Getting access token for uploads in v4

Hello, I’ve been trying to get the access token for a user to allow a user to upload.
The docs don’t seem to specify the needed parameters once one gets the authorization code from the /connect endpoint

So, I’ve been trying to:

  1. Get authorization code (code) from using the client_id, redirect_uri, scope parameters.
  2. Attempt to get access_token from using client_id, access_token, code, grant_type, client_secret, redirect_uri parameters.

I get the access_token parameters used in the second step from the dashboard (MLY|XXXXXXX...) because it complained that I needed authorization.

However, when I try to send the second request from the callback page, I get an error stating that
"Application Secret required for this endpoint". But, I have provided the client_secret, which I got from the developer dashboard. I couldn’t find anything else from the OAuth spec.

I’m also not sure what the /authorize endpoint was for since there is /connect.

1 Like

I’m having the same issue…

Okay update, if you enter the authentication URL from the developer page into your browser, it’ll take you to an authentication page which will then redirect you to your redirect URI and your code will be in the url. Not sure what to do with the code though.

Seeing the same thing as everyone else. The documentation says contradicting things like /connect vs /authorize. No details on what needs to be sent to /token, and I get an unhelpful error that I can’t lookup anywhere:

  "error": {
    "message": "Invalid OAuth 2.0 Access Token",
    "type": "MLYApiException",
    "code": 190,
    "error_data": {},
    "fbtrace_id": "A9-7asFpQ0nlkaMYtAn-YNE"

When I tried the following:

const authResponse = await fetch(``, {
      method: 'POST',
      body: JSON.stringify({
        code: req.query.code,
        client_secret: '..',
        access_token: 'MLY|...|...',

Looks like I decoded it

const authResponse = await fetch(
        method: 'POST',
        headers: {
            'OAuth MLY|<client_id>|<client_secret>', // Don't copy the client token from the dashboard

Awesome! Thanks so much! I really hope the Mapillary team clarifies this in the documentation.

Hey lanP, the docs is updated with the latest OAuth2.0 usage Mapillary.

Oh nice! Thanks for letting me know :smiley: