OAuth2: 3 things

Hi guys, well done with the new support for OAuth2! I’m testing it right now and I was wondering (1) how often the token expires (https://docs.alpaca.markets/build-apps_services-with-alpaca/oauth-guide/). There is not mentioned in the documentation.

Should I ask for a token every day? Or if a token is expired/not valid, do you return a specific code/error, so I can request a brand new token?

Also (2), I’ve followed the instructions on the web site, but when I ask for a token I receive this error message:


As response to my request curl -X POST https://api.alpaca.markets/oauth/token -d 'grant_type=authorization_code&...

it looks like the grant-type authorization_code is not valid.

Last (3) question: there is no mention in the docs I can authenticate for a paper account.


Hi Luca,
Did you get it to work? I’m following the instructions and even I’m getting invalid_grant message back.


Hi Marmik,
I found a solution that worked for me at least. The issue with my code was that the redirect URL I provided in the /oauth/token request was not the same redirect URL I provided in the /oauth/authorize request. The issue resolved itself after I made the URLs the same.

Hope this helps,