Troubleshooting 400 level errors with OAuth token
The most common type of 400 level error when sending an API request is 401 Unauthorized. This usually means the OAuth token has expired, and the app needs to obtain a new token using the Refresh Token. The app can then retry the API request using the new token. In some cases, the Refresh Token may also fail. For instance, the OAuth token endpoint will return a 401 error if the Refresh Token has expired. This can be determined using the error code returned in the body of the 401 response. In this case, the app should surface an error message prompting the user to re-install the app. For more information on obtaining a new token using the Refresh Token and troubleshooting error messages see Authenticate using OAuth 2.0.
Here are some possible reasons for 400 level errors with a valid token:
-
401:
-
If IP Whitelist is being used, and your IP is not included in the Whitelist:
The client has to add your IP(s) to the Whitelist. The
https://login.eloqua.com/idendpoint will return "Not authenticated." in the body of the response if the IP(s) are not on the Whitelist. -
If the Eloqua site was moved to a different data center:
Update the base URL. It can be confirmed via the
https://login.eloqua.com/idendpoint. -
If the user has been disabled:
The client has to re-enable the user or re-authenticate the app with a new user. The
https://login.eloqua.com/idendpoint will return "Not authenticated." in the body of the response if the user has been disabled.
-
-
404:
-
If the Eloqua instance is using Label-Based Access Control (LBAC) and the user does not have access to view contacts with the label(s):
The response will be a 404 Not Found, as with LBAC enabled the requested record doesn't exist for that user.
-
-
403:
-
If the user does not have permission to create or update the entity:
The response will be 403 Forbidden.
-