Why am I getting this error 400?

I’m setting up my first webhook to recieve a token according to this:

and this

But I’m getting this 400 error, what I’m doing wrong?
I’ve tried ticking Querystring but didn’t work.
Changed the “Use as” to Action, didn’t work.

So before anything. Please know the risk you’re incurring by not setting the “client_id” and “client secret” as Private.
You can do this by changing the auth type on the api details page, to be safe. You can also continue doing it the way you’re, but please set everything as private.

Second the response you’re getting has to do with the encoding of your request/response. Try to fiddle with this: Captura de ecrã 2024-04-05, às 09.13.08 keep changing the type and requesting.

I see, will set it to private in the future, thank you :grin:

I’ve tried all different data types, same error. Yes something is wrong with the encoding but I can’t figure out how I can do it differently. I’ve also tried changing “Body type”, but no luck.

Can you try to put the “client_id” + “client_secret” on the header? Also capture the response headers and take a screenshot if you encounter an error.

client_id and client_secret in the header, exactly the same error. Not sure what’s going to happen when “capture response headers” is true.

Forgot the grant_type and client credentials (in parameters) but didn’t do any difference. Neither if I also put grant_type in headers.

Okay some progress, I got the token but through postman. Trying to set up my first api call but error again. This is where I’m at:

I can do the same call succesfully through postman, so something is wrong with my setup in bubble.

Expected type is x-www-form-urlencoded but you are sending a json. You have to select raw instead of json and seperate keys with & like this: key1=value&key2=value

@davsvens When you use client_credentials oAuth, you should use “Custom oAuth”. So the last screenshot is ok. But you need to put all your token request in either the url http://api.zigned.se/oauth/token?grant_type=client_credentials&client_id=1234566&client_secret=1234567 OR in body json grant_type=client_credentials&client_id=1234566&client_secret=1234567

This worked great, thank you!

1 Like

I did this by adding a body json with grant type, client id and client secret, but there is no option to make it private, is my keys secure when doing it this way?

If you use the Bubble aith, yes.