Refresh token API responding with 403: Forbidden

We are able to add a Coinbase account. But when the access token expires after 2 hours, on calling the refresh token API (https://api.coinbase.com/oauth/token), we get a 403: Forbidden error response. This happens with every request. The only solution is to reconnect the account again from scratch.

Below is the response that we receive from the API. We have confirmed that the access token & refresh tokens are being correctly sent & received. Please advise. Thanks.

response: {
status: 403,
statusText: ‘Forbidden’,
headers: AxiosHeaders {
date: ‘Thu, 25 Jan 2024 17:15:48 GMT’,
‘content-length’: ‘0’,
connection: ‘keep-alive’,
‘cache-control’: ‘no-store’,
‘referrer-policy’: ‘strict-origin’,
‘set-cookie’: [Array],
‘strict-transport-security’: ‘max-age=31536000; includeSubDomains; preload’,
‘trace-id’: ‘4861461452033515732’,
vary: ‘Accept-Encoding’,
‘x-content-type-options’: ‘nosniff’,
‘x-download-options’: ‘noopen’,
‘x-frame-options’: ‘DENY’,
‘x-xss-protection’: ‘1; mode=block’,
‘cf-cache-status’: ‘DYNAMIC’,
server: ‘cloudflare’,
‘cf-ray’: ‘84b2290c2fc4145f-AUS’,
[Symbol(defaults)]: null
},

We are still facing this issue. Any thoughts?

hello! could you share your oauth app’s client ID so we can investigate the issue further? thank you!

62c820b5fb59e2691590f9dc8cba42e606699a381d3166f02481494ea88362ef

thank you! i’ll circle back once we have an update

1 Like

Hi @lcrsupport, Welcome to the forum community.

The access token is used to authenticate all your requests, but the access token expires in two hours .Can you please retry Creating a New Access Token using below sample code.

curl https://api.coinbase.com/oauth/token \
  -X POST \
  -d 'grant_type=refresh_token&
      client_id=YOUR_CLIENT_ID&
      client_secret=YOUR_CLIENT_SECRET&
      refresh_token=REFRESH_TOKEN'

More details here:Sign in with Coinbase OAuth2 Tokens | Coinbase Cloud

We hope this helps. Let us know if you still face issues. Thank you!

Hi Rishabh. Yes, that is how we generate the access token. The issue happens after the access token expires, and we try to refresh it.

The response I pasted above is the 403 error we get when we try to refresh the access token.

Hello! Could you try making the request again? We’ll investigate our logs further.