## Error Handling

## Authentication

Make sure you're using Basic Authorization with your client ID and secret, and that your POST contains the correct redirect URI.

## Invalid content type

Make sure all POSTs are using the [correct content type](🔗).

## Code expiry / reuse

Codes expire after one minute, and they can only be redeemed once - check to make sure that you aren't trying to exchange a code that's already been used (you will receive a 400 error code if this is the case.

## "Resource not in token's scopes"

This error message appears if you're trying to access endpoints a token doesn't have access to. Make sure you're only using IL bearer tokens on [supported endpoints](🔗). If you get this with a district-app token, this means your app doesn't have access to Secure Sync.

## Test Logins

Never ask users for their credentials in order to test a login - it does not follow our security best practices. If you have access to Secure Sync, you can use our debugging tool to initiate a log in as the user in question.


## Reaching out to Clever

If you're still running into issues, reach out to us at [[email protected]](🔗)! Please include the timeframe of the error, code(s) for the login attempts that failed, and as much information as possible.