API Not Working Despite Successful OAuth Verification – Need Assistance

Fahid_Idrees · December 2, 2025, 8:09pm

Hi Team,

I’ve completed all the required steps for OAuth token verification and API configuration, but the Freshsales API is still not working as expected. Below is a summary of what I have already validated:

OAuth Token Validation Confirmed that OAuth tokens are being issued correctly and are valid. Verified that all necessary OAuth scopes are being requested during authorization, including the full list of Freshsales permissions required for the intended operations. Checked token expiration and confirmed that refresh token handling is implemented properly.

API Base URL & Domain Configuration Verified that the API base URL and domain being used match the configured Freshsales account region.

API Endpoint Usage & Payload Structure Ensured that the API endpoints being used (e.g., list creation, fetching records, other operations) follow the official Freshsales/Freshworks API documentation.

Confirmed that JSON payloads are structured exactly as required by the API.Compared the expected request/response formats with actual responses to ensure there are no discrepancies. ()Despite all of the above checks, the API is still not functioning correctly.

Could you please advise what might be causing the issue, or whether there are any additional configuration steps, account-level settings, or API-level limitations that I should verify?

Any guidance or logs on your side that could help identify the root cause would be greatly appreciated.

Sample request is as:

curl -H "Authorization: Token token=token_got_from_the_oauth" \

     -H "Content-Type: application/json" \

     -X GET "https://slashexperts.myfreshworks.com/crm/sales/api/deals/filters"

Fahid_Idrees · December 2, 2025, 8:33pm

{"login":"failed","message":"Incorrect or expired API key"}%

Will_van_der_Leij · December 3, 2025, 1:30pm

You get the API key from your profile don’t you?

Fahid_Idrees · December 3, 2025, 2:18pm

I got it, and when using that differently, e.g.

curl --location “``https://test-916279841856932133.myfreshworks.com/crm/salesapicontacts/1?include=owner”``
–header “Authorization: Token token=Dce6RGdMNpGC-MqDPKNpPA”
–header “Content-Type: application/json”

API endpoint structure - Try with alternative URLs:

Tried without /crm/sales prefix

curl -H “Authorization: Token token=NYyprebF5ih8h0UjynUcng”
-H “Content-Type: application/json”
-X GET
“``https://test-916279841856932133.myfreshworks.com/api/contacts”

Tried with a different API structure

curl -H “Authorization: Token token=NYyprebF5ih8h0UjynUcng”
-H “Content-Type: application/json”
-X GET
“``https://test-916279841856932133.myfreshworks.com/api/v2/contacts”

None of them worked for me.

I am on a trial account and follow the same flow as mentioned → How to find my API key? : Freshsales

Fahid_Idrees · December 3, 2025, 2:24pm

one last api request comes up with this error.

curl --location “ Freshworks ” \

–header “Authorization: Token token=IT-16KgJ5yYP7hBwucKoFg” \

–header “Content-Type: application/json”

FreshworksparcelRequire=function(e,t,n,i){var r,s=“function”==typeof parcelRequire&&parcelRequire,o=“function”==typeof require&&require;function a(n,i){if(!t[n]){if(!e[n]){var r=“function”==typeof parcelRequire&&parcelRequire;if(!i&&r)return r(n,!0);if(s)return s(n,!0);if(o&&“string”==typeof n)return o(n);var c=new Error(“Cannot find module '”+n+“'”);throw c.code=“MODULE_NOT_FOUND”,c}l.resolve=function(t){return e[n][1][t]||t},l.cache={};var u=t[n]=new a.Module(n);e[n][0].call(u.exports,l,u,u.exports,this)}return t[n].exports;function l(e){return a(l.resolve(e))}}a.isParcelRequire=!0,a.Module=function(e){this.id=e,this.bundle=a,this.exports={}},a.modules=e,a.cache=t,a.parent=s,a.register=function(t,n){e[t]=[function(e,t){t.exports=n},{}]};for(var c=0;c<n.length;c++)try{a(n[c])}catch(e){r||(r=e)}if(n.length){var u=a(n[n.length-1]);“object”==typeof exports&&“undefined”!=typeof module?module.exports=u:“function”==typeof define&&define.amd&&define((function(){return u}))}if(parcelRequire=a,r)throw r;return a}({b2lR:[function(e,t,n){“use strict”;Object.defineProperty(n,“__esModule”,{value:!0}),n.default=void 0;var i=function(e){var t=e.inlineScript,n=e.src,i=e.onload,r=e.defer,s=document.createElement(“script”);if(t){var o=document.createTextNode(t);s.appendChild(o)}else s.onload=i,s.src=n,s.defer=r;document.getElementsByTagName(“head”)[0].appendChild(s)};n.default=i},{}],ZV6f:[function(e,t,n){“use strict”;Object.defineProperty(n,“__esModule”,{value:!0}),n.default=function(){for(var e={},t=function(t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},n=0;n<arguments.length;n++)t(arguments[n]);return e}},{}],dNWB:[function(e,t,n){“use strict”;var i=s(e(“./utils/inject-scripts”)),r=s(e(“./utils/shallow-merge.js”));function s(e){return e&&e.__esModule?e:{default:e}}function o(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,“value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}function a(e,t,n){return t&&o(e.prototype,t),n&&o(e,n),e}function c(e,t){if(!(e instanceof t))throw new TypeError(“Cannot call a class as a function”)}!function(e){var t=window.performance,n=function(e,n){return!t||“Start”===e&&null!==this.fromMetric||t[n](this.id+”-“+e),this},s=function e(i){var s=this;c(this,e),this.id=(new Date).getTime()+”-“+t.now()+”-“+Math.random(),this.duration=i.duration||0===i.duration?i.duration:null,this.fromMetric=i.fromMetric||null,this.logName=i.logName||null,this.meta=(0,r.default)(i.meta)||{},this.scheduleType=i.scheduleType||“immediately”,this.startTime=i.startTime||null,this.useEarliestStartMark=i.useEarliestStartMark||!0,this.startMarkName=this.fromMetric&&“timeOrigin”!==this.fromMetric?”“.concat(this.fromMetric+”-Start"):“”.concat(this.id+“-Start”),this.endMarkName=this.id+“-End”,this.isActive=!0,[“Start”,“End”].forEach((function(e){s[“mark”+e]=n.bind(s,e,“mark”),s[“clear”+e]=n.bind(s,e,“clearMarks”)})),this.clearMeasurements=function(){[“Start”,“End”].forEach((function(e){return s[“clear”+e].call(s)}))},this.assignMeta=function(e){return s.meta=(0,r.default)(s.meta,e),s.meta},this.calculateDuration=this.getPayload=this.remove=function(){return s},this.send=function(){return s.isActive=!1,s}},o=function(){function n(){c(this,n),this.config={},this.userContext={},this.isActiveBrowserTab=“visible”===document.visibilityState,this._events={},this._eventsToTrackOnce={}}return a(n,[{key:“initialize”,value:function(e,t){this.config=e,this.setContext(t)}},{key:“getEventById”,value:function(e){return this._events[e]||null}},{key:“removeEventById”,value:function(){}},{key:“sendEvents”,value:function(e){for(var t in this._events)Object.prototype.hasOwnProperty.call(this._events,t)&&(this._events[t].scheduleType===e||“immediately”===this._events[t].scheduleType)&&this._events[t].isActive&&this._events[t].send()}},{key:“setContext”,value:function(e){this.userContext=(0,r.default)(this.userContext,e)}},{key:“setCurrentRoute”,value:function(e,t){this.currentRouteName=e,this.currentRouteURL=t}},{key:“trackEvent”,value:function(e){var t=new s(e);return this._events[t.id]=t,t}},{key:“trackEventOnce”,value:function(e,t){if(!this._eventsToTrackOnce[e]){if(void 0===t)return null;var n=!1!==t.shouldPersist;t.logName=t.logName||e,this._eventsToTrackOnce[e]=this.trackEvent(t),this._eventsToTrackOnce[e].trackOnceLogName=e,this._eventsToTrackOnce[e].shouldPersist=n,n||(this._eventsToTrackOnce[e].send=function(){var t=this._eventsToTrackOnce[e];return t.isActive=!1,delete this._eventsToTrackOnce[e],t}.bind(this,e))}return this._eventsToTrackOnce[e]}},{key:“injectAnalyticsCollector”,value:function(e){var t=e.cdnDomain?e.cdnDomain:“``https://fe-perf-assets.freshworks.com``”;return e.src=t+“/v2/analytics-2.0.0.js”,(0,i.default)(e),!0}},{key:“isAnalyticsLite”,get:function(){return!0}},{key:“isAnalyticsEnabled”,get:function(){return!(!t||!e)}}]),n}();if(!window.FW_RUM){var u=new o;e.shouldAutoLoadAnalytics=!("shouldAutoLoadAnalytics"in e)||e.shouldAutoLoadAnalytics,u.config=e,window.FW_RUM=u,window.ANALYTICS_INTERFACE_HISTORY_LENGTH=history.length;var l={preloadData:{},preloadAssets:{},cssAssets:{},vendorScript:{},frontendScript:{},primaryScript:{},secondaryScript:{},htmlParsing:{fromMetric:“timeOrigin”}};Object.keys(l).map((function(e){return u.trackEventOnce(e,l[e])})),e.shouldAutoLoadAnalytics&&document.addEventListener(“DOMContentLoaded”,(function(){window.FW_RUM.injectAnalyticsCollector({defer:!0})}),{once:!0}),window.addEventListener(“visibilitychange”,(function(){“visible”===document.visibilityState&&0===t.getEntriesByName(“PerformanceTracking:FirstTabFocusEnd”).length&&t.mark(“PerformanceTracking:FirstTabFocusEnd”)}))}}({scheduler:{metricsAdapters:[{name:“trigmetry”,options:{endpoint:“``https://rum.haystack.es/freshid/analytics",authToken:“121db32190fbe328d284ee40d2521506”,schedulable:!0}}]}})},{“./utils/inject-scripts”:“b2lR”,“./utils/shallow-merge.js”:“ZV6f”}]},{},["dNWB``”])You need to enable JavaScript to run this app.

Will_van_der_Leij · December 4, 2025, 9:31am

https://test-916279841856932133.myfreshworks.com/crm/sales/api/search?q=johnnychow&include=contact

works for me…

Fahid_Idrees · December 4, 2025, 8:56pm

Now **Access Denied, for list APIs.
**

curl -H "Authorization: Token token=IT-16KgJ5yYP7hBwucKoFg" -H "Content-Type: application/json" -X GET "https://test-916279841856932133.myfreshworks.com/crm/sales/api/lists"

{"errors":{"code":403,"message":["Access Denied"]}}%