We recognise this app but we can't understand it's OAuth request

I’ve created an app for a project of my company, that requires me to create an application to access certain information to generate an Excel spreadsheet for the management team to make their lives easier.

So I’ve looked into the API docs and created an app on the Developer Dashboard. Now I’m trying to get the OAuth Authorization endpoint to authenticate with my account (standard employee with no administrative access to the company). All is going well until I login to FreeAgent and I get the following error.

Sorry, there's been a problem

We recognise this app but we can't understand it's OAuth request.
Please get in touch with the author of the application you're trying to approve.

As far as I can see it recognise the correct app, but I haven’t got a clue what this error means.

I used the following endpoint for the authorisation request:
https://api.freeagent.com/v2/approve_app?client_id=REDACTED&response_type=200

I’ve set the redirect URL on the app itself so I omit that here according to API docs.

Is there something I’m missing on the request or any idea why this is happening?

Also does it not need the OAuth secret? Since there is no mention of that on the API docs.

Thanks in advance

Prav

Hi Praveen,

I used the following endpoint for the authorisation request:
https://api.freeagent.com/v2/approve_app?client_id=REDACTED&response_type=200

It looks like you’re missing a few query parameters from your authorisation request. You’re correctly supplying your client_id, although you’re missing the response_type=code argument.

Also, contrary to our documentation, you do need to supply your redirect_uri. This paramter used to be optional but we made it compulsory a few years ago to mitigate against potential man in the middle attacks. I’ll get that documentation updated now.

Here’s an example URL that you can copy, just be sure to replace example.com/oauth/callback and [redacted] with the values for your integration.

https://api.freeagent.com/v2/approve_app?redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback&response_type=code&client_id=[redacted]

Also does it not need the OAuth secret ? Since there is no mention of that on the API docs .

No, the OAuth Secret isn’t used in the authorisation request, it’s used in the next step where you swap the authorisation token for a refresh and access token.

I hope this helps!

Also, contrary to our documentation, you do need to supply your redirect_uri . This paramter used to be optional but we made it compulsory a few years ago to mitigate against potential man in the middle attacks. I’ll get that documentation updated now.

Just to confirm, the our OAuth documentation has now been updated. Thanks for flagging this issue, Praveen!

Hi David,

Thanks for looking into this and sorry for the very late response.

I’ve managed to get it to work now.

Thanks
Prav