Why has my request failed with `invalid_grant`?

invalid_grant
 The provided authorization grant (e.g., authorization
 code, resource owner credentials) or refresh token is
 invalid, expired, revoked, does not match the redirection
 URI used in the authorization request, or was issued to
 another client. 

1. Check you are using the most recent code or refresh token;
2. Confirm that all the parameters are correct (redirect_uri, refresh_token, code) and that there are no extra space characters;
3. Confirm that you do not have multiple developers testing using the same account, this will lead to multiple tokens being created which will constantly invalidate each other.
4. 🆕 Check if you have passed the refresh token window (which is 30 days). Once the user gives consent, as we know, the access token lasts for 5 minutes, which you can refresh using the refresh token. This token then lasts for 30 days.
   Hence, even if the total consent period may be valid for 90 days, it must be refreshed within a 30-day window using to guarantee total lifetime.

5. If the invalid_grant error takes place during a code exchange (authorization_code) after authentication, make sure the code is no older than 5 minutes.

If you need more information...

Have a look at our comprehensive list of the authentication error descriptions in our API documentation. 

Read our blog post on Refresh Tokens here.