Invalid client (401) when refreshing token

(Ankush Thakur) #1

Hello, I’m trying to refresh my API token using a PHP Laravel setup and am running into some problems. I’ve tried a lot of times, but I keep getting the invalid client (401) error. Now, I’ve made double-sure that the values stored in DB and env file are correct, but am likely not using something correctly.

How I began the process was by obtaining the access code through browser and then sending a CURL POST request from the registered domain’s command line. Once I have the access_token and refresh_token, I’m storing it in DB through seeder (this is a one time process), and then have a Cron job that goes:

$infs = InfsToken::find(1);

//if last updated + timeout > current time, update
$last_refresh_time = Carbon::parse($infs->updated_at)->addSeconds($infs->refresh_timeout);

if(Carbon::now() > $last_refresh_time) {
    $url = env('INFS_API_BASE_URL') . '/token';
    $auth_string = env('INFS_CLIENT_ID') . ':' . env('INFS_CLIENT_SECRET');
    $auth_string = 'Basic' . base64_encode($auth_string);

    $client = new \GuzzleHttp\Client();

    $requestBody = [
        'grant_type' => 'refresh_token',
        'refresh_token' => $infs->refresh_token,

    $response = $client->request('POST', $url, [
        'headers' => [
            'Authorization' => $auth_string
        'form_params' => $requestBody

    $responseBody = $response->getBody();

    $infs->access_token = $responseBody['access_token'];
    $infs->refresh_token = $responseBody['refresh_token'];


    Log::info('Got new token:' . $infs->access_token);

Please do help me as I’m feeling lost. Feel free to ask any questions or request more info. Thanks in advance!

Api Key Refresh
(John Borelli) #2

You need to call ->refreshAccessToken using the refresh token and then store the resulting new set of tokens for later.

(Ankush Thakur) #3

Hello, again! I’m actually using the REST API, and don’t want to use the PHP SDK. Is there an example somewhere where interaction via plain PHP code is given?

Another question: What should the headers look like when making REST calls? This isn’t specified in the REST documentation, except for the case of refresh token. If I can find that out, I might be able to dig around on my own. Use case: I want to send a CURL GET requests for /contacts from the command line.

(Ankush Thakur) #4

I realized I had forgotten the very important part of sending the request in the code I pasted! I’ve updated it.

(Ankush Thakur) #5

Well, thankfully, I was able to figure out the CURL part myself. I just had to do:

curl -G --data "access_token=my_access_token" I can live with this for now, but would really like to see what went wrong when trying to refresh my token.

(John Borelli) #6

REST refresh token docs are here:!/Authentication/permission_0_1

(Ankush Thakur) #7

Hmm, that doesn’t really help. Let me close this question and open a new one where I try to refresh a token from the command line.