invalid access token

robert.hufsky

I try to create an app that can at least read the weather data from my netatmo. I managed to create the login flow and I get back an access_token and a refresh_token.

However each endpoint I call returns a 403 / invalid access token, even if i provide the newest token.

Even refreshing tokens gives me the same error, what can I do?

0

Comments

18 comments

  • Comment author
    robert.hufsky
    • Edited

    I tried with a token I generated through the website to no avail. Then I created a new application, created a token and it seems to work. Solved my problem for now but I am a bit worried about the stability of Netatmo auth.

     

    BTW, is there a way to delete an obsolete application?

    0
  • Comment author
    grotech27

    Same problem; same question

    0
  • Comment author
    Leslie Community moderator

    Hello,

    Seems like some applications are buggy recently. They correctly generate the first access/refresh_token pair, but these values are invalid

    As you said, the solution is to create a new developer application. I'll report the problem to Netatmo devs

    You can't totally delete an unused app from your interface. I advise you to deactivate it with the slider in the app's details

    Have a good day,

    Leslie - Community Manager

    0
  • Comment author
    marc.desperiez
    • Edited

    Hello,

    I'm bumping this thread because I still seem to have the exact same problem. All of the authentification process works fine but the newly generated token doesn't work and the API returns the invalid access token error.

    Edit: removing some scopes fixed my issue but I can't add too many different scopes

    0
  • Comment author
    Leslie Community moderator

    Hi Marc,

    Thanks for the feedback. Could you please send me the exact scope list you tried ? I'll see on my side if I can reproduce the problem

    Have a good day,

    Leslie - Community Manager

    0
  • Comment author
    dj

    I am having this exact problem, the only scope I am using is read_station. It was returning invalid access token for me but for other users the app was working fine, resetting the client ID and secret did not work but creating a new application did.

    0
  • Comment author
    niels.krogh

    Hi there,

    I have a similar problem, I do get a credential token, when I use my Access_Token / Refresh_Token created, but get a 403/Forbidden when requesting GetStationData() or GetHomesData().

    If I then create a new Token for the App with read_station and read_homecoach scopes, I then receive new Access and Refresh tokens, which will work for a while (appx. 2-4 hours) then we are back to the 403 / forbidden again.

    I can see the expiration time of the credential token is appx. 20 seconds, is that correct?

    /NielsK

    0
  • Comment author
    ott.riedberg

    I'm having the same problem with an RTI automation system. It used to work but now it doesn't. Yes, the login/password has been verified multiple times to be correct. It works when logging into the Netatmo web site. What to do?

    0
  • Comment author
    kruchor
    • Edited

    Hello,

    Same issue for me. The access token always expires a few hours later.

    Is there a proper/correct documentation to setup an app without having to perform regular manual steps ?

    Thx

    0
  • Comment author
    andre.cabrera.serrenho

    Hello,

    Same problem here.

    Thanks 

    0
  • Comment author
    jkslettebakk

    Weird, seems we are struggeling with the similar issue.
    I have tried for days to get new/correct tokens from the dev.netatmo.com app page.
    My problems started last week after a loooong stable period (years) when I had to move my app to a new Raspberry.
    Then I did a reset for the app with new Client ID, Client Secret plus the access and refresh tokens. Since this I have tried several times to regenerate without any luck.
    Both https://chat.openai.com/ and copilot now starts to sugest I shoul use only the first part (before the "|" character) of access and refresh tokens. This must be AI halusination, or is it some facts in it?
    I'm getting mad!

    0
  • Comment author
    jkslettebakk

    I gave up and generated a new app. This gave me access to my Netatmo data trough the API....

    0
  • Comment author
    kruchor

    Hello,

    I've create a new app as well but it doesn't help ... I keep getting :

    {"error":{"code":2,"message":"Invalid access token"}}

     

     

    0
  • Comment author
    Leslie Community moderator

    Hello,

    "Both https://chat.openai.com/ and copilot now starts to sugest I shoul use only the first part (before the "|" character) of access and refresh tokens. This must be AI halusination, or is it some facts in it?" <= no, of course the whole token characters must be used 

    For people struggling to get a first pair of access/refresh_token via the "classic" way, indeed the best is to generate a first working pair via the token generator (available here : https://dev.netatmo.com/apps/). Then, you can just apply the refresh_token process by storing and using the latest generated refresh_token value in your /token calls

    Have a good day,

    Leslie - Community Manager

    0
  • Comment author
    clodprogea

    Hi Leslie,

    I have a backend server which is running 24/7, whenever I create from your website the couple access and refresh token everything works as long as the server is running, the access token is used and then the refresh token is used and when expired is refreshed and keeps working. The problem is when I need to restart the server after few days for any reasons, then the access token is expired and I need to get back to your website to generate another one which makes this scenario unusable.

    Maybe I did not clearly understand your last message but if there a way to keep it working after a server reboot please let me know thanks

     

    Claudio

    0
  • Comment author
    b.iurea94

    Hi 
    as everyone here i'm trying to build my on app but i have the invalid access token.
    Leslie, you suggest to create the key pairs from dev console and then refresh it but this is not possible if you want a redirect_uri. So the suggestion is good, but only momentaneus.

    I see this post has 4 months, do the netatmo devs working on this issue?
    It's a seriuos issue thinking to the cost of the devices.

    Thanks
    Bogdan

    0
  • Comment author
    clodprogea

    the solution is as Leslie reported up here in this thread :

     

    For people struggling to get a first pair of access/refresh_token via the "classic" way, indeed the best is to generate a first working pair via the token generator (available here : https://dev.netatmo.com/apps/). Then, you can just apply the refresh_token process by storing and using the latest generated refresh_token value in your /token calls

     

     

     
    0
  • Comment author
    Leslie Community moderator

    Hello Bogdan,

    It's not mandatory to set a redirect_uri in your app's parameters on the dev website. You must only declare it in your /authorize request

    If you delete it, the token generator tool will be available

    Have a good day,

    Leslie - Community Manager

    0

Please sign in to leave a comment.