FedEx API Access Token Generation

Questions
, , ,
1

Describe the problem/error/question

I’m trying to use the FedEx API and sometimes it works and a lot of the time it doesn’t work and I get an error (see below). FedEx believes it’s an issue where the access token is not being regenerated. They tested this by remoting into my machine and using Postman to generate a token and then sending the Tracking request and receiving the data succcessfully. Their tokens are good for 3,600 milliseconds (1 hour). How can I force n8n to regenerate a new token and use it in my flow every 50-60 minutes?

What is the error message (if any)?

“400 - “{"transactionId": "ba576027-522c-452a-942d-22b5653ac9d6","errors":[{"code":"BAD.REQUEST.ERROR","message":"The given JWT is invalid. Please modify your request and try again."}]}””

Please share your workflow

Information on your n8n setup

  • n8n version: 0.230.3
  • Database (default: SQLite): Postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app): App
  • Operating system: Ubuntu Linux 20.4
2

Hey @tberneman,

If you are using OAuth in your request we will automatically refresh the token when it expires so it could be that the oauth configuration you are using is incorrect. If it sometimes works after the 1 hour window though it would suggest that the refresh is happening and there could be something else going wrong.

Can you share the OAuth docs for the API and we can take a quick look.

3

FedEx Authorization API Details

This API allows you to authorize the API requests and it is required to authenticate the FedEx resources. The following section describes the prerequisites for the API:

While registering to FedEx Developer portal, FedEx provides a combination of Client ID (API Key) and Client Secret (Secret Key) to authenticate API requests for your project. Each project under your organization is associated with a combination of Client ID and Client Secret, called as API credentials.

Note: Customers (Internal, Compatible or Proprietary Parent Child) can contact FedEx representative to obtain API and Secret Keys.

To provide an extra layer of security, the FedEx® customers (Internal, Compatible or Proprietary Parent Child) can send Child Key (Customer Secret) and Child Secret (Customer password) in addition to the API Key and Secret Key to create an OAuth token. This token is used in every API request for authentication.

You can recreate the forgotten Secret Key from the Projects page on the FedEx Developer Portal.

Note: Creation of new keys will result into code change in your application.

Important information in this document:

  • Client Key as API Key
  • Client Secret as Secret Key
  • Child Key as Customer Key
  • Child Secret as Customer Password

API credentials serve the following purposes:

  • They identify the project making a call to the APIs.
  • They authorize access to the APIs that are enabled under your project.

How to get API Credentials

Credentials are created based on inputs in the FedEx Developer Portal:

  • Client ID – API Key (Client ID) gets created when a project is created on FedEx Developer portal. You can also view the API Key associated with the project on the Project Overview page.
  • Client Secret – You will see the Secret Key (Client Secret) on the confirmation page once a project is created on the FedEx Developer portal. If needed, the Secret Key can also be regenerated, on the Project Overview page.

Note: FedEx® customers (Internal, Compatible or Proprietary Parent Child) need to send Child Key (Customer Secret) and Child Secret (Customer password) in addition with API Key and Secret Key for creating OAuth token. Refer Credential Registration API for how to get Child Key and Child Secret.

How the Authorization API Works

API Authorization

Once you have secured the API credentials on FedEx Developer portal, the OAuth endpoint is used to get an access token which is used as credentials with each API transaction.

These are the required inputs associated with the OAuth request:

  • grant_type – Type of customer. (Valid values: client_credentials, csp_credentials, client_pc_credentials)
  • client_id – Refers to the Project API Key.
  • client_secret – Refers to the Project API Secret Key.

For FedEx® Internal, Compatible or Proprietary Parent Child customers, send the below additional inputs:

  • child_id – Customer Key returned through Credential Registration API request.
  • child_secret – Customer password returned through Credential Registration API request

The result of this request should return below:

  • access_token – The encrypted OAuth token that needs to be used in the API transaction.
  • token_type – Type of token. In this case, it is bearer authentication.
  • expires_in – Token expiration time in milliseconds. One hour is the standard Token expiration time.
  • Scope – Scope of authorization provided to the consumer.

Examples

Request:

POST /oauth/token HTTP/1.1
grant_type= client_credentials&client_id=your client ID&client_secret=Your secret

Response:

{ ″access_token″: ″eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX………″,
″token_type″: ″bearer″,
″expires_in″: 3600,
″scope″: ″CXS″
}

My Credential info

image
image834×693 21.2 KB

4

Hey @tberneman,

That looks to be me like it should be working, Does it always fail after an hour or does it sometimes work as expected? Do you also ever use the never fail option on the http request node?

5

I haven’t been able to get the workflow to work for over 2 days now. I did successfully get it to work via Postman.

When you say “never fail option” do you mean the “Retry On Fail” option under Settings for the HTTP node? I just tried that and set it to 2, 3, and 5 tries and 1000, 2000, and 3000 milliseconds in between and it still doesn’t work.

6

What settings are you putting in Postman?

7

image
image1111×843 57.1 KB

image
image1032×913 44.4 KB

image
image759×571 40.1 KB

image

8

Hey @tberneman,

Oddly enough that is not using OAuth it is just manually calling the API to generate a token, You can do that with the HTTP Request node and it would work. What happens if you configure Postman to use OAuth to get the token?

9

I’m not sure what you mean “configure Postman to use OAuth”, how do I do that?

Also, since the url it’s calling is “https://apis.fedex.com/oauth/token” doesn’t that imply it’s getting an OAuth token? In my credential file should I change it from OAuth2 to OAuth1?

10

Hey @tberneman,

It does imply it is getting a token but you can also tell n8n to do that with an http request node, What you are doing is not checking if a refresh works and you are just generating a new token as needed.

I think in Postman under the authentication type there is an oauth option where you can set the same thing you are using in n8n to see if that works.

11

I changed the Authorization type to OAuth2 and I get a token.

image
image1045×793 61.1 KB

12

FYI: I just deleted the Credential and created a New one with a newly generated Secret and it still doesn’t work.

13

Does the oauth option in Postman work after an hour? There is no reason I can think of for it to fail in n8n at the moment. Is the FedEx API easy to get hold of for testing?

14

I got it to work! I looked at Postman and the OAuth credentials were in the Body and in my credentials it was set to Header. I had it working initially and did have it set to Body but I think my manager might have changed it when he was tweaking on things after I got it working initially. You notice above in my screenshot it was correct there! I will watch and reply later if it works every hour.

2 Likes
15

FYI: I’m still getting errors that I’m trying to track down. I create a new Secret and it seems to work once then it errors out.

ERROR: Forbidden - perhaps check your credentials?

“status”:
“rejected”,
“reason”:
{
“message”:
“403 - “\nAccess Denied\n\n

Access Denied

\n \nYou don’t have permission to access "http://apis.fedex.com/track/v1/trackingnumbers" on this server.

\nReference #18.ac86c817.1688055559.139c46a7\n\n\n””,

16

That is very odd, It does look like it just isn’t refreshing at all which doesn’t make sense. Have you tried getting the token in a workflow manually to see if that changes anything?

17

Wow, what timing! I was just talking to my manager about that. I had seen somewhere that I could generate a token and then use that in the HTTP node and was gonna research how to do it. Can you provide an example? Thanks!

18

Hey @tberneman

I don’t have an example ready to go but it is pretty much why you were doing in postman before, if you copy the curl command from postman you should be able to import it directly into n8n

19

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.