Illegal base64 character 28

Details on your question or the problem you’re trying to solve.
I’m trying to get access token according to this guide: Create a Server-to-Server OAuth App
I’m using server-to-server app, that is activated, I have replaced clientId, clientSecret and accountId with according strings. I also tried to encode it to base64 (as in toBase64('clientId:clientSecret'), replaced ofc). Tried without encoding too.


I keep getting {"status":false,"errorCode":-1,"errorMessage":"Illegal base64 character 28","result":null}
The full error message or issue you are running into, where applicable.

API Endpoint/s?
Share the API endpoint/s you’re working with to help give context.

How To Reproduce
The easiest via node js:
import fetch from “node-fetch”
;(async () => {
const res = await fetch(”,
headers: {
Authorization: Basic Base64Encoder(${btoa( "B:C" )}),
method: “POST”,
console.log(await res.text())

Steps to reproduce the behavior:
1. Request URL / Headers (without credentials) / Body
2. Authentication method or app type
3. Any errors

Additional context
Add any other context about the problem here.


I got ‘Illegal base64 character 28’ error, too.

Can someone help?

Hi @kowalski.k and @regit
Are you still experiencing this issue?
Please refer to the following guide to make sure you are setting up your app correctly:


For me the Curl command to encode the clientID and secret wasn’t working and giving the same error. So instead I just encoded them in a different command, copied that value into the Curl request and it worked.

echo -n clientId:clientSecret | base64


curl -X POST -H "Authorization: Basic encodedCharacters" "{accountId}"

1 Like

Thanks for sharing this with the community @joey.grover
I appreciate it

Thank you very much @joey.grover for guidance, I am using on “OAuth Server to Server”, this problem has troubled me for over a week