400 Bad Request: Invalid authorization code

I’m trying to use Postman for testing my app following this guide. For code parameter I’m using the value from url after being redirected to the app after succesful authorization (url for authorization is copied from Local Test section on app setting page). The rest parameters are in place (including Authorization with Basic cliendID:ClientSecret Base 64 encoded). I’m using clientId and secret from Development Section (not production and the app is already published). But I’m getting the error:

{
    "reason": "Invalid authorization code",
    "error": "invalid_grant"
}

What’s happening? Is this authorization code one-time? I mean when autorization is complete in my app the backend part is already used this code for getting token for other needs. Does this mean that I can’t use same authorization code anymore? How does it work? Because sometime this POST call via Postman works, sometimes doesn’t - pretty inconsistant.

Hi @dowow.tv
Thanks for reaching out to us!
Here is a screenshot of my postman environment:

Screenshot 2025-04-16 at 3.06.51 PM1478×562 42.7 KB

Just make sure to pass client id and client secret in your authorization tab.

seems like you haven’t read my post carefully. All inputs are in place and I was asking about further authorization code usage after it was used for getting token in particular.

Hi @dowow.tv

Is this authorization code one-time? Does this mean that I can’t use same authorization code anymore? How does it work? Because sometime this POST call via Postman works, sometimes doesn’t - pretty inconsistent.

Yes, the authorization code is only valid once.
Once you use it to generate an access token, it will get invalidated. This is by design