Skip to main content
Question

invalid_client - The client credentials are invalid

  • May 22, 2025
  • 5 replies
  • 100 views
C
Forum|alt.badge.img

I know there are numerous posts about this error, but I'm new to the box API and could use some help narrowing down the issue.

I've created a custom application of type Server Authentication (Client Credentials Grant).  I also authorized this application in the admin console on the Server Authentication Apps tab.

I'm coding in C#.  I have the .NET SDK installed in my project, and I'm using the .NET code sample from this page in the documentation: https://developer.box.com/guides/authentication/client-credentials/

When I plug in my client ID, secret, and username and run the code, I get this message:

The API returned an error [BadRequest] invalid_client - The client credentials are invalid at Box.V2.Extensions.BoxResponseExtensions.ParseResults[T](IBoxResponse`1 response, IBoxConverter converter) at Box.V2.CCGAuth.BoxCCGAuth.<CCGAuthPostAsync>d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Box.V2.CCGAuth.BoxCCGAuth.<UserTokenAsync>d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at MvcApplication.Controllers.HomeController.<Index>d__0.MoveNext() in M:\Domains\Rhythm_Box\MvcApplication\Controllers\HomeController.cs:line 19

If anyone from box support sees this, the client ID is 4ro5njohgyhnhzee8xluse1j334g7tiw

The account I was logged into when I created the application is the one named API User, if that makes a difference.

Thank you for any assistance.

----

A quick update: I created a new app with JWT authentication, and that seems to be working okay.  I'm still curious what about the original approach was incorrect, but I'll keep going with the JWT version instead.

    5 replies

    C
    Forum|alt.badge.img

    Hello, 

    This could be a few things. It looks like you have access to file a support ticket - so I would recommend doing that. That's going to be the fastest way to get the answer. 

    Alex, Box Developer Advocate

    C
    Forum|alt.badge.img

    406590678454, here's an example of how I did the authentication.

    I found that missing any of this params can cause the error you mentioned. And here I'm using the user id and enterprise id and everything from the app.
    I think the box documentation for the client secret auth incorrectly points at using UserTokenAsync instead of AdminTokenAsync and does not list the builder method SetEnterpriseId

    var boxConfig = new BoxConfigBuilder(boxClientID, boxClientSecret).SetEnterpriseId(boxEnterpriseID).Build();
    var boxCCG = new BoxCCGAuth(boxConfig);
    var tokenTask = boxCCG.AdminTokenAsync(); //valid for 60 minutes so should be cached and re-used
    tokenTask.Wait();
    var token = tokenTask.Result;
    var userClient = boxCCG.UserClient(token, boxUserID);
    C
    Forum|alt.badge.img

    833680408 You solution finally works. Wasted two days. I still face same issue in PostMan

    C
    Forum|alt.badge.img

    @kushe, then upvote

    C
    Forum|alt.badge.img

    Does anyone know the same workflow that 833680408 wrote out, but for python (with the box SDK)?

    I've been stuck on this for some time!

    Terms of ServiceAccessibility statement