Jump to content

Issues for first steps with use API Accountig v3.1 ES


Recommended Posts


I'm try to use API Accountig v3.1 ES 

On Postman I have installed Savagge examples, and connecting for get access token.

Also make code for validate access token, and if is near to expired, get a new token using refresh token.

API Accountig v3.1 ES


public function verifyAndRefreshToken()
    if ($this->extToken === null) {
        throw new SageException('No ExtToken found.');

    if (!$this->isAccessTokenValid()) {

public function isAccessTokenValid(): bool
    return $this->extToken->access_expires->subSeconds(15) >= now();

public function refreshAccessToken()
    $extToken = ExtToken::find('sage');

    $params = [
        'client_id' => config('services.sage.client_id'),
        'client_secret' => config('services.sage.client_secret'),
        'grant_type' => 'refresh_token',
        'refresh_token' => $extToken->refresh,

    $response = Http::asForm()->post(config('services.sage.refresh_endpoint'), $params);

    if ($response->successful()) {
        $data = $response->json();


        // Update tokens
        $extToken = ExtToken::find('sage');
            'access' => $response->json()['access_token'],
            'refresh' => $response->json()['refresh_token'],
            'access_expires' => now()->addSeconds($response->json()['expires_in']),
            'refresh_expires' => now()->addSeconds($response->json()['refresh_token_expires_in']),

        // Update propierty of class
        $this->extToken = $extToken;
    } else {
        throw new SageException('Error refreshing access token', $response->status());

After this go to get the call


public function getRequest()
    $endpoint = $this->endpoint . '/' . $this->action;

    if (!is_null($this->key) && $this->key !== '') {
        $endpoint = $endpoint . '/' . $this->key; // https://api.accounting.sage.com/v3.1/bank_accounts

    try {
        $response = Http::withHeaders([
            'Accept' => 'application/json',
            'Authorization' => 'Bearer ' . $this->extToken->access, // Valid token access
            ->timeout(30)  // Timeout in seconds
            ->get($endpoint, $this->params);

        ray($response->json(), $response)->die();

And get this error.


array:1 [▶
  0 => array:4 [▶
    "$severity" => "error"
    "$dataCode" => "AuthorizationFailure"
    "$message" => "Access denied. Account inactive. (CAI)"
    "$source" => ""

I'm desperate with this issue.


CastrisReturns all Bank Accounts - Sage0929203715.jpg

Edited by Abk
Add image
Link to comment
Share on other sites

After analyzing the refresh action in postman I see a difference in headers.  Authorization

I have tried use with

$headers = [
'Authorization' => 'Basic ' . base64_encode(config('services.sage.client_id') . ':' . config('services.sage.client_secret')),
'Accept' => 'application/json'


I have also done a test.

- From Postman, I have requested the token refresh.
- I have copied the new access token into my code.
And my code works.

So I don't understand why, if I get a new access token with the refresh one in my application, without error, the new access token tells me

     "$severity" => "error"
     "$dataCode" => "AuthorizationFailure"
     "$message" => "Access denied. Account inactive. (CAI)"
     "$source" => ""


CastrisSage Business Cloud Accounting - Accounts - Sage0930062818.jpg

Link to comment
Share on other sites


Thanks for your question. The first thing to clarify is if the Spanish business you are using to test is active. The response you are seeing is related to the status of the business you are using to authenticate your application. 

Are you able to sign into the business using the below url? 


If you find the trial period of the business has expired you'll need to provide the information requested at https://developer.sage.com/accounting/quick-start/upgrade-your-account/ and request for the trial period to be extended.

If you're able to access the business and the problem lies with your POSTMAN request try using the attached environment and collection. You'll need to select and edit the environment once imported and then add your client_id and secret against the relevant variable. The callback url is also set to be the default POSTMAN app callback https://www.postman.com/oauth2/callback, if this is not a registered callback url in https://developerselfservice.sageone.com/session/new you'll need to add it to the list of your registered application.

Once you have selected the imported environment and made the above changes use the Initial Auth Request in the imported collection to obtain the access and refresh tokens. Highlight the access token when returned, right click to save the access token to the relevant environment variable. Repeat the previous step to save the refresh token. 

With the tokens saved in the environment variables, make a request to the businesses API and then save the business_id you are using to the variable in the environment.

Once the business_id is set, use the bank_accounts request in the collection to return the data. Both the businesses and bank_acounts GET requests have a pre-request script running which exchanges the access tokens based on the accessTokenExpires variable value that was set when you saved the access and refresh tokens.





POSTMAN env and collection for SBCA.zip

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...