Token signature invalid


Trying to hit using an API key and secret that are currently working with v1 API calls and I’m getting the {“code”:124,“message”:“The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256”}  result.


I’m using the perl API from and I’ve confirmed that the expire date is in the future and that the token being generated is the same as what the debugger at says it should be.


Do I need to obtain a new key a secret to work with v2 of the API?




Hi Brain,

The keys should be the same, make sure that in your JWT that you have the following


  "alg": "HS256",
  "typ": "JWT"


  "iss": "API-Key",
  "exp": 1536375251


  base64UrlEncode(header) + "." +

Hi Michael,


Thank you. I have confirmed that I’m using the correct client id and secret in the right places when generating the token. Are you sure the older client id/secret will work? Based on another comment in this thread:  is kind of sounds like I have to get a new client id and secret from the “marketplace”. Is that correct?




Hi Brian, 

Would you be able to share and email your token at Regardless if you are using marketplace or not, if you are using JWT,  the API credentials should be the same.

Correction, from last comment I made previously, instead of client_id it should be API-key and for client_secret, you should use API- secret. 

You should be able to get the API key/secret from here.



Hi Michael,


I literally just now figured out the problem. I was adding a colon right after Bearer in the header. I’ve removed that.

It seems to be working now. Thanks for your help.