Integrations Troubleshooting

Common symptoms when working with App registrations and the REST API, with the likely cause and the place to verify.

Symptom: persistent "API client alert" banner on every page

Likely cause: One or more App registrations have passed their Expiration date. AlloyScan renders one rose-pink banner per expired registration at the top of every page until the registration is renewed or deleted.

Where to verify: Admin Center > Site Settings > IAM > App registrations. Look for rows where Expires shows Expired.

Resolution:

1. Open the affected registration.
2. Either push the Expiration date forward (the same Client ID and Client secret keep working) or delete the registration and create a new one if the secret has been lost. See How to renew an App registration.
3. The banner clears on the next page load.

Symptom: token request returns 401 / invalid_client

Likely cause (most common):

• Wrong Client ID or Client secret in the consumer.
• The registration has expired (Expires shows Expired).
• The registration is disabled (Enabled = No).

Where to verify:

• The App registrations grid for the registration's Enabled column and Expires column.
• The Security log for Service authentication failed rows correlated with the consumer's IP.

Resolution:

1. Confirm the Client ID matches what the consumer sends. The Client ID is visible in the grid; the secret is not.
2. If the registration is expired, extend the Expiration date.
3. If the registration is disabled, toggle Enabled back on.
4. If both look correct and the request still fails, the consumer probably has the wrong secret. Replace the registration and distribute the new secret.

Symptom: token request succeeds but specific endpoints return 403

Likely cause: The token is valid but does not have rights to the action — for example, an attempt to write into a Site that the App registration does not have access to.

Where to verify: Confirm the registration's Site scope matches the endpoint URL. Cross-Site visibility may be available to the Global Administrator role only — see App Registrations Reference.

Resolution: Either move the call into the right Site or create an App registration in the Site you need to act in.

Symptom: lost Client secret

Likely cause: The Client secret was not captured at creation time. AlloyScan displays the secret once and does not re-issue it.

Where to verify: None — the secret is genuinely unrecoverable.

Resolution: Delete the affected registration and create a new one. Distribute the new Client ID and Client secret to the consumer. See How to create an App registration.

Related

• About Authentication — interactive user authentication, distinct from App registrations.
• App Registrations Reference — full lifecycle and notification timing.