Authentication failed, but I can refresh the access token

Question

I can refresh the access token right before this call. I made this call to get the user info and it failed. Let me know if you want to see the PHP code or tokens.

Last SOAP request/response:
https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v9/CustomerManagementService.svc?singleWsdl
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns1="https://bingads.microsoft.com/Customer/v9"><SOAP-ENV:Header><ns1:CustomerAccountId/><ns1:CustomerId/><ns1:DeveloperToken>xxxxxxxxxxxxx</ns1:DeveloperToken><ns1:UserName/><ns1:Password/><ns1:AuthenticationToken>xxxxxxxxxxxx</ns1:AuthenticationToken></SOAP-ENV:Header><SOAP-ENV:Body><ns1:GetUserRequest><ns1:UserId xsi:nil="true"/></ns1:GetUserRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode>s:Server</faultcode><faultstring xml:lang="en-US">Invalid client data. Check the SOAP fault details for more information</faultstring><detail><AdApiFaultDetail xmlns="https://adapi.microsoft.com" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><TrackingId>ede625e1-6464-4704-b5d3-7e610e87bccf</TrackingId><Errors><AdApiError><Code>105</Code><Detail i:nil="true"/><ErrorCode>InvalidCredentials</ErrorCode><Message>Authentication failed. Either supplied credentials are invalid or the account is inactive</Message></AdApiError></Errors></AdApiFaultDetail></detail></s:Fault></s:Body></s:Envelope>
The operation failed with the following faults:
AdApiError
Code: 105
Error Code: InvalidCredentials
Message: Authentication failed. Either supplied credentials are invalid or the account is inactive

Answer 1

Hi,

Can you give the timestamp of the error, or run the call again and send over the new tracking Id and timestamp (with timezone)?  I can see if our logs can give more information.

Also, is this the only call producing the error for you?  Or are you seeing the behavior across all of your calls?  Two things I typically check:

1) Is the Microsoft Account correct?  In other words, when prompted during the grant flow, are you entering in the Microsoft Account that is registered as a Bing Ads user.

2) Can you log in to the Microsoft Account without issue, ensuring there aren't any security blocks or suspensions?  (this can happen from time to time)

3) Does going through the grant again from step 1 resolve the issue? 

Thanks,

Matt

Answer 2

Thu, Jul 21, 2016  5:45:32 PM EST, <TrackingId>589f1684-ce22-455f-952a-a83c7f2b1a71</TrackingId>

It is the only call right now, as I need to get the user before I can get the campaigns or other stuff. 

1. The Microsoft account is correct. The account is test.****@****.com and it is a Bing ads account.

2. Yes, I can log into Bing Ads through the Microsoft Account without issue. 

3. I will try the grant flow again to get a fresh refresh token and let you know. ... OK I tried with a fresh tokens and it still gave an error. <TrackingId>aa2f01c7-75b9-4290-bef7-1b5192d86de8</TrackingId>, Thu, Jul 21, 2016  6:02:31 PM EST.

Answer 3

Anyone?

Answer 4

Hi,

Can you ensure that you are using a developer token assigned to that specific user?  You can view the developer token at developers.bingads.microsoft.com.

Thanks,

Matt

Answer 5

No, I'm using my own developer token. The account I'm accessing is test.****@****.com. Eventually I'll access the production account. I thought it would be better to use my account token rather than a test account token. 

Answer 6

If it is a single-user token it can authenticate solely with a designated user, and permits API access to the accounts available to that user based on their managed access rights. Multi-user token can authenticate with any valid user credentials, and permits API access to the accounts available to each respective user based on their managed access rights. So you'll either need to request a new token for the other email address, or request a multi-user token.

For more information see Managing Customer Accounts.

I hope this helps!

Eric