Authentication - API inconsistent behavior ( wrong credentials accepted generating invalid token)

Question

Hi everyone, here the issue we're hitting.

We have 2 sandbox

Each of them has (by design) different endpoints and different credentials to authenticate as described on http://developers.marketo.com/documentation/rest/authentication/

If we use the the endpoing of the sandbox A but the client id and secret of the sandbox 2 the token request succeed but the token is invalid

// TOKEN REQUEST 
https://ABC.mktorest.com/identity/oauth/token?grant_type=client_credentials&client_id=********&client_secret=********
// RESPONSE
{     access_token: "81e05494-a776-42c0-935f-65b1d798b04d:ab",     token_type: "bearer",     expires_in: 2961,     scope: "***" }
---------------------------------------- 
// REQUEST
https://ABC.mktorest.com/rest/v1/activities/types.json?access_token=81e05494-a776-42c0-935f-65b1d798b04d:ab

// RESPONSE 
{     requestId: "*****",     success: false,     errors: [         {             code: "603",             message: "Access denied"         }     ] }

Kenny_Elkington · Answer

Access Denied does not indicate an invalid token, it means that the user associated to your service does not have sufficient permissions to undertake the action designated. To access activities in your example, your would need the Read-Only Lead or Read-Write Lead permission. You'll need to modify the associated role of your user so that it has the requisite permissions.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded