401 Unauthorized / Missing User OAUTH Token

Hey there,

I am currently trying to get the Predictions API working (php).

I got it to work but after some time I get an error while calling the API (401 Unauthorized / Invalid OAuth token).

So this is my “workflow”:

Pre Step:
I am calling the auth API with the following scope (channel:read:predictions). After that I get returned to my pre set return URL (http://localhost/test) which is fine now I have a token + refresh token which I now store in my DB + variable.

Step 1:
Get the stored variables I need (UserID, clientID, clientSecret, appAccessToken, userAccessToken, userAccessRefreshToken) out of my DB.

Step 2:
I am checking if my appAccessToken is valid. If not then I am doing Step 2.1

Step 2.1:
I am generating an appAccessToken with my clientID + clientSecret (which works)

  • I am storing the return in a variable in my code + DB

Step 3:
I am refreshing my userAccessToken so I am 100% sure it’s still active.

Step 4:
I am calling the predictions API which works for some time. And out of the sudden I get a 401 error.

I really don’t know what I am doing wrong here. Or if I am missing a step to refresh?

Would be awesome to get some help :slight_smile:

Best regards


Sounds like your user token expired.

Usually a user token is valid for around 4 hours.
So then you would use the refresh token to get a new access token and continue working.

When you got the user access token you will have got an expires in, which is in seconds. And that tells you how long is left on the token.

See also the validate endpoint to set a token

And refresh

The app access token doesn’t apply here too much.


first of all thanks for the reply.

Thats why I am refreshing the token with every call. (Step 3)
Which is normally every 15-30 minutes.

I found a post that said that the refresh token changes after a refresh, but I can’t find anything in the docu about that :confused:

That might be the problem

Sounds like you are over refreshing and introducing a weirdness.
Or when you do refresh your program doesn’t use the new generated token.
And it’s the original token dying that is when your authentication is failing.

It’s part of the oAuth specification, so not explicity documented.

And why the new/current refresh token is returned when you refresh.

The refresh token may change at refresh but it doesn’t have to.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.