ESI SSO Retrieving Access Token Server Error 500

Hello There,

i am trying to get the ESI Authentification working on a Projekt. It is my first attempt too the ESI API.
I am Programmierung in python. The generation of the authCode via the link to the Eve Online authentification page is working but i cannot retrieve the access token via the python code provided here:

Python Code
headers = {}
headers['Content-Type'] = "application/json"
headers['Authorization'] = "Basic " + base64(ClientID:ClientSecret)
#headers['User-Agent'] = "Mozilla/5.0 (Windows NT 6.1; W7) Gecko/20100101 Firefox/59.0"
print("Header :" + str(headers))
body ={}
body['grant_type'] = "authorization_code"
body['code'] = "_authCode_"
print("Body :" + str(body))
req =, headers = headers, data = body)
print ("Response from Server: " + str(req))
print ("Response Headers from Server: " + str(req.headers))

Everytime i get status 500 from the Server. If i try to get it via http instead of https its 404 Page not Found.
i did the Step by Step instructions on the Eve Dev Blog for ESI API.

If i request a access token via the Auth.Link and pass this to the Server for getting the CharID it is working. But this is only a one time token for 20min and i want to get the refreshtoken aswell.

Any one here who can help me with this problem?

Alexander Lion

Wrong content type; it should be. Content-Type: application/x-www-form-urlencoded

Also I highly recommend you use a library for OAuth2 instead of rolling your own, there is quite a bit to it that you would have to implement.

This is popular for Python.


thanks for the hind. I took the Content-Type from the Step by Step tutorial:

To exchange the authorization code for an access token, we need to make a post request with curl.

The URL of the POST request has the following structure:

https://{login server base url}/oauth/token

In addition, the POST request needs headers and a body. We must send an Authorization header and a Content-Type header.

The Content-Type can be application/json or application/x-www-form-urlencoded. We’re going to use JSON.

Maybe CCP should fix this, so other people dont get the same problem.

Server Response

Header :{‘content-type’: ‘application/x-www-form-urlencoded’, ‘authorization’: ‘Basic xxx’}
Body :{‘grant_type’: ‘authorization_code’, ‘code’: ‘authCode’}
Request Headers: {‘content-type’: ‘application/x-www-form-urlencoded’, ‘authorization’: ‘Basic xxx’, ‘Content-Length’: ‘100’}
Request Body: grant_type=authorization_code&code=authCode
Response from Server: <Response [200]>
Response Headers from Server: {‘Cache-Control’: ‘no-cache’, ‘Pragma’: ‘no-cache’, ‘Content-Type’: ‘application/json; charset=utf-8’, ‘Expires’: ‘-1’, ‘Server’: ‘Microsoft-IIS/8.5’, ‘Request-Context’: ‘appId=cid-v1:2ccf88f2-29b9-460a-bc15-7c0b79926f61’, ‘Date’: ‘Sun, 08 Apr 2018 13:45:48 GMT’, ‘Connection’: ‘close’, ‘Content-Length’: ‘209’}
Response Body from Server: {‘access_token’: ‘someToken’, ‘token_type’: ‘Bearer’, ‘expires_in’: 1199, ‘refresh_token’: ‘alsosomeToken’}

This worked fine now.
Reguarding the OAuth2 Lib, i will see if it is more convinient. For testing the api the above function should do well. I want to learn how to do api programmieing and so on. If i take a ready made lib, the effect of learning ist less, than by doing steps and fall on the nkees. :smile:
But thank you very much anyway.

Alexander Lion

Nice. If you are doing it to learn, keep on going.

Likely what happened is you said the content was JSON but passed URL encoded. Hence the 500 error when it tried to unmarshal the data.

Have a look at and see if that could work for you.


everything works fine now. I also managed to get the Accesscode directly into my Programm and fetching the caracter data.

Alexander Lion

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.