401 Unauthorized on /oauth2/token

I am having an issue retrieving access tokens with authorization_code grant type in production. My setup worked fine with the sandbox url & credentials but stopped working when I switched to production from the sandbox values. I’ve double checked the client_id & client_secret several times & tried with multiple generated codes (I also double checked that the code was being requested from the production environment) but was wondering if there is another setting I need to adjust on my developer account to allow this? Here is the request I’ve been sending & the response I’m getting any ideas on what I might be missing would be helpful!

Post URL: https://connect.squareup.com/oauth2/token
Request Body: {
“client_id”: “APPLICATION_ID_HERE”,
“client_secret”: “APPLICATION_SECRET_HERE”,
“code”: “CODE_FROM_AUTHORIZE_CALLBACK”,
“grant_type”: “authorization_code”
}

Response: {
“message”: “Not Authorized”,
“type”: “service.not_authorized”
}

I also tried using the Api Explorer and got the same 401 Unauthorized result

Found the issue! I didn’t realize the application secret under credentials & oauth are different - swapped the credentials application secret out for the one under oauth and now all works!

1 Like

Ma’am god bless you. Just ran into this same thing. Thank you for helping solve it.