Sending sensitive information over URI query parameters may lead to sensitive information disclosure by clients, the server, or any host between the requests.

Article Information

Last Updated:2019-10-31 09:04:05
Published:2019-10-31