How do I set the header grant_type header when authenticating an API Client?

Per the docs section “Authenticating an API Client”

I am not able to determine how to properly set this header, or where this code value is derived from


Is there a better example somewhere, or, can anybody shed light or provide more details on how to properly obtain the correct value for the “code” parameter, and how to include all this in the headers of the request? Thanks

Examples on what I’ve tried so far:

Pre Conditions for all requests:
*the key and secret for the particular client are concatenated into a string, separated by a : which is then base64 encoded, and used as the value for the Authorization header, prepended by Basic and a space, as shown.

I’ve tried creating a header for the entire grant_type, where grant_type is the key, and everything to the right of that (in the docs) is the value, like: grant_type : authorization_code&code=1JV6zV& This results in response of {“error”:“invalid_request”,“error_description”:“Missing parameter grant_type”}

I’ve tried splitting grant_type=authorization_code&code=1JV6zV& into two different headers, for grant_type and code, also results in {“error”:“invalid_request”,“error_description”:“Missing parameter grant_type”}

I’ve tried using query parameters in the URL, as: which results in {“error”:“invalid_grant”}

And finally, including the grant_type=authorization_code&code=1JV6zV& in the body of the request, which results in: {“error”:“invalid_request”,“error_description”:“Missing parameter grant_type”}


you have an howto which explains you how to deal with these parameters here:


Yes, the links I included in the post refer to same.

No, your link goes to reference API. My link goes to a howto which is a step by step explanation.
In section 2, which explains how to deal with authentication, scroll down to the Get an Access Token section. In the screenshot in this section, you can see that each parameter is set as a key/value item in the body. In your case, you have 2 keys: one for grant_type and one for code. So your last tries is the best. The previous one is less secure and 2 firsts are not working.

The code must be get using this api:

AirVantage authenticates the user and ask for authorization.
When the client application obtains authorization from the user, it is redirected to the provided redirect URI with the authorization code.

Did you call this api to get your own code? 1JV6zV is just an example.

Finally which tools are you using so that I can try to help you better?


Oh of course, now I see. We have to make two requests…

I’m using postman, and just trying to authenticate a client. This is for an application, so I assumed just using the API method would be sufficient. Basically, I’m just using Postman as a dev/testing proxy for what will ultimately be a server side code service.

I did not call any method to get a code. So, following along with your example, I’d need to first get the code using GET

what if there is no redirect url? I have zero need for that within the application I’m using this in, so wondering if this will just return the response directly if it’s missing. Otherwise, perhaps I’m not using the appropriate means of accomplishing what I’m trying to do?

Thanks man, sorry for the previous disconnect.

Pleased to know it has been clarified.
You can use the Request an Access Token using the Resource Owner Flow which is described in the howto. With his flow, you get a token after the first call and the redirect is optional.


Ok, I’m getting the access token now. But when I use it in subsequent requests, using Authorization: Bearer {token} (where this is just my raw string token) against the example request in the doc you linked to, to get a system, I’m getting the following response:

“error”: “context.unknown”,
“errorParameters”: null

I’m not setting any additional headers besides the authorization, and just swapping out my system name. any ideas? Thanks again.

@wkhatch have you finaly find the solution ? i have the same problem, it’s look like that we write header with the wrong format

Hi @jawaddidouh. I’m not sure which part of my question you’re referring to. The first issue I’d had was due to not first making the request for the auth token, which you’d use in subsequent requests. I’d misinterpreted the docs for API client auth. To resolve that, I followed the getting started guide docs, posted by rjacolin, for the Request an Access Token using the Resource Owner Flow as I didn’t need the redirects used in the other types of auth.

My next problem was yet another mistake on my end, due to incorrectly assuming our endpoints were in na and not eu. I was wrong; they were in eu, so once I modified my url, everything worked.

I have a fairly complete set of Postman requests at this point, and happy to share them. Not sure how I’d do that, but there’s probably a way I can export them, if that would help. Hope this helps a little, and feel free to ask for clarification if necessary.

Thought I’d posted my original solution to this, but not seeing it so providing a quick summary in case anybody else hits this type of response after successfully getting an auth token.

It was a simple matter of not using the correct end point base url. I’d assumed we were in, but we were actually in Changing that fixed the issue.

Hi @wkhatch,

Thanks for reply, my mistake was finaly the header of the request ! every time i puted header = 1 !! so yes it’s was about your first issue !

Best regards,