Why do I keep getting errors.unknown_or_used when requesting an access_token?

The codes that are generated when a user goes through the authorization process are restricted in a number of ways. This error means one of two things:

1. The code has expired or has already been used

Codes are single use codes that expire in a relatively short time frame. So when if you’re building an auth flow from scratch and not using something like Omniauth, you will need to be careful to request a new code each time you want to test your access_token redemption process.

2. The information passed when redeeming the code doesn’t match the authorization values.

The most common cause of this is that redirect_uri value passed to Request Access Token doesn’t match that used in the Authorization Request.

You can inspect the token request in your Developer Dashboard and cross reference that against the preceding authorization request

These restrictions help to ensure that codes don’t end up in the wrong hands.