Application exchanges the authorization code with an access token from Alpaca

I have been trying to integrate the APIs for getting client account auth token but always get

I am passing right param for the fields as per api

curl -X POST \
  -d 'grant_type=authorization_code&code=67f74f5a-a2cc-4ebd-88b4-22453fe07994&client_id=fc9c55efa3924f369d6c1148e668bbe8&client_secret=5b8027074d8ab434882c0806833e76508861c366&redirect_uri='

but keep getting the error as below

    "message": "forbidden."

Can someone suggest if integrated successfully?

1 Like

I’m having the same issue, it suddenly stopped working for some reason :frowning:

1 Like

Yup, same issue. My implementation hasn’t been touched in days, worked fine until now.
Been trying to debug this for hours now, thought I was going nuts until finding this.

1 Like

Feather Finance is having the same issues with all new OAuth access.

A few things to note::

  • Yesterday’s Core API Maintenance seems to have broken our OAuth flow.
  • Feather Finance’s OAuth code has not changed in 3 weeks (and everything was working smoothly until yesterday)
  • existing access_tokens are still working, but we cannot generate new ones
  • To troubleshoot we created a New Connected App, and tried to do the OAuth flow in Postman, but Postman is throwing the same error message.
  • We also generated a new Client Secret to see if the old one had been invalidated, but the oauth/token returns the same error message with the new Client Secret.
  • What’s most puzzling to us is that the TradingView integration does NOT seem to be impacted by this. I linked my Alpaca account to my TradingView account for the first time this morning…

@Dan_Whitnable_Alpaca, just wanted to make sure you are aware of this thread – yesterday’s maintenance seems to have broken the OAuth flow for many apps.


Thanks, looks like it has been fixed. Works perfect now.

1 Like