400 Bad Request - "invalid_client" when authenticating

When retrieving a Bearer token using the https://api.signicat.io/oauth/connect/token endpoint, the API responds with 400 Bad Request {"error": "invalid_client"}. I am using the example from this page: developer(dot)signicat(dot)com/express/docs/api-connection.html

Here’s my typescript code:

const CLIENT_ID = "...."
const CLIENT_SECRET = "..."
const GRANT_TYPE = "client_credentials"
const SCOPES = "signicat-api"

export const fetchAuthToken = async (): Promise<TokenResponse> => {
  const authHeader = `Basic ${Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString("base64")}`;
  const response = await axios({
    method: "post",
    url: "https://api.signicat.io/oauth/connect/token",
    headers: {
      "Content-Type": "application/x-www-form-urlencoded",
      "Authorization": authHeader,
    data: new URLSearchParams({
      grant_type: GRANT_TYPE,
      scope: SCOPES,

  return response.data;

I have created an API client and secret in Signicat Dashboard and my account is a sandbox account.

This was resolved with the help of customer service.

Do not use the integration guide from this page Connecting to the API | Developer Pages but instead use this: Accessing Signicat API products | Developer Pages . But use the former one when you are accessing the express sign api.

The correct url for authenticating is https://api.signicat.com/auth/open/connect/token (incorrect in the express docs, correct on the general docs)