First time here? Check out the FAQ!

Strategic MLS Alliance - invalid_client

  • retag add tags

Having trouble getting a bearer_token using and the MLS has been no help, referring me back to you. Here's the info they gave me (without the password)

MLS Name: Strategic MLS Alliance
New Paragon Login: smlsaiHouseWeb
New Paragon PW:   Use current password 
New RETS Web API: 
Web API Metadata:$metadata 

The Data Systems link above will provide a bird’s eye view of the resources available The individual resource URLs that include the “Strategic_17” parameter are the data dictionary URLs and these are the ones you should use.

Postman Access Sample Below is an example of how‐to setup data access in

Type: OAuth 2.0 Token Name: [create your own] Grant Type: Client Credentials Access Token URL: Client ID: [your login credentials] SEE ABOVE Client Secret: [your password credentials] Scope: OData Client Authorization: Send as Basic Auth Header Click Request Token ‐ When token returns, scroll down and click ‘Use Token’

I plugged in the setting to our in-house commandline client and I get 2 different errors depending on what I put in for Grant Type: For various permutations of 'Client Credentials' ('ClientCredentials','Client_Credentials','Client+Credentials') I get {"error":"unsupported_grant_type"}

/usr/local/bin/curl --silent -X POST --output "token.json" -d "Grant_Type=Client Credentials&Client_Id=smlsaiHouseWeb&Client_Secret=[REDACTED]" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k ""

If I use 'password' like some other APIs use I get {"error":"unauthorized_client"}

/usr/local/bin/curl --silent -X POST --output "token.json" -d "Grant_Type=password&Client_Id=smlsaiHouseWeb&Client_Secret=[REDACTED]" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k ""

I signed up for and tried there too with the same results.

I have no clue which setting I'm doing wrong and I'm hoping the bearer_token, once I get it, doesn't change per session.

Little help? -len

LenVinci's avatar
asked 2023-04-17 15:13:40 -0500
edit flag offensive 0 remove flag close merge delete


Hi Len,

I've used the settings from our guide (which the MLS gave you) and was able to get a Token for your user. The Postman Console showed me these, which seem to match you are using. Of course client_secret doesn't show in the console.

**Request Body**
grant_type: "client_credentials"

scope: "OData"
**Response Body**

I'm not sure if capitalization would be an issue, but that's really the only difference I can see between your result and mine.

Joe_Brueske's avatar Joe_Brueske (2023-04-19 16:06:25 -0500) edit

Hmm when I try in Postman using just parameters, no additional headers, the Post line looks like this: Type=client_credentials&Client ID=smlsaiHouseWeb&Client Secret=[REDACTED]&Scope=OData

And the the response is "unsupported_grant_type"

When I use OUR client, using the all lowercase "client_credentials" I now get a different error "Dataset not found""

/usr/local/bin/curl --silent -X POST --output "token.json" -d "Grant_Type=client_credentials&Client_Id=smlsaiHouseWeb&Client_Secret=[REDACTED]" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k ""'

LenVinci's avatar LenVinci (2023-04-19 16:19:33 -0500) edit

Hi Len,

This is a headscratcher. I'll have to continue to review tomorrow, as no solutions are coming to light.

Joe_Brueske's avatar Joe_Brueske (2023-04-19 16:48:58 -0500) edit

Sounds good. I'm off for the day so that suits me fine :-) Thanks

LenVinci's avatar LenVinci (2023-04-19 16:55:55 -0500) edit

Hi Joe, I'm back online if you have any other ideas.
In Postman I tried again, limiting it to just 3 params grant_type client_id client_secret

and I get "invalid client".

If I add our username and password to the authentication section I get "unsupported grant_type"

LenVinci's avatar LenVinci (2023-04-20 10:07:59 -0500) edit

Hi Len,

Unfortunately, we haven't found a solution to your issue. We haven't even been able to come up with a setup to reproduce your error with your credentials. We're a bit unsure as to what the root cause would be. The only thing that I could think of that's different for Postman is that we've installed the program, and you said you're using the built in browser program at Though, that only covers that piece.

Joe_Brueske's avatar Joe_Brueske (2023-04-20 15:54:08 -0500) edit

Welp maybe I can attack this from another angle. Paragon have a very nice set of documentation at which I use all the time for my other Paragon API feeds. Do you know if there are similar docs for this feed? For my other Paragon feeds (and Bridge interactive) I'm just given the bearer token and I include that in the headers for each request. I'm really hoping they have some docs available. The MLS has little info.

LenVinci's avatar LenVinci (2023-04-20 16:03:04 -0500) edit
add a comment see more comments

1 Answer


Nevermind. Got it. I tried the scheme I use for Trestle and it worked. Whew. thanks for looking into this for me though!

LenVinci's avatar
answered 2023-04-20 16:06:57 -0500
edit flag offensive 0 remove flag delete link


Sure. With our implementation of Web API, we have put out two options. With PIC ( your token is static. With OpenMLS ( the token is dynamic.

Joe_Brueske's avatar Joe_Brueske (2023-04-20 16:10:25 -0500) edit
add a comment see more comments

Your Answer

Login/Signup to Answer