Sigma Auth
Reference

Common Authentication Issues

"invalid_token" Error

Symptom: API returns {"error": "invalid_token"} even with a fresh token.

Common Causes:

  1. Token has expired (check the exp claim)
  2. Using a token from a different environment (dev vs production)
  3. Malformed Authorization header

Solution:

// Correct format
headers: {
  'Authorization': `Bearer ${accessToken}`
}

// Common mistakes
'Authorization': 'Bearer: token'     // ❌ Extra colon
'Authorization': 'bearer token'      // ❌ Lowercase bearer
'Authorization': accessToken         // ❌ Missing Bearer prefix

"unauthorized" Error

Symptom: API returns {"error": "unauthorized"}

Cause: Missing or malformed Authorization header.

Solution: Ensure the token is included correctly in the request.

Token Expiration

Default Expiration: 30 days

Check expiration:

// Decode JWT payload (for debugging only)
const payload = JSON.parse(atob(token.split('.')[1]));
const expiresAt = new Date(payload.exp * 1000);
console.log('Token expires:', expiresAt);

Multi-Application Support

Sigma Auth supports tokens from any registered application. You don't need separate endpoints or special configuration for different client applications.

// Works with tokens from any client
const sigmaWebToken = "...";     // From sigmaidentity.com
const yourAppToken = "...";      // From your application

// Both work with the same API
fetch('https://auth.sigmaidentity.com/backup/status', {
  headers: { 'Authorization': `Bearer ${token}` }
});

Getting Help

If you're still experiencing issues:

  1. Verify your token hasn't expired
  2. Check you're using the correct environment URLs
  3. Ensure proper header formatting
  4. Try with a fresh token from the OAuth flow