Redirect URI mismatch Trouble


Redirect URI mismatch Trouble

So, I'm having trouble with "Redirect URI mismatch" errors while trying to get oAuth tokens.


First, I ran into the issue during my Authorization.  According to documentation (here) when sending the Authorization request one of the parameters to send is: redirect_uri.  In addition, it states "You can include additional query parameters with an Authorization request by appending them to the redirect URI and encoding it".  But, no matter what I tried I got a Redirect URI error after the user signed in.


Then I found this posting saying my URI needed to be the same as what's saved for my application.  OK, that's fine but when I go in to edit my application the form field for the Redirect URI says "no URL query parameters allowed".  Wait...what?  But the documentation specifically says I can add parameters?  I try to save a URI with parameters and, as expected, the form rejects any URI I enter with query parameters.  SIGH! 


OK, so I reconfigure my URI Redirect request to be something super simple the Application form will accept,, and use this identical URI in my authorization request.  SUCCESS!  After the user authorizes access we are sent back to with a URL Code variable and ready to request a token.  So, according to documentation the token request must also include the "redirect_uri" and "It must match the redirect URI registered with the application and used in the authorization request, including any parameters."  (even though parameters aren't allowed?)  No problem, I'll just plug in the same "" that I used in the request and have saved on my application. is my JSON response:


{ "error": "redirect_uri_mismatch", "error_description": "Redirect URI mismatch." }


ARGH!  Back to square one.  Help!


Thanks for making this post to the community. It highlights some changes that I need to make in the Authentication docs. 


The short solution to your problem is as follows:


The redirect_uri (including any path parameters added by your script) used in the Authorization Request is the same redirect_uri (including any path parameters added) that needs to be used in the Access Token Request part of the flow. 



The redirect_uri registered with your app in Mashery cannot include any additional parameters, it's a base or "naked" redirect_uri. 


I apologize for the lack of clarity on this point and the frustration it has caused. 


Best Regards,

Rich Marcucella
Sr. Technical Writer, Content Developer
Web Services Team
Occasional Participant

I am attempting to have a redirect uri of:


Is this possible?

Hi Christine,


I responded to your email and in your other post here.


Best Regards,

Shannon Wallace

Partner API Support Engineer

Developer Portal

View API documentation, code samples, get your API key.

Visit Page