Request an access token for OAuth 2.0

[Enson Lee]

I have seen the IP Restrictions have add /32 to my IP Range (1). So I assume I have whitelist My IP. but I get Error: 400, {"error":"invalid_client"} in my test code, which is the problem? My IP, code, apikey/secret or others ?

Python code
import requests
import base64

api_key = "mykey"
api_secret = "mysecret "

# Token request
token_url = "https://oauth.fatsecret.com/connect/token"
auth_string = f"{api_key}:{api_secret}"
auth_header = base64.b64encode(auth_string.encode()).decode()

headers = {
    "Authorization": f"Basic {auth_header}",
    "Content-Type": "application/x-www-form-urlencoded"
}
data = {"grant_type": "client_credentials"}

token_response = requests.post(token_url, headers=headers, data=data)
print(f"Status Code: {token_response.status_code}")
print(f"Response: {token_response.text}")

[seba...@fatsecret.com]

Thanks for following up. To better secure OAuth 2.0 we have implemented IP Restrictions, which 'white list' IP Addresses for a given client Key/Secret.
 
We block requests to FatSecret API for a Key/Secret if the source IP is not white listed. Before releasing these IP ranges we allowed only 15 specific IP addresses, now we allow up to 15 ranges of IP addresses in your account under "Manage API Keys".
 
Example: 0.0.0.0/0 => is a range that allows any IPV4 https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
 
For Mobile apps we would recommend using an API proxy server to avoid Mobile Apps communicating directly with FatSecret APIs.
 
This proxy should be responsible for:
 
-         Managing the validity / renewal of your OAuth 2.0 access tokens
-         Forwarding any FatSecret related requests to FatSecret APIs
 
Please avoid having your client's credentials part of your Mobile App source code / configuration.