API: Get authorization code doesn't work

Hi guys,

I’m trying to get authorization code after user permission and obtain (one time use) code successfully but I failed dozens time, I tried to make a new app but also fails.

Get code after user’s permission: Success

Get Auth Code using: https://api.envato.com/token?grant_type=authorization_code&code=[CODE]&client_id=[CLIENT_D]&client_secret=[CLIENT_SECRET]

Generates the following error:
“message” : “The HTTP method and path you requested is invalid. Please check the API documentation at https://build.envato.com/api/ and ensure that you’re using a valid path with the correct method.”

May API servers down? I’m waiting for two hours.

1 Like

You’re sending a GET request. You need to send a POST request with those fields instead.

  • The request must be sent in application/x-www-form-urlencoded format.
  • The token URL is https://api.envato.com/token with nothing after it.
  • You must sent the grant_type, code, client_id, and client_secret as POST fields.

An example…

$ch = curl_init("https://api.envato.com/token");
curl_setopt_array($ch, array(
    CURLOPT_USERAGENT => "Your Website / Contact: Your Email",
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => http_build_query(array(
        "client_id" => "CLIENT_ID",
        "client_secret" => "CLIENT_SECRET",
        "grant_type" => "authorization_code",
        "code" => "CODE IN URL"
        "Content-Type: application/x-www-form-urlencoded"

$json = curl_exec($ch);
if (curl_errno($ch) > 0) throw new Exception(curl_error($ch));

$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$response = json_decode($json, true);

// Check that $code is 200 before using $response. Anything other than 200 indicates an error.
1 Like

Thanks pal, That’s exactly what i’m doing … but I noticed that after the user Approve the app it doesn’t appear in his granted access list so I think that’s why I cannot get the access token.

I test nWallet App (on phones) to see whether it’ll appear in my granted access list and it appears so I don’t know what’s the issue in my Apps.

No, it will not appear in the granted list if you don’t generate the token.

You’re not doing what I posted, you’re sending a GET request or something other than POST.
Please post your code if you insist it is correct.

Thanks a lot my friend, You’re right I made a terrible mistake

This is my code using WordPress functions ( wp_safe_remote_post | build_query )

     $envato_token_request =  wp_safe_remote_post( 'https://api.envato.com/token', array(
        'method' => 'POST',
        'timeout' => 45,
        'redirection' => 5,
        'httpversion' => '1.0',
        'blocking' => true,
        'headers' => array(
                'Content-Type: application/x-www-form-urlencoded'
        'body' => build_query( array( 
                'grant_type'    => 'authorization_code',
                'code'          => $_USER_CODE_After_Approval,
                'client_id'     => $_EnvatoClientID,
                'client_secret' => $_EnvatoClientSecret,
            ) ),
        'cookies' => array()

You did not specify the application/x-www-form-urlencoded header.

'headers' => array("Content-Type: application/x-www-form-urlencoded"),

It may be easier to simply use CURL like I did above, I do not know how WordPress formats their POST data but it’s possible you may need to call http_build_query() on the array you’re passing into 'body'

Yes, I think Themeforest’s refuse CURL functions included in themes I don’t know about CodeCanyon but I’m sure about Themeforest and they ask to use WP functions instead.

I’ll modify the prev functions for other people

Thanks Pal

Great, you solved my issue! Thank you!

1 Like