There are a number of reasons why you may be receiving a 400 error from Engage. One thing to bear in mind is that 400 Bad Request is simply the status of the request. In and of itself, it’s not terribly descriptive. However, Janrain returns a JSON response even with a bad request which provides more detail as to the nature of the error. We recommend analyzing the contents of that JSON response to find out what the root cause is. One good method for troubleshooting is to take the string of your RESTful API call and try it in a client, such as Google’s Advanced Rest Client for Chrome. Below is a screenshot of a request which generated a 400 response, and the root cause.
Here are the most common root causes for API calls returning a 400 status:
- You are using different Engage instances to do the authentication and the /auth_info (or any API) call. It is common for developers to forget to switch the secret API keys in code when working with dev and production environments. Example: this error will occur when you are using app https://example.rpxnow.com for authentication, but your /auth_info call is using the secret API key for https://example-dev.rpxnow.com.
- You are attempting to use an API call that your Engage level of service does not support. See the documentation at http://developers.janrain.com/documentation/api/ for details on which API calls can be used.
- Your level of service does support the API call, but there is an error in your call. See the documentation and examples at http://developers.janrain.com/documentation/api/ to do some troubleshooting.
- You are calling /auth_info with an expired authentication token. /auth_info should be called within minutes of the user authenticating, and best practices dictate it should be run by your token URL. If you are an Engage Enterprise user and require a periodic refresh of user data without the user authentication, you can use the /get_user_data API call. Note: this API call is only available for some providers, see the documentation at http://developers.janrain.com/documentation/api-methods/engage/get_user_data/ for details.
- Your server-side script is trying to call /auth_info twice with a single-use token, and the error you see is with the second /auth_info call. You should fix the error in your script or if your process necessitates more than one /auth_info call, go into your Engage dashboard at https://rpxnow.com/relying_parties/your_rp/settings and under Migrations, remove the checkbox next to One-time use auth_info tokens.
- Some API calls require the identifier parameter to be URL encoded because the identifier contains a character not supported by the API. This happens commonly with Yahoo identifiers as they contain a hash symbol.