I'm writing this up to save anyone else, who is as slow Whitted as I, sometime. If you are getting a 400 error when you submit your query for an Authorization Code, be sure to check your entire query string.
In my case, I was working from the v2 API trying to role up a v3 wrapper for my app, and had inadvertently left a reference to &state= in my query string to https://api.cc.email/v3/idfed. The error message saying that the redirect_url was invalid caused me to spend way to much time looking at the actual parameter it was complaining about.
Upon review, I found the errant parameter removed it and was good to go.
Hope this helps just one person not lose any sleep... at least over this integration.