Authorization Requests and Errors
Authorization requests and responses conform to the OAuth 2.0 framework requirements. Each authorization strategy follows a different sequence of requests and responses, depending on its requirements. The details of each may be found with the individual authorization strategy documentation.
Authorization Endpoints
There are two authorization endpoints. The authorize endpoint issues authorization tokens which may be turned into the token endpoint which issues access and refresh tokens.
| Endpoint | Purpose |
|---|---|
| https://api.ecobee.com/authorize | Grants authorization tokens. |
| https://api.ecobee.com/token | Issues access and refresh tokens. |
Error Handling
Your application will need to handle a number of errors resulting from authorization requests. The errors returned by the authorization endpoints are different from those returned by individual API requests. The authorization endpoints support the standard as well as extended OAuth error responses.
Errors
Error responses are sent back with an HTTP error code response and a JSON payload containing the error type. Ensure that you inspect the JSON payload in order to determine why your request may have failed.
The JSON error response looks like this:
{
"error": "invalid_client",
"error_description": "Authentication error, invalid authentication method, lack of credentials, etc.",
"error_uri": "https://tools.ietf.org/html/rfc6749#section-5.2"
}
Error Codes
| Error Type | HTTP Error Code | Description |
|---|---|---|
| access_denied | 302 (Found) |
Authorization has been denied by the user. This is only used in the Authorization Code authorization browser redirect. |
| invalid_request | 400 (Bad Request) |
The request is malformed. Check parameters. |
| invalid_client | 401 (Unauthorized) |
Authentication error, invalid authentication method, lack of credentials, etc. |
| invalid_grant | 400 (Bad Request) |
The authorization grant, token or credentials are expired or invalid. |
| unauthorized_client | 400 (Bad Request) |
The authenticated client is not authorized to use this authorization grant type. |
| unsupported_grant_type | 400 (Bad Request) |
The authorization grant type is not supported by the authorization server. |
| invalid_scope | 400 (Bad Request) |
The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. |
| not_supported | 400 (Bad Request) |
HTTP method not supported for this request. |
| account_locked | 401 (Unauthorized) |
Account is temporarily locked. |
| account_disabled | 401 (Unauthorized) |
Account is disabled. |
| authorization_pending | 401 (Unauthorized) |
Waiting for user to authorize application. |
| authorization_expired | 401 (Unauthorized) |
The authorization has expired waiting for user to authorize. |
| slow_down | 401 (Unauthorized) |
Slow down polling to the requested interval. |