I've got the initial half of an OAuth flow working with the SurveyMonkey API, but when I try to exchange the short-lived authorization code for a long-lived OAuth access token, I get an HTTP 400 response. This is step 3 of the SurveyMonkey OAuth Guide.
Here's a scrubbed version of the full exchange:
POST /oauth/token?api_key=<removed> HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate, compress
Content-Length: 338
Content-Type: application/json; charset=utf-8
Host: api.surveymonkey.net
User-Agent: HTTPie/0.7.2
{
"client_id": "<removed>",
"client_secret": "<removed>",
"code": "dKkIJYnimBli3TMHoTdHoT-zkzkUFzfHeaWJJyPVmrYG35R5Q-jLLU-Y7Fg3BR0n3tVTQ6sAmDnwVxHXSjZVdiYTJ7u7SWbLCKgQa061bKJYXSpRhTsEL0v5GMWcMEBC2vje5UjRHp3SScFQEwIIjHKZH5raC5RQJJh.JYWEOqw8Iy-2Ds7km1zYaHGGlxqu",
"grant_type": "authorization_code",
"redirect_uri": "https://app.hubspotqa.com"
}
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Connection: keep-alive
Content-Length: 96
Content-Type: application/json; charset=UTF-8
Date: Fri, 24 Jan 2014 00:05:53 GMT
SM-Request-ID: 41264d11-b93d-4f8b-ad1a-c656ccfa268b
Server: nginx
{
"error": "invalid_request",
"error_description": "Invalid POST body or Content-Type received."
}
I'm able to reproduce the exact same error using other HTTP clients as well, but I have no trouble manually getting an access token using the SurveyMonkey API console. What am I doing wrong?
Side question: the OAuth guide says that step 3 accepts a redirect_uri
but the example Python guide uses redirect_url
. Which is the correct parameter? Can I omit it entirely? My server certainly does not care about getting redirected anywhere.