Failed to validate code due to an error: invalid-token

I can’t get the API to work. I have literally created and deleted three tokens to get this to work. I’ve combed over these posts looking for something I’m doing wrong, and I just can;t find it.

These are the permission set, as suggested in other posts regarding the 403 response.

Here is the code (shorted):

$args = array(
‘timeout’ => 20,
headers’ => array(
‘Authorization’ => ‘Bearer ’ . $envato_token, // API token with no trailing spaces.’
‘User-Agent’ => $user_agent,

$response = wp_remote_get( ‘’ . $code, $args );// Valid purchase code that returns proper information in the API sandbox.

I don’t know what else it could be. Does the system need time to validate the token? Is there a wait period?


  • Kev

You can check this Tutorial Solution:

1 Like

Hi @SVLStudios,

What message does the API call return? Sounds like the HTTP code being returned is 403; the response body should give you some additional clue as to what’s wrong.

Here’s a simple CLI example, using a token with the same permissions you showed above:

curl -sH "Authorization: Bearer $TOKEN" \

{"error":"Unauthorized operation - please use a valid token with the required permissions. Reason scope required sale:history","response_code":403,"reason":"scope-missing"}

You can see in the message there that the required permission is sale:history, which is missing from your permissions screenshot. If I add that permission (“View your items’ sales history”) to my token and repeat the request, the message changes:

curl -sH "Authorization: Bearer $TOKEN" \

{"error":404,"description":"No sale belonging to the current user found with that code"}

In this case, the code I used was fake, so there was no matching sale. If I had sales on this account and used a real purchase code, it would have returned the details of that sale.

1 Like

Hey guys!

I found the problem. Heh, it’s rather embarrassing. I was totally not paying attention to the build.envato page. I…erm, created a token for the app and not the personal token. Once I stopped looking for the most obscure cause and looked at what should have been the most obvious thing, I fixed my issue… So embarrassing. :man_facepalming:

I apologize for wasting y’all’s time. Thanks though :slight_smile:

I may just upload my working solution to a git and share it so others can benefit.

1 Like

No problem at all @SVLStudios! Other people may do the same thing so it’s good that you’ve described what happened and how you fixed it.

I’m sure others could benefit from your solution if you were willing to share it.