This guide addresses frequently encountered problems and their solutions.

Partner Invite Password Expired

If your temporary password from a partner program invitation has expired:
  1. Contact our support team to request a new invitation
  2. We’ll send you a fresh invite with a new temporary password
  3. Use the new password to complete your account setup within 24 hours
Partner invitation passwords expire after 7 days for security purposes. Be sure to set up your account promptly after receiving a new invite.

Smokeball Login Issues

If you’re unable to log in to Smokeball, this is because Partner accounts and Smokeball accounts are for separate systems:
  • Partner accounts are used for accessing the Developer Console and Partner Portal
  • Smokeball accounts are firm-specific logins used to access the Smokeball application
  • Your partner credentials cannot be used to log into Smokeball directly
If you need a Smokeball account for testing:
  1. Contact our partners team to request a test account
  2. Specify which environment and region you need access to
  3. We’ll provision a dedicated Smokeball account for your testing needs
Smokeball accounts are environment and region-specific, tied to individual firms. Your partner portal credentials won’t work for logging into Smokeball directly - you need separate Smokeball account credentials.
Don’t try using your partner portal or developer console credentials to log in to Smokeball. These are separate systems that require different authentication.

Missing TOTP/2FA Code

If you’re being prompted for a TOTP (Time-based One-Time Password) code but haven’t set up 2FA:
  1. Contact our support team to request a Partner account reset
  2. We’ll verify your identity and reset your 2FA settings
  3. You can then set up a new authenticator during your next login
TOTP codes are required for all partner accounts as an additional security measure.

OAuth Login Issues

If you’re encountering OAuth login issues, first verify you’re using the correct authorization URL:
  • Check that you’re using the base authorization URL as specified in our API Documentation
  • Ensure you’re using the correct environment-specific URL (staging vs production)
  • Verify your redirect URI exactly matches one registered in your app settings
Common OAuth login issues include:
  • Using incorrect environment URLs
  • Mismatched redirect URIs
  • Missing or invalid scopes
  • Incorrect client credentials
Using the wrong base authorization URL will cause OAuth flows to fail. Always reference the official API documentation for the correct endpoints.

Rate Limits

If you’re experiencing API rate limits, this is expected behavior to ensure platform stability and fair usage:
  • Rate limits are enforced per client ID and endpoint
  • Refer to our API Documentation for specific limits
  • Use exponential backoff when retrying rate-limited requests
  • Consider caching frequently accessed data
Rate limits help maintain platform stability and ensure fair access for all integrations. Your app should be designed to work within these constraints.
Rate limit increases are only granted in exceptional circumstances. Design your integration to work efficiently within the standard limits.

Handling 401 Unauthorized Errors

If you encounter a 401 Unauthorized error when calling the API, it typically indicates an authentication or permission issue. Here are the most common causes and how to resolve them:
  • Insufficient Permissions: The access token being used does not have the necessary permissions to access the requested resource. Ensure the authenticated user or application has the correct roles or access levels.
  • Incorrect or Missing Scopes: The token was generated without the required scopes. Double-check your app’s configuration to make sure you’ve requested the appropriate scopes. For more information, refer to Building your app.
  • Invalid Account or User ID (Server-to-Server Requests): If you’re making server-to-server API calls, verify that the AccountId or UserId you’re passing is correct and valid for your environment.

Unable to request Access Token

A common issue occurs when attempting to exchange the authorization code for an access token and receiving a 400 Bad Request response from the token endpoint. This often happens when developers reuse an old or already-used authorization code. It is likely one of the following issues: Authorization Code can only be used once Each authorization code is single-use only. If the first request to exchange the code for an access token fails (even due to an invalid parameter or network issue), the code becomes invalid and cannot be reused.
If you’re not sure whether the token request succeeded, assume the code is no longer valid and initiate the flow again to get a fresh code.
Authorization Code has a short expiry Authorization codes are time-sensitive. Most providers (including ours) only allow a few minutes between issuing the code and redeeming it for an access token. After that, the code expires and is rejected, even if it hasn’t been used yet.
Make sure you are exchanging the code for a token as soon as it’s issued—ideally within seconds or a couple of minutes.
Recommended Steps
  1. Restart the Authorization Code flow from the beginning.
  2. Authorize the app again to receive a fresh code.
  3. Immediately make the token request using the new code.
  4. If the request fails again, double-check:
    • Redirect URI matches exactly (including trailing slashes).
    • Client ID and Client Secret are correct.
    • Headers and content type are properly set (application/x-www-form-urlencoded).