Make sure you're using Basic Authorization with your client ID and secret, and that your POST contains the correct redirect URI.
Invalid content type
Make sure all POSTs are using the correct content type.
Code expiry / reuse
Codes expire after one minute, and they can only be redeemed once - check to make sure that you aren't trying to exchange a code that's already been used (you will receive a 400 error code if this is the case.
"Resource not in token's scopes"
This error message appears if you're trying to access endpoints a token doesn't have access to. Make sure you're only using IL bearer tokens on supported endpoints. If you get this with a district-app token, this means your app doesn't have access to Secure Sync.
Never ask users for their credentials in order to test a login - it does not follow our security best practices. If you have access to Secure Sync, you can use our debugging tool to initiate a log in as the user in question.
Reaching out to Clever
If you're still running into issues, reach out to us at [email protected]! Please include the timeframe of the error, code(s) for the login attempts that failed, and as much information as possible.
Updated almost 3 years ago