So I have written an interface from a system that I wrote a while ago, into FreeAgent. This app works perfectly with the sandbox, but as soon as I switch to the live URI, and try to send a new authentication request, it allows me to log into my live account and then errors saying the return URI is invalid. Switch back to the sandbox and it goes straight in to my sandbox account for approval.
Do I need to get a different client_id? does it need to match my ‘live’ account details? As I say, I have one variable that I change between the live and the sandbox so I really don’t understand except maybe I am missing something somewhere
I assume by “return URI is invalid” you mean “redirect URI”. Is that correct?
You need to make sure the redirect URI that you’re using in your code matches a redirect URI you’ve listed in your app setup (on https://dev.freeagent.com).
If you’d like to post your code here (with credentials redacted), we can look at it. You can also submit a ticket with our Support team with your client_id (and tell them it’s for an API Discuss issue) and we can make sure your app is set up correctly on this end.
So the exact error I am getting is " Sorry, there’s been a problem. The redirect URI is invalid for this app. Please get in touch with the author of the application you’re trying to approve."
The redirect URI is exactly the same in both cases, but it works in the sandbox but doesn’t on the live version. Does my login for the live company have to be the same as the developer account? It is for the sandbox account.
Also, according to the docs, I can supply the redirect_uri in the request, I do not have to specify it in the App set-up, and as I said, it works perfectly in the sandbox.
Okay, having raised a support ticket they have bounced me back here. After a bit of searching I finally found this bit of “hidden” documentation:
I cannot find any reference to this anywhere in the documentation, which is really not clever. It also looks like the wildcard functionality doesn’t handle url arguments that well either, so you can’t have a script that gets gets the tokens on a “first use” basis if you are passing arguments in the original url.
Incredibly incompetent of the API team not to have properly documented this 18+ months after introduction, IMO.
Sorry about the miscommunication I had with Support that resulted in them pointing you back here. That’s not a great experience.
I’ll make sure that we get a card on our board to improve the documentation around the redirect_uri parameter for users that created their app before we added a bit of helper text to the New App form which explains a bit about the redirect_uri. Additionally, if you’d like more information about the redirect_uri and its validation I recommend section 126.96.36.199 of the OAuth 2.0 RFC.
Finally, if you have some specific examples of the wildcarding not working, we can look into those.