August Lock REST APIs (the basics)
Nolan Brown

I’ve been trying to fiddle with the rest api using postman to generate an access-token (using POST /session). The access-token I’m receiving is a jwt as intended, but when I’m trying to get information after generating it (GET /users/locks/mine) the august server is returning me:

 “code”: “InvalidCredentials”,
 “message”: “unverified access token”

Do you know how to verify that access token?

There are two methods that look like verification methods on the api:

POST /validate/email
POST /validate/phone

But you didn’t talk about them in your post and I’m in the dark about the information to send to them (tried POST/validate/email with {email: ‘’ } and received { “code”: “InvalidArgument”, “message”: “Invalid code”
}). After thinking about this, I think those methods are intended to be used to validate the email of a new user, with a code that is sent via email.

You have any idea of what I’m missing?

Thank you :)

Like what you read? Give Pierre-Luc Champigny a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.