Authentication Error

Invalid or expired authentication request

The state parameter is invalid or has expired. Please restart the authentication flow from your application.

💡 How XactoAuth Authentication Works

XactoAuth uses a secure OAuth 2.0 flow that requires these steps:

Initiate: Your app calls the API to generate a state parameter
Redirect: User is redirected to XactoAuth with the state
Authenticate: User signs in on this page
Callback: User is redirected back with an authorization code
Exchange: Your app exchanges the code for an access token

Correct Flow Example:

// Step 1: Call initiate endpoint
POST /api/v1/auth.php?action=initiate
{ "api_key": "xauth_live_...", "redirect_uri": "..." }

// Step 2: Redirect user to returned auth_url
// The auth_url will have the correct state parameter

🔧 Need Help?

If you're a developer integrating XactoAuth:

Use the JavaScript SDK for easy integration
Read the integration guide
Check the code examples
Ensure you have valid API credentials

← Back to Home 📚 View Documentation