Service API Error "error":"invalid_grant"

  • Updated

Setting up the ServiceAPI:

If the serviceAPI nuget package is added to the solution, and you have checked that tblUserPermission hasEPiServerServiceApi, and you have gone to url to get version number and that works.

When you then go to you get unsupported_grant_type which is correct too.


We use Identity, so our startup file looks like this 

public class Startup
// For more information on configuring authentication,
// please visit

private readonly IConnectionStringHandler _connectionStringHandler;

public Startup() : this(ServiceLocator.Current.GetInstance<IConnectionStringHandler>())
// Parameterless constructor required by OWIN.

public Startup(IConnectionStringHandler connectionStringHandler)
_connectionStringHandler = connectionStringHandler;

public void Configuration(IAppBuilder app)
app.AddCmsAspNetIdentity<SiteUser>(new ApplicationOptions
ConnectionStringName = _connectionStringHandler.Commerce.Name

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider.
// Configure the sign in cookie.
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<SiteUser>, SiteUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user)),
OnApplyRedirect = (context => context.Response.Redirect(context.RedirectUri)),
OnResponseSignOut = (context => context.Response.Redirect(UrlResolver.Current.GetUrl(ContentReference.StartPage)))

app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>();

// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));



private static void EnableFacebookAccountLogin(IAppBuilder app)
// Note that the id and secret code below are fictitious and will not work when calling Facebook.
//FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions
// AppId = "idstring",
// AppSecret = "secretstring"

As you can see I have added the 
app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>(); 
to the code

So when I try to get token  using ServiceApi-Client 

You always get the error with "invalid_grant"

The password I use I know works, and I'm part of the Administrer group

Try to use SiteUser instead of ApplicationUser?
app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<SiteUser>, SiteUser>();