Skip to main content

Authentication Troubleshooting

This guide covers common authentication errors and their solutions. If you encounter an error not listed here, contact api-support@oneboxtm.com.

Common OAuth2 Errors

❌ Error: invalid_grant

Full error message:

{
  "error": "invalid_grant",
  "error_description": "User not validated"
}

Causes

  1. User/Channel not activated - Your channel has not been validated by Onebox
  2. Invalid channel_id - The channel_id provided does not exist
  3. Channel not associated - Channel exists but is not properly configured

Solutions

If you're setting up for the first time:

  1. Ensure you received credentials from Onebox technical team
  2. Verify you're using the correct channel_id provided in your credentials
  3. If you just received credentials, wait 5-10 minutes for system propagation

Still not working?

Contact api-support@oneboxtm.com with:

  • Your channel_id
  • Environment (test/production)
  • Full error response

❌ Error: Invalid JWT signature

Full error message:

{
  "code": "AUTH001",
  "message": "Invalid JWT signature"
}

Causes

  1. Wrong environment credentials - Using test credentials in production or vice versa
  2. Expired token - Token has exceeded 12-hour validity period
  3. Corrupted token - Token was modified or incorrectly stored

Solutions

1. Verify you're using the correct environment:

# Test Environment
OAuth URL: https://api.oneboxtds.net/oauth/token
API URL: https://api.oneboxtds.net/*

# Production Environment
OAuth URL: https://api.oneboxtds.com/oauth/token
API URL: https://api.oneboxtds.com/*

Rule: OAuth URL and API URL must match domains (.net or .com)

2. Check token expiration:

Tokens expire after 12 hours. Implement token refresh logic:

let token = null;
let tokenExpiry = null;

async function getValidToken() {
  // Check if token exists and is not expired
  if (token && tokenExpiry > Date.now()) {
    return token;
  }

  // Request new token
  const response = await fetch('https://api.oneboxtds.net/oauth/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({
      grant_type: 'client_credentials',
      channel_id: process.env.CHANNEL_ID,
      client_id: 'seller-channel-client',
      client_secret: process.env.CLIENT_SECRET
    })
  });

  const data = await response.json();
  token = data.access_token;
  // Set expiry with 5-minute buffer
  tokenExpiry = Date.now() + (data.expires_in - 300) * 1000;

  return token;
}

3. Verify token is not corrupted:

  • Do not manually modify the token string
  • Store token as-is from the OAuth response
  • Do not add/remove characters or whitespace
  • Check for proper URL encoding if passing in query parameters

❌ Error: Full authentication is required to access this resource

Full error message:

{
  "errorCode": "UNAUTHORIZED",
  "message": "Full authentication is required to access this resource",
  "httpCode": 401,
  "httpStatus": "UNAUTHORIZED"
}

Causes

  1. Missing Authorization header - Token not sent with request
  2. Wrong header format - Incorrect Bearer token format
  3. Token not obtained - Attempting API call before getting OAuth token

Solutions

1. Verify Authorization header is present:

CORRECT:

curl -X GET 'https://api.oneboxtds.net/catalog-api/v1/events' \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...'

WRONG - Missing Authorization:

curl -X GET 'https://api.oneboxtds.net/catalog-api/v1/events'

2. Check Bearer token format:

const headers = {
  'Authorization': `Bearer ${accessToken}`,
  'Content-Type': 'application/json'
};

Key points:

  • Starts with Bearer (with space after)
  • Followed by the access_token from OAuth response
  • No quotes around the token

3. Ensure OAuth flow is completed first:

// Step 1: Get OAuth token (MUST be done first)
const tokenResponse = await fetch('https://api.oneboxtds.net/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    grant_type: 'client_credentials',
    channel_id: '123',
    client_id: 'seller-channel-client',
    client_secret: 'your-secret-here'
  })
});

const { access_token } = await tokenResponse.json();

// Step 2: Use token in API calls
const apiResponse = await fetch('https://api.oneboxtds.net/catalog-api/v1/events', {
  headers: {
    'Authorization': `Bearer ${access_token}`
  }
});

❌ Error: invalid_client

Full error message:

{
  "error": "invalid_client",
  "error_description": "Bad client credentials"
}

Causes

  1. Wrong client_secret - The API key/client_secret is incorrect
  2. Wrong client_id - Using incorrect client_id value
  3. Credentials from wrong environment - Using test credentials in production

Solutions

1. Verify client_id:

For Seller Channel Clients, client_id should always be:

seller-channel-client

For Access Control Clients, check Access Control Authentication.

2. Verify client_secret (API Key):

  • Check for typos or copy-paste errors
  • Ensure no extra whitespace before/after the secret
  • Verify you're using the secret from the correct environment
  • Confirm the secret was not regenerated (ask technical support if unsure)

3. Double-check environment:

# Test credentials → Test URLs
https://api.oneboxtds.net

# Production credentials → Production URLs
https://api.oneboxtds.com

❌ Error: HTTP 403 Forbidden

Full error message:

{
  "errorCode": "FORBIDDEN",
  "message": "Access denied",
  "httpCode": 403,
  "httpStatus": "FORBIDDEN"
}

Causes

  1. Insufficient permissions - Your channel does not have access to this resource
  2. Event not associated - Trying to access an event not assigned to your channel
  3. API endpoint not enabled - Your channel plan doesn't include this API

Solutions

1. Event not assigned to your channel:

If accessing a specific event and getting 403:

  • The event may not be published for your channel
  • The event may be assigned to different channels only
  • Contact the event promoter or api-support@oneboxtm.com

2. API access not enabled:

Some APIs require specific permissions:

3. Production access before certification:

If getting 403 in production but test worked:

  • Ensure you completed certification successfully
  • Verify production credentials were provided
  • Check with api-support@oneboxtm.com

Testing Your Authentication

Quick Authentication Test

Use this curl command to test if your credentials work:

curl -X POST 'https://api.oneboxtds.net/oauth/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials' \
  -d 'channel_id=YOUR_CHANNEL_ID' \
  -d 'client_id=seller-channel-client' \
  -d 'client_secret=YOUR_CLIENT_SECRET'

Expected response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 43199,
  "scope": "api-channels-all api-gateway",
  "jti": "..."
}

Still Having Issues?

If you've tried the solutions above and still experiencing problems:

Before Contacting Support

Collect this information:

  1. Environment: Test or Production
  2. Channel ID: Your channel_id
  3. Error details: Full error response (JSON)
  4. Request details:
    • URL called
    • HTTP method
    • Headers sent (DO NOT include client_secret)
  5. Timestamp: When the error occurred

Contact Technical Support

📧 Email: api-support@oneboxtm.com

Subject: Authentication Error - [Your Company Name]

Include all information collected above in your email.