Redirect URI mismatch - Access Token Request

Regular Participant

Redirect URI mismatch - Access Token Request

Trying to finish OAuth 2.0 authetication but keep running into the same issue when trying to request the token.

I'm getting the access code after the user grants access to the account but when I try to request a token using the authentication code and the  C# method GetAccessTokenByCode(code) found in the sample wrapper files, I keep getting this message back.

Error Message:The remote server returned an error: (401) Unauthorized.

Error Body: {
 "error": "redirect_uri_mismatch",
 "error_description": "Redirect URI mismatch."

I have triple checked everything, and it all looks to match whats mentioned in the documentation and the uri I'm sending in the request is identical to whats in my mashery account.

Any idea what the problem might be… possible something is messed up with my account?


Can you post your redirect_uri in the forum so we can look at it?  If that is too personal, feel free to send a private message to me with it or email and our API support team can dig into this for you.  Usually, it is something to do with the format of the URI (we recently updated our verification code to be stricter to prevent this from happening) but can't say for certain until you send it over.

Dave Berard
Senior Product Manager, Constant Contact
Regular Participant

I think I've found the root of the issue!

The issue seems to be related with appending additional query parameters to the redirect URL on the Authorization request.

Whenever I add additional parameter to the redirect_uri (currently BackURL in our code) I receive the error I had been getting "Redirect URI mismatch." If I try and run this again with the same authorization code I receive a different message - invalid_grant - Invalid verification code: CODE. If I submit the authorization request with out this additional parameter, and use the code that's generated I'm able generate a token without any problems.

Its appears as though the access code is correct but if an additional parameter is added to the redirect_uri its like your system isn't storing the access code that was just created, thus it appears to be invalid.


Are you able to get to the bottom of this and find out why the codes aren't being considered valid if an additional parameter is provided in the redirect_uri. As its clearly stated in the documentation that this is supported which will be required for us to get this working for our application.

Regular Participant

Got everything working once the redirect uri was the same (including parameters) as the redirect uri used authorization request step

I personally think the documentation is a bit misleading, it reads "It must match the redirect URI registered with the application" (which is what I was doing). It doesn't mention anything about providing the same uri that was used in the authorization request including any extra parameters. Once I did this everything worked.



Developer Portal

View API documentation, code samples, get your API key.

Visit Page