I've looked at this question
Server-Side REST Authentication
and many other forums with this same problem. I'm trying to access restful webservice we created in our salesforce instance with postman. I'm using this url
https://login.salesforce.com/services/oauth2/token
and these url params
grant_type=password
client_id={my id}
client_secret={my secret}
username=username@domain.com
password={password}{security token}
I'm getting this response
{
"error": "invalid_grant",
"error_description": "authentication failure"
}
In the connected app settings, I've added my IP under trusted IPs. I've set IP Relaxation to "Relax IP restrictions". I set permitted users to "All users may self-authorize". I added my IP address under Administer->Security Controls->Network Access.
Is there supposed to be a delimiter between password and security token in the password URL parameter? I can view my connected app through two views in salesforce.
When I go to Administer->Manage Apps->Connected Apps I see it there but when I hover the mouse over it, it doesn't say "Managed-Installed" and it doesn't have the little blue arrow next to the link. But when I click on it it says its installed
I also can view it through Develop->Remote Access which then redirects me to a page where I'm able to click on it and see the consumer key and consumer secret.
I tried sending a request from the developer console and I get the same error. I tried sending with and without the security token appended to the password. I do have the '@' character in the password, could that be causing a problem?
HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setEndpoint('https://login.salesforce.com/services/oauth2/token');
req.setBody('grant_type=password' +
'&client_id=' + 'id'+
'&client_secret=' + 'secret' +
'&username=' + 'username@domain.com.currentdev' +
'&password=' + 'password');
Http h = new Http();
HTTPResponse res = h.send(req);
System.debug('Body ' + res.getBody());
System.debug('Status ' + res.getStatus());
System.debug('Status code ' + res.getStatusCode());
Thanks @Eric, the problem was I'm in a test environment so I should be using test.salesforce.com not login.salesforce.com
Best Answer
Check the login history for the user and make sure you are connecting to the right url TEST vs LOGIN.
I am willing to bet that the Security Token is being required and you are not appending that to your password
You should be doing:
&password={PASSWORD}{SECURITYTOKEN}
I used your code and once I added the IP to the allowed ranges (or appended the security token) it was successful.
results in:
Digging Deeper into OAuth 2.0 on Force.com