Hello Infor Community,
I’m working on an API integration with the CPQEQ Runtime API (specifically the Quote and OrderLine endpoints) in a test tenant (TENANT_TST). I’m trying to fetch an OAuth 2.0 token using a Python script, but I’m consistently getting a 400 Bad Request error with the response {"error":"invalid_grant","error_description":"Invalid request: Account not authorized"}.
Here’s the relevant part of my script (sensitive details sanitized):
import requests
import base64
import logging
Set up logging
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
logger = logging.getLogger(name)
API configuration
TOKEN_URL = "https://mingle-sso.inforcloudsuite.com:443/TENANT_TST/as/token.oauth2"
CLIENT_ID = "TENANT_TST~<client_id>"
CLIENT_SECRET = "<client_secret>"
def fetch_token():
try:
auth_string = f"{CLIENT_ID}:{CLIENT_SECRET}"
auth_encoded = base64.b64encode(auth_string.encode()).decode()
headers = {
"Authorization": f"Basic {auth_encoded}",
"Content-Type": "application/x-www-form-urlencoded",
"x-tenant-id": "TENANT_TST" # Added based on common practice
}
data = {
"grant_type": "client_credentials",
"scope": "cpq_api" # Placeholder; need confirmation
}
logger.info("Fetching new token...")
response = requests.post(TOKEN_URL, headers=headers, data=data)
response.raise_for_status()
token_data = response.json()
return token_data["access_token"]
except requests.RequestException as e:
logger.error("Failed to fetch token: %s", e)
if 'response' in locals() and response is not None:
logger.error("Response: %s", response.text)
return None
Run the function
fetch_token()
Output:
textCopyFailed to fetch token: 400 Client Error: Bad Request for url: https://mingle-sso.inforcloudsuite.com:443/TENANT_TST/as/token.oauth2Response: {"error":"invalid_grant","error_trace_id":"Root=1-67fd4ead-212aa6d51d3d6ddb04f598b9","error_description":"Invalid request: Account not authorized"}
Background and Steps Tried:
- Initial Attempt with password Grant Type:
- I started with the password grant type (using username and password), but got an "invalid_scope" error when I included scope=api_access.
- After removing the scope parameter, the error changed to "Account not authorized".
- Switched to client_credentials:
- I switched to client_credentials since password might not be supported, but still got the "Account not authorized" error.
- Added scope Based on Feedback:
- A StackOverflow user suggested adding a scope parameter, which I had omitted in my post. I added scope=cpq_api as a placeholder, but haven’t tested it yet since I want to confirm the correct value.
- Reviewed Documentation:
- Postman Test:
- I previously fetched a token successfully in Postman using the password grant type, but haven’t re-tested recently.
Questions:
- What is the correct scope value for the CPQEQ Runtime API (Quote and OrderLine endpoints) when using the client_credentials grant type?
- Is client_credentials the appropriate grant type for this API, or should I use a different one?
- Is the x-tenant-id header required, and is TENANT_TST the correct value for my tenant?
- Could the "Account not authorized" error indicate an issue with my client_id or client_secret? How can I verify they’re still valid?
Additional Details:
- I’m working with the TENANT_TST tenant.
- The endpoints I’m targeting are:
- GET https://mingle-ionapi.inforcloudsuite.com/TENANT_TST/CPQEQ/RuntimeApi/EnterpriseQuoting/Entities/Quote
- GET https://mingle-ionapi.inforcloudsuite.com/TENANT_TST/CPQEQ/RuntimeApi/EnterpriseQuoting/Entities/OrderLine
- I’m using Python 3.9 and requests version 2.28.1.
- Trace IDs from the error: Root=1-67fd4ead-212aa6d51d3d6ddb04f598b9, Root=1-67fd4ead-73f3b85c0ca3e0814ed321ef.
Any guidance would be greatly appreciated! Thanks in advance.
