We are developing an app on Yext platform.
The app will be public but is private at the moment.
We would like to test the OAuth flow as described in Setup OAuth Process | Hitchhikers
The endpoint https://api.yext.com/oauth2/accesstoken?client_id=0bd...
returned us a 404 response.
So my questions are:
- Is that OAuth endpoint available only for public app? How can we test for private app?
- Say we obtain the access token of a client, will it expire after some period of time?
- If yes, how do we refresh the access token?
Thank you so much for your help.
Hi there, apologies for the delay getting back to you on this! See below for answers to your questions:
-
The OAuth endpoint is the same for both a Private and Public app.
-
The access token will not expire.
Could you please send the full endpoint URL you are using, omitting the sensitive information? I want to verify that the structure of your URL matches what is expected. This may be what is leading to the 404 error.
Thanks so much.
Thanks for sending. Can you please confirm if you are building in a Sandbox or Production environment?
As mentioned in this post, the access token URL is different if you are developing in Sandbox.
If you are building in Production I will look into any additional causes for error with the URL.
Thanks!
I login via Yext Login so that should be Production environment.
Hi,
Are you making a Post request or a Get request? You will need to make a Post request - if it’s not a Post you will get the 404 error. Let me know which you are using and that will help me further troubleshoot if needed.
The document says:
To initiate the OAuth process, redirect the customer to the URL below…
That makes me think it’s a GET request.
Now I tried the POST request and got a different error.
curl --location --request POST 'https://api.yext.com/oauth2/accesstoken?client_id=xxx&redirect_uri=xxx&state=xxx&response_type=code&grant_type=authorization_code'
{"error_description":"Missing required request params.","error":"invalid_request"}
Hi,
It looks like there may actually be an error in this guide - can you swap out /accesstoken in the URL for /authorize?
To clarify, https://www.yext.com/oauth2/authorize
is the GET endpoint that you redirect the user to to login and https://api.yext.com/oauth2/accesstoken
is the POST endpoint that you use to exchange your auth code for an access token after.
We will ensure the guide is updated so this is more clear! Let me know if you are still having any issues.
Thanks Sonia,
With the correct endpoint I can obtain the authorization code, yet I still have problem exchanging it for the access token:
curl -X POST https://api.yext.com/oauth2/accesstoken -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=xxx&client_secret=xxx&code=xxx&redirect_uri=https%3A%2F%2Fyext-app.locafy.dev%2Foauth"
Response: 400 Bad Request
{"error_description":"Missing required request params.","error":"invalid_request"}
Can you try including grant_type=authorization_code
? Let me know if you are still getting an error.
Thank you Sonia, it works perfectly.