Platform
APIs & SDKs
Resources
Go to Console

Troubleshooting

Frequently asked questions

What's the easiest way to authorize calls to the LiveChat API?

For fast and easy authorization, we recommend Personal Access Tokens (PATs).

Can I use the same access token to make calls to all APIs?

No. Making calls to the Customer Chat API requires you to use a different token than for all other APIs. Read about agent authorization flows and customer authorization flows.

Authorizing requests with a Personal Access Token doesn't work

  1. Remember, PATs use the Basic authentication scheme. Make sure you're not using something else, for example Bearer.
  2. Ensure you're not using a PAT to authorize a call to the Customer Chat API. If that's what you want to achieve, see How can I make calls to the Customer Chat API?
  3. Check if your PAT is valid, complete, and has all necessary scopes. You can use our Token Debugger.

How does HelpDesk authorization work?

The authentication and authorization system for HelpDesk API is shared with LiveChat.

How can I make calls to the Customer Chat API?

You need to create a customer. Then, you'll use the access token of this customer to authorize your calls to the Customer Chat API. To create a customer, send a request described in Creating a new customer.

The access token of my customer has expired. Do I need to create a new customer?

You don't have to create a new customer. You can request a new access token for the customer of a specific entity_id. entity_id is returned in the response when creating a customer. To get a new access token for your customer, send the following request:

curl 'https://accounts.livechat.com/customer/' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-X POST \
-d '{
  "client_id": "<CLIENT_ID_OF_YOUR_APP>",
  "response_type": "token",
  "redirect_uri": "<URI_YOU_DEFINED_IN_DEVELOPER_CONSOLE>",
  "entity_id": "<ENTITY_ID_OF_YOUR_CUSTOMER>"
}'

It's the same request as the one to create a new customer. The only difference is that it has an additional parameter, entity_id.

Errors

I get the "Invalid access token" error

  1. Perhaps, you're trying to authorize your call to the Customer Chat API with an access token valid for the Agent Chat API & Configuration API, or the other way round.

  2. Check if you copy-pasted the token correctly.

  3. Check if your access token contains %3A. If it does, change it to : (a colon).

  4. If you still can't solve the problem, try acquiring a new token. You can follow along our guide, which explains how to make a call to the Agent Chat API and presents the token acquisition in detail.

  5. To check if your token is valid, complete, and has all necessary scopes, you can use our Token Debugger. You can't use this tool to check an access token of a customer.

I get the "Invalid message" error

  1. Make sure the body of your request is in the JSON format.
  2. Make sure you've got all the commas, quotation marks, and brackets correct.
  3. Compare the payload of your request with the corresponding sample request in the documentation.

I get the "The client is not authorized to request a token using this method" error

You may get this error when trying to exchange an expired code for token in the OAuth flow. It's because code is only valid for a few minutes after the creation. What's more, it can be exchanged for an access or refresh token only once.

I get the "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed." error

  1. Make sure the response_type value matches the client type of your application. It should be code for server-side apps and token for web apps.
  2. Ensure the client_id param matches the Client ID of your app. You can find it in the Developer Console.
  3. Make sure redirect_uri matches the URI you defined in the Developer Console, including the slash at the end if you used it.

Here is a sample URL for the web client type:

CLIENT TYPE URL EXAMPLE
Copied!
https://accounts.livechat.com/
  ?response_type=token
  &client_id=<APP-CLIENT-ID>
  &redirect_uri=http://my-application.com/

Here is a sample URL for the server-side client type:

SERVER-SIDE CLIENT TYPE URL EXAMPLE
Copied!
https://accounts.livechat.com/
  ?response_type=code
  &client_id=<APP-CLIENT-ID>
  &redirect_uri=https://my-application.com/

Authorization errors

All authorization errors redirect to the error page https://accounts.livechat.com/ooops, while authentication errors redirect to the login page https://accounts.livechat.com/.

Errors codes are returned in the query strings, in form of the oauth_exception parameter (for authorization errors) or identity_exception param (for authentication errors). Additional exception_details may be passed with detailed information.

invalid_request

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Possible reasons:

  • wrong HTTP method
  • invalid HTTP body encoding
unauthorized_client

The client is not authorized to request a token using this method. Possible reasons:

  • missing client ID
  • client ID not found
  • refresh token not found
  • invalid client secret
  • invalid redirect URI
access_denied

The resource owner or authorization server denied the request. Possible reasons:

  • the requested scopes include a scope that wasn't originally granted by the resource owner

Not helpful? See access_denied in Authentication errors.

unsupported_response_type

The authorization server does not support obtaining a token using this method. Possible reasons:

  • response type is not code or token
invalid_scope

The requested scope is invalid, insufficient, unknown or malformed. Possible reasons:

  • scope not found
  • scope name not found
  • an app requires the administrator scopes, but instead, an agent user was logged in
server_error

The authorization server encountered an unexpected condition that prevented it from fulfilling the request. Possible reasons:

  • server down
  • server storage down

Not helpful? See server_error in Authentication errors.

temporarily_unavailable

The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. Currently not used.

unsupported_grant_type

The authorization grant type is not supported by the authorization server.

  • using disabled authorization grant type, for example client credentials grant; read more...
invalid_grant

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Possible reasons:

  • refresh token expired
  • access token expired
invalid_client

Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). Possible reasons:

  • using refresh token with wrong client id
missing_grant

The client is missing granted rights. Possible reasons:

  • grants were rejected
  • grants were never given
  • client changed required grants
Exception details

client_id_not_found - wrong client ID, client id does not exists

redirect_uri_not_set - client misconfiguration, the client has not set a redirect URI

invalid_redirect_uri - redirect URI is not one of the client's allowed redirects

too_many_redirects - the server has detected a redirect loop; the client shouldn't redirect too many times

Authentication errors

invalid_request

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

Not helpful? See invalid_request in Authorization errors.

unauthorized

The request is valid, but identity data is wrong or identity does not exist. If identity id is known, it's added to querystring as entity_id.

server_error

The server encountered an unexpected condition that prevented it from determining identity.

Not helpful? See server_error in Authorization errors.

access_denied

The identity is known, but access is denied because of business reasons. For example, identity can be banned or have the wrong account version, etc.

Not helpful? See access_denied in Authorization errors.

identity_lost

The identity was removed due logout, password reset, remote logout, etc.

credentials_login_disabled

Identity has disabled credentials login strategy. Identity should be verified with other strategies like Google Oauth or SAML.

Contact us

If this FAQ doesn't answer your question, reach us at developers@text.com.

...

Join the community
Get in direct contact with us through Discord.
Follow us
Follow our insightful tweets and interact with our content.
Contribute
See something that's wrong or unclear? Submit a pull request.
Contact us
Want to share feedback? Reach us at: developers@text.com