sergio.peleato.sergiopeleato avatar image
sergio.peleato.sergiopeleato asked

We cannot get autheticated through our ruby app.

We are trying to access the below-mentioned API in the sandbox environment.

It worked well in postman.

But when we tried from within our Ruby-On-Rails application (and also cURL), We are facing some issues in the oAuth authentication process (Authorization Code Flow).

The first step, getting the authorization code is working. We get the code and the state.

The issue is in the second step, which is getting the access token. Attached the details as cURL. We keep on getting {"error":"invalid_grant","error_description":"Code not valid"}. I made sure I exactly used the code I got the previous(authorize) call. Please help me in understanding if I missing something. Also would be great if you can send us sample cURL or ruby code for this authentication process.

curl \
--request POST \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data "code=2049cd47-9f98-427c-b399-6a9546600bdd.e91525ba-b63a-41af-8052-a93886d6a947.f:b04b9e0f-9d0d-4367-99ef-7d876dc8ff1d:cf7e45d5-4eb8-4268-9ebf-8fbd39e307c5&client_id=cf7e45d5-4eb8-4268-9ebf-8fbd39e307c5&client_secret=8dfxxxxx-xxx-xxxx-xxxx-xxxxxxxxxx1c&redirect_uri=" \

Screenshot 2020-03-17 at 10.11.42 PM.png

I have masked the client_secret and the recirect_uri. But I ensured that I passed the right values.

API: Corporate Lending Risk Management (1.0.0)

Also, there are a few other questions we have.

1. Why cannot we access this Corporate Lending Risk Management (1.0.0) API in B2B channel? We want to directly consume it from withing our app without user need to enter Finastra password.

2. This API is still in Beta. When can this be ready for production use?

3. As mentioned above, do you have any sample application in the Ruby language or Rails framework? Even some detailed documentation with the API flow and the cURL codes (sample cUrl commands) also would be more helpful.

10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Szymon Patacz avatar image
Szymon Patacz answered

Hello Sergio,

Regarding your questions:

1. All of the APIs are available for specific channel depending on their functionality, for more information you can refer to

2. This is handled by a corresponding LOB. I will contact them and get back to you as soon as i got an answer to that matter.

3. There are available samples for other programming languages ( ) but currently no Ruby.

I will look more deeply if we have an examples you asked.

Could you check if your redirect_uri is correspondant to redirect url provided ruring application creation in developer portal?

Also could you upload screenshot again as it is not displaying for me?

Kind Regards,


10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

sergio.peleato.sergiopeleato avatar image
sergio.peleato.sergiopeleato answered

Hello Szymon,

Thank you for your quick response. I hope this time the screeshot is visible, here it goes:

As for your question regarding the redirect_uri, we have made sure that this value is set correctly and we are still not getting through.

If you have any other suggestions, please do reach out.

Best regards,

screenshot.png (145.4 KiB)
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

majusmisiak avatar image
majusmisiak answered

Hello @sergio.peleato.sergiopeleato,

Can you share the procedure that you used to initially obtain authorization_code?

One of the reasons that may be causing "Code not valid" error, is that the code was already used to generate token. Each authorization code can be exchanged to token only once and is invalidated afterwards. For details, please refer to this answer to a related question.

As already mentioned by @Szymon.Patacz, currently we do not have curl example or Ruby/Rails sample application. However, I can recommend using Python/Flask sample app with authorization code as a reference.

10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.