Expired token refresh returns 400 Bad Request, instead of 401?

Posted 8 months ago by Alan Ritchie

Post a topic
  • Topic is Locked
Alan Ritchie

Obtain a valid refresh token.

Call the /oauth/token endpoint with the token. It succeeds with a 200 response
Repeat the call with the same refresh token, it now returns a 400 Bad Request response.

As the message body is well formed (and succeeded in the first request), but the refresh token is no longer valid having been used, I think the 400 response is misleading, and a 401 response would be more helpful for logging and fixing this error.

1 Votes


Sorted by

Ange Abou posted 8 months ago Admin

The change had been loaded in Prod last Friday (6 OCT). It should send error 401 in this case now. 

Thanks again for your request.

0 Votes


Ange Abou posted 8 months ago Admin

Thank you for submitting your feature request. Very appreciated!

The change has been approved, and we created an internal ticket to track it.

The Dev team is already working on it, and it will be released soon (in a couple of days) with the updated documentation of Cintoo API as well.

Thank you once again for your contribution, and we look forward to continuing to support your needs.

0 Votes