Refresh token API responding with 403: Forbidden

lcrsupport · January 26, 2024, 8:24pm

We are able to add a Coinbase account. But when the access token expires after 2 hours, on calling the refresh token API (https://api.coinbase.com/oauth/token), we get a 403: Forbidden error response. This happens with every request. The only solution is to reconnect the account again from scratch.

Below is the response that we receive from the API. We have confirmed that the access token & refresh tokens are being correctly sent & received. Please advise. Thanks.

response: {
status: 403,
statusText: ‘Forbidden’,
headers: AxiosHeaders {
date: ‘Thu, 25 Jan 2024 17:15:48 GMT’,
‘content-length’: ‘0’,
connection: ‘keep-alive’,
‘cache-control’: ‘no-store’,
‘referrer-policy’: ‘strict-origin’,
‘set-cookie’: [Array],
‘strict-transport-security’: ‘max-age=31536000; includeSubDomains; preload’,
‘trace-id’: ‘4861461452033515732’,
vary: ‘Accept-Encoding’,
‘x-content-type-options’: ‘nosniff’,
‘x-download-options’: ‘noopen’,
‘x-frame-options’: ‘DENY’,
‘x-xss-protection’: ‘1; mode=block’,
‘cf-cache-status’: ‘DYNAMIC’,
server: ‘cloudflare’,
‘cf-ray’: ‘84b2290c2fc4145f-AUS’,
[Symbol(defaults)]: null
},

lcrsupport · January 29, 2024, 4:53pm

We are still facing this issue. Any thoughts?

philsmom · January 31, 2024, 7:00pm

hello! could you share your oauth app’s client ID so we can investigate the issue further? thank you!

philsmom · January 31, 2024, 7:24pm

thank you! i’ll circle back once we have an update

rishabh · February 1, 2024, 2:25pm

Hi @lcrsupport, Welcome to the forum community.

The access token is used to authenticate all your requests, but the access token expires in two hours .Can you please retry Creating a New Access Token using below sample code.

curl https://api.coinbase.com/oauth/token \
  -X POST \
  -d 'grant_type=refresh_token&
      client_id=YOUR_CLIENT_ID&
      client_secret=YOUR_CLIENT_SECRET&
      refresh_token=REFRESH_TOKEN'

More details here:Sign in with Coinbase OAuth2 Tokens | Coinbase Cloud

We hope this helps. Let us know if you still face issues. Thank you!

lcrsupport · February 1, 2024, 4:01pm

Hi Rishabh. Yes, that is how we generate the access token. The issue happens after the access token expires, and we try to refresh it.

The response I pasted above is the 403 error we get when we try to refresh the access token.

sunzha · February 6, 2024, 5:36pm

Hello! Could you try making the request again? We’ll investigate our logs further.

lcrsupport · April 3, 2024, 4:36pm

We’ve tried it multiple times. Still get the same issue.

Topic		Replies	Views
403 Client Error: Forbidden Sign in With Coinbase	2	1363	May 10, 2022
Authorization_code endpoint does not return refresh_token Sign in With Coinbase	1	47	April 16, 2024
Coinbase refresh token API endpoint not working Sign in With Coinbase	2	59	April 16, 2024
OAuth invalid_grant on refresh_token Sign in With Coinbase	1	510	June 19, 2023
Error making the /oauth/token request Sign in With Coinbase	5	358	August 8, 2022

Refresh token API responding with 403: Forbidden

Related Topics