Reference
Common Authentication Issues
"invalid_token" Error
Symptom: API returns {"error": "invalid_token"} even with a fresh token.
Common Causes:
- Token has expired (check the
expclaim) - Using a token from a different environment (dev vs production)
- Malformed Authorization header
Solution:
// Correct format
headers: {
'Authorization': `Bearer ${accessToken}`
}
// Common mistakes
'Authorization': 'Bearer: token' // ❌ Extra colon
'Authorization': 'bearer token' // ❌ Lowercase bearer
'Authorization': accessToken // ❌ Missing Bearer prefix"unauthorized" Error
Symptom: API returns {"error": "unauthorized"}
Cause: Missing or malformed Authorization header.
Solution: Ensure the token is included correctly in the request.
Token Expiration
Default Expiration: 30 days
Check expiration:
// Decode JWT payload (for debugging only)
const payload = JSON.parse(atob(token.split('.')[1]));
const expiresAt = new Date(payload.exp * 1000);
console.log('Token expires:', expiresAt);Multi-Application Support
Sigma Auth supports tokens from any registered application. You don't need separate endpoints or special configuration for different client applications.
// Works with tokens from any client
const sigmaWebToken = "..."; // From sigmaidentity.com
const yourAppToken = "..."; // From your application
// Both work with the same API
fetch('https://auth.sigmaidentity.com/backup/status', {
headers: { 'Authorization': `Bearer ${token}` }
});Getting Help
If you're still experiencing issues:
- Verify your token hasn't expired
- Check you're using the correct environment URLs
- Ensure proper header formatting
- Try with a fresh token from the OAuth flow