Invalid Grant
URI: https://docs.ankatech.co/errors/invalid_grant
HTTP Status: 400 Bad Request
This error also corresponds to the RFC 6749 OAuth 2.0
errorcodeinvalid_grantof the same name. The RFC 7807typesuffix uses the identical underscore form so the two identifiers match.
When you see this
The provided authorization grant or refresh token is invalid, expired, revoked, or does not match the request.
Common Causes
- Incorrect resource-owner credentials in a password grant.
- An expired, revoked, or already-used refresh token.
- A grant that does not match the client or requested scope.
Response Example
{
"type": "https://docs.ankatech.co/errors/invalid_grant",
"title": "Invalid Grant",
"status": 400,
"detail": "The provided authorization grant is invalid, expired, or revoked.",
"instance": "/oauth/token",
"correlationId": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": 1730000000
}
Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.
How to Resolve
- For password grants, confirm the username and password are correct.
- For refresh grants, obtain a fresh refresh token by re-authenticating.
- Ensure the grant matches the client and requested scope, then re-submit.
For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.