My Products
Help
KOVnet_Iryna
CONTRIBUTOR **

https://integration.visma.net/API/controller/api/v1/customer returns 401 "Invalid audience"

by KOVnet_Iryna

Hi,
I'm testing my api connection
Client_id of my app is isv_7123
Test user irina@kovnet.nl

This user successfully authorized via my app, and got a refresh and access tokens.
But when I try to use this access token to get a list of all Customers
https://integration.visma.net/API/controller/api/v1/customer

curl -X GET \
https://integration.visma.net/API/controller/api/v2/customer \
-H 'authorization: Bearer eyJhbG*************zlg' \

 

then I get Error 401
{
"ExceptionType": "IPPException",
"ExceptionMessage": "Invalid audience",
"ExceptionFaultCode": "12010",
"ExceptionMessageID": "12010_7a8cc216-3b6c-442c-b2db-5ba636b9b88c",
"ExceptionDetails": ""
}

 

 

What is weird: the same user irina@kovnet.nl get the response from this api point on Swagger...

What I'm missing?

*** no, access token is not expired
*** I saw that probably I have to send 'ipp-company-id' in the header but in Swagger example for https://integration.visma.net/API/controller/api/v1/customer I don't see this param and also have no idea where to find it.
'Context' endpoint that was mentioned for this purpose in video lessons seems to be obsolete.
In another topic here someone from support also mentioned /connect/userinfo endpoint - but this one is also absent now.

Screenshot 2023-05-25 at 12.58.57.pngScreenshot 2023-05-25 at 14.59.14.png

2 REPLIES 2
Accepted solution
Yıldırım
VISMA

by Yıldırım

"That error "Invalid audience" signals that the access token used on the request has no scopes of the Visma.net ERP Interactive API. On the authorization request, the client needs to include at least one of the API scopes: vismanet_erp_interactive_api:create, vismanet_erp_interactive_api:delete, vismanet_erp_interactive_api:read or vismanet_erp_interactive_api:update beside the offline_access. "

kashyap
PARTNER

by kashyap

Getting  "invalid_grant" because refresh_token expired. As per above app setting refresh token expire after 30 days. How we can handle this case without involving users?