API isn't working

[adelevie]

We've been getting some C2 API-related errors on Micro-purchase and some digging has revealed that the first step of the OAuth handshake fails:

Request:

MY_OAUTH_KEY=[redacted]
MY_OAUTH_SECRET=[redacted]
MY_CREDS=`echo "$MY_OAUTH_KEY:$MY_OAUTH_SECRET" | base64`
curl -i -X POST -H "Authorization: Basic $MY_CREDS" \
  -d 'grant_type=client_credentials' \
  https://c2-staging.18f.gov/oauth/token

Response:

HTTP/1.1 401 Unauthorized
Cache-Control: no-store
Content-Type: application/json; charset=utf-8
Date: Mon, 17 Oct 2016 15:16:21 GMT
Pragma: no-cache
Server: nginx
Vary: Origin
Www-Authenticate: Bearer realm="Doorkeeper", error="invalid_client", error_description="Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: a8d01689-5020-4840-beba-b4b51261d56d
X-Runtime: 0.012835
X-Vcap-Request-Id: cad626f8-f8eb-4bd7-5965-aee2d898abc7
X-Xss-Protection: 1; mode=block
Content-Length: 173
Connection: keep-alive

{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}%   

We had this same error inside the Micro-purchase app (using the C2::Client class--from https://github.com/18F/c2-api-client-ruby).

[pkarman]

I assume the oauth key has been authorized in the staging app?

[phirefly]

@pkarman Good question. @adelevie can you clarify -- is this on production or on staging?

[adelevie]

The problem is the same on prod and staging last time I checked (last week). I'll try to check again and doc the results here.