Some time get error "Invalid grant_type parameter or parameter missing" on renew access token

New post



  • nao-pon

    Subsequent investigation revealed that the refresh token was invalidated due to an error handling bug in my script. After that fix, refresh tokens are no longer lost. However, title errors can still occur. Is this error within regulation?

    Comment actions Permalink
  • nao-pon

    This problem has been resolved. This is due to a GET request at the time of the redirect. Solved my script for POST redirection.


    Still, I don't think POST request redirection is uncommon, but is this the intended behavior given the API?


    Thank you very much.

    Comment actions Permalink
  • Kourtney



    There was a regression in behavior when attempting to use the URL to obtain a token. Late last night, our engineering team pushed out a fix that restored functionality to this URL.  This particular URL is a remnant of version 1 of Box's API. This v1 had an EOL announced back in October 1st of 2013 as seen here:


    With this in mind, we request that you begin moving your application(s) toward using the formally supported endpoint in version 2 of our API which is as seen here:




    Box Technical Support Engineer

    Comment actions Permalink
  • nao-pon

    Hello! Kourtney,


    Thanks to you, there are no more errors than yesterday. Also updated my app's Box API endpoint to the latest one.

    Thank you for your support.

    Comment actions Permalink
  • ReinhardSeidl

    Hi Courtney,

    I've been using the entry point for some time, but recently, have also started getting the "Invalid grant_type" error - this application runs in VBA (yes, it's pretty old..) in an Access database. It used to run fine, but now throws the "Invalid grant_type parameter or parameter missing" error. Nothing has changed in this code for a couple of years. The temp_code (from the user authentication who grants access) still works fine - the dialog comes up correctly, the "grant access to box" comes up correctly after password verification, and the returned temp code is captured. Then the code below is executed (client ID and secret not shown obviously, but they have not changed in years). Instead of getting a refresh code, it now trips on the error.


    Any help would be appreciated.


    targetURL = ""
    paramstr = "grant_type=authorization_code" & _
    "&code=" & Temp_Code & _
    "&client_id=[clinet id]" & _
    "&client_secret=[client secret]"

    Set HTTPReq = CreateObject("MSXML2.XMLHTTP")
    HTTPReq.Open "POST", targetURL, False
    HTTPReq.SetRequestHeader "Content-Type", "application/json"
    HTTPReq.SetRequestHeader "Accept", "application/json"

    HTTPReq.Send paramstr
    JSON_Response = HTTPReq.responseText

    'get the refresh code and new authorization

    fault_string = "error"
    found_error = InStr(1, JSON_Response, fault_string)
    If found_error > 0 Then
    MsgBox "Could not authorize, please log in and grant access to enable cloud links"

    Comment actions Permalink
  • mlandgraf

     - Per Box support, this issue was caused by a change on their end. When requesting the access the token, the header's content type must be set like 

        var headers = {
            'Content-Type': 'application/x-www-form-urlencoded'
    Hopefully this fixes things for you!
    Comment actions Permalink
  • ReinhardSeidl

    Thanks, appreciate the heads up. 

    You're correct, that was the solution. The Box helpdesk actually also contacted me yesterday and gave the same suggestion. More support than i could have hoped for. Thanks all!

    Comment actions Permalink
  • DFL

    Hi Team,

    We  are facing Same issue like "Invalid grant_type parameter or parameter missing"  . We are using latest version 2 but its getting error and unable to access the 



    String urlParameters = 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer'
    + '&client_id='+ClientId+'&client_secret='+ClientSecret+'&assertion='+jwtAssertion;
    HttpRequest request = new HttpRequest();
    Http h = new Http();
    HttpResponse response = h.send(request);


    We got the below response from above request. Please let me know where we have done wrong.


    {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}


    Thank You,


    Comment actions Permalink
  • shamshad al

    how to genrate access token and upload file using php

    Comment actions Permalink

Please sign in to leave a comment.