Common issues
General issues
Detailed issue
<!doctype html>
<html lang="en" style="height: 100%">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="theme-color" content="#000000">
<meta name="robots" content="noindex,nofollow">
<link rel="shortcut icon" href="https://web-login-v2-cdn.onelogin.com/login2/favicon.ico">
<script type="text/javascript"
src="https://cdn.cookielaw.org/consent/acac541d-dd27-479c-854b-d21d620c7af5/OtAutoBlock.js"></script>
<script type="text/javascript">
window.thisdata = { options: {} };
</script>
<script type="text/javascript" src="https://cdn.onelogin.com/onelogin-vigilance.min.js" async=true></script>
<title>OneLogin</title>
<!--[if lt IE 9]>
<style>
.withConditionalBorder {
border-width: 1px;
border-style: solid;
border-color: #e8eaeb;
}
</style>
<![endif]-->
</head>
<body
style="padding: 0; margin: 0; height: 100%; font-family: Roboto, 'Helvetica Neue', Helvetica, 'Segoe UI', Arial, sans-serif;">
<noscript>
You need to enable JavaScript to run this app.
</noscript>
<div id="root" style="height: 100%"></div>
<!--[if lt IE 10]>
<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.7/es5-shim.min.js"></script>
<script src="https://cdn.polyfill.io/v2/polyfill.min.js?features=Intl.~locale.en"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/json3/3.3.0/json3.min.js"></script>
<script type="text/javascript" src="https://web-login-v2-cdn.onelogin.com/login2/vendor-es31648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<script type="text/javascript" src="https://web-login-v2-cdn.onelogin.com/login2/intl-es31648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<script type="text/javascript" src="https://web-login-v2-cdn.onelogin.com/login2/app-es31648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<![endif]-->
<!--[if gte IE 10 | !IE ]><!-->
<script type="text/javascript"
src="https://web-login-v2-cdn.onelogin.com/login2/vendor1648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<script type="text/javascript"
src="https://web-login-v2-cdn.onelogin.com/login2/intl1648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<script type="text/javascript"
src="https://web-login-v2-cdn.onelogin.com/login2/app1648af8d2886e977b6cf434196ca0aef1fb7fa38.js"></script>
<![endif]-->
</body>
</html>
Solution
Add your X-Qonto-Staging-Token
(available in the Developer Portal) in the header of your API call.
Solution
There is probably a mistake in the url you are calling (ex: your are trying to call /v2/organizations
instead of /v2/organization
), cf. the API Reference to verify if the url you are calling is correct.
Issues specific to the Business API
OAuth
Detailed issue
“The request is not allowed. No CSRF value available in the session cookie”
Solution
Here are the common causes for CSRF error:
- Cookie is not being properly passed/stored in the browser;
- The consent app is not properly passing back the CSRF token in the redirect;
- Multiple parallel auth flows interfering with each other’s cookies (user might have started the OAuth flow in two browsers or tabs);
- Browser security settings blocking or clearing the cookies.
Solution
Use the offline_access
scope in the login endpoint.
Detailed issue
{
"error": "invalid_grant",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"status_code": 400
}
OR
{
"error":"token_inactive",
"error_description":"Token is inactive because it is malformed, expired or otherwise invalid. Token validation failed."
"status_code": 401
}
Our API implements automatic reuse detection for refresh tokens to prevent potential security vulnerabilities. This ensures that refresh tokens are not used multiple times simultaneously, which could compromise security.
For more detailed information on this mechanism, you can refer to Auth0’s documentation on automatic reuse detection, which outlines the principles and benefits of this approach.
Solution
2 common use cases :
- You are trying to refresh a token that has already been refreshed. When a refresh token is used twice all the refresh tokens belonging to the same consent are invalidated.
- A new OAuth consent has been given in the meantime. This is invalidating the refresh token of the previous consent.
You should ask for a new OAuth consent (login endpoint + token endpoint) in order to get a new refresh token.
Don’t forget to store the new refresh_token
as they are one time use.
Other topic
Solution
Unfortunately, it’s not possible to create a native connection between a No-Code tool and Qonto Sandbox i.e. you can only create a native connection with a Qonto Production account. However, you could establish a connection with Qonto Sandbox by using the HTTP brick (OAuth or API key depending on your needs).
Detailed issue
{
"errors": [
{
"code": "search_limit_reached",
"detail": "pagination is invalid. Search limit of 10000 transactions reached. Please use a smaller filter set.",
"source": {
"pointer": "/pagination"
}
}
]
}
Solution
You should check the total_pages
/ total_count
fields in the meta object received in the response (when calling the first page). If the total_pages
> 100 or the total_count
> 10 000, it means that you’ll have to split the initial request in batches by using filters.
To do so, this is what I suggest:
- Call the first page with the default sorting.
- Get the value of the
settled_at
field of the first transaction : let’s call itend_date
- Call the first page with the following sorting parameter :
asc
- Get the value of the
settled_at
field of the first transaction : let’s call itstart_date
- Let’s say that :
number_of_batches
=total_count
/ 10 000 → round it up (ex: if you get 1.3, the number of batches will be 2)initial_period
=end_date
-start_date
= X secondsnb_of_seconds_per_bacth
=initial_period
/number_of_batches
- Call the /v2/transactions endpoint
number_of_batches
times by applying thesettled_at_from
andsettled_at_to
filters:- First batch:
settled_at_from
=start_date
&settled_at_to
=start_date
+nb_of_seconds_per_period
- n-th batch:
settled_at_from
=start_date
+ (n-1) xnb_of_seconds_per_period
&settled_at_to
=start_date
+ n xnb_of_seconds_per_period
- Last batch:
settled_at_from
=end_date
-nb_of_seconds_per_period
&settled_at_to
=end_date
- First batch:
Was this page helpful?