Marketo Access token expired

We are retrieving the leads from Marketo. I am using Marketo REST 0auth 2 for the access token.
I have created the account and selected auto refresh token,but the token is not getting refreshed after 1 hour. Pipeline still fails with the access token expired.

I am able to authorize and refresh the token manually. Anything i am missing or do we have any other workaround?

Any inputs on this please?

Marketo authentication for client_credentials expects the client_id and client_secret as query parameters. If you uncheck the last box, “Send Client Data as Basic Auth header” things should work properly (that should be used if the authentication documentation talks about sending “client details in the Authorization header”).

You’ll want to then click the “Authorize” button, then when you get updates, the “Apply” button. You’re also able to remove the auth endpoint config, client_credentials OAuth2 only makes a call out to the Token Endpoint. OAuth2 coming from client_credentials typically doesn’t have a refresh operation to make, it simply does a re-authorization during that process, you’ll notice that the Marketo documentation even shows that there’s no refresh_token returned in the response from the token endpoint. But our refresh operation will take care of re-authenticating for client_credentials or performing a refresh if a refresh_token is available, so you’ll want to keep the checkbox checked.

ResponseOfIdentity {
    access_token (string, optional): The token that you pass with subsequent calls to authenticate with the target instance,
    scope (string, optional): The owning API-only user of the custom service that was used to authenticate,
    expires_in (integer, optional): Remaining lifespan of the current token in seconds,
    token_type (string, optional): The OAuth authentication method = ['bearer']

Thanks @ddellsperger . I still see the same issue after unchecked the “Send Client Data as Basic Auth header” and also removed the auth endpoint config.
I did Authorize and the tab opened and updated and then did the “Apply” button.

I have attached the error log file.
Errors_GetAllLeads-2022-08-23T10_53_11.667.json (805 Bytes)

Which snap are you using to accomplish this, are you simply using a Rest GET/POST to obtain this data, or are you using the Marketo Snap Pack itself? Do you maybe have a pipeline screenshot that I could look at here, it seems like you’re running a series of Rest snaps to get paginated data. I remember Marketo being somewhat unique, in their documentation they state:

If you call the Identity endpoint before your token has expired, the same token and the remaining lifespan will be returned in the response.

This means that our refresh process doesn’t work the same way for Marketo as it might for other systems. Because they return an error with a value 602 rather than a http status code of 401 or 403 for an expired access token, they have to be treated somewhat differently. This is accounted for in our Marketo Snap Pack, but since this error message system that Marketo uses isn’t via status code, but via an internal error code our automated re-authentication systems do not work for Marketo with the Rest Snap Pack. I would highly suggest moving to that if it’s available to you, we don’t really have an option for retries beyond the scope of 401/403 where we force an OAuth refresh currently.

Thanks for the details @ddellsperger . I am not using the Marketo REST Snap pack. I am using only the REST Get Snap

I think maybe unfortunately, the only way around this (because Marketo returns the response as a 200 status code rather than a 401 or 403) is to move from doing this via rest to working it via the Marketo Snap Pack, I’ll see what our options are for an enhancement to support a more generic retry/reauth policy on the Rest Snap Pack, but my guess would be that we’d generally push a customer towards using the specific snap pack, in this case Marketo.

Hi @sravankunadi ,

I don’t know if this info helps but maybe it does. So what I understand is that you need to refresh your token every hour because thats mandatory to acces data?

I had with another API the same problem that I need to refresh the token every 12 hours so I created a rest post that will get the token as a result and I run it every twelve hours so I always have the new authorized token to do the rest get call after.

Let me know if this helped :slight_smile:


Thanks @JensDeveloper. Is it possible to share the pipeline?

Hi @sravankunadi ,

Below the .slp file of the pipeline I removed some urls because of confidentiality.
Token_API_Call_V1.0_2022_08_26.slp (11.0 KB)