## Error Handling
Make sure you're using Basic Authorization with your client ID and secret, and that your POST contains the correct redirect URI.
## Invalid content type
Make sure all POSTs are using the [correct content type](🔗).
## Code expiry / reuse
Codes expire after one minute, and they can only be redeemed once - check to make sure that you aren't trying to exchange a code that's already been used (you will receive a 400 error code if this is the case.
## "Resource not in token's scopes"
This error message appears if you're trying to access endpoints a token doesn't have access to. Make sure you're only using IL bearer tokens on [supported endpoints](🔗). If you get this with a district-app token, this means your app doesn't have access to Secure Sync.
## Test Logins
Never ask users for their credentials in order to test a login - it does not follow our security best practices. If you have access to Secure Sync, you can use our debugging tool to initiate a log in as the user in question.
## Reaching out to Clever
If you're still running into issues, reach out to us at [[email protected]](🔗)! Please include the timeframe of the error, code(s) for the login attempts that failed, and as much information as possible.