Why do I keep getting errors.unknown_or_used when requesting an access_token?
code that is generated when a user goes through the authorization process is restricted in a number of ways. This error means one of two things:
- The code has expired or has already been used
Codes are single use codes that expire in a relatively short time frame. So when if you’re building an auth flow from scratch and not using something like Omniauth, you will need to be careful to request a new code each time you want to test your
access_token redemption process.
- The information passed when redeeming the code doesn’t match the authorization values.
You can inspect the token request in your Developer Dashboard and cross-reference that against the preceding authorization request
These restrictions help to mitigate against a
code don’t end up in the wrong hands.