Why is my API call to TDA's API not returning a refresh token?

Question

so I've followed the steps here to the letter: https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/ in an effort to get a refresh token so that I can build a client app in C# to use TD Ameritrade's API, to conduct special stock and option screening and trading. I got to the end before reaching any trouble.

In the very last step in getting my refresh token, where you fill out the fields on https://developer.tdameritrade.com/authentication/apis/post/token-0, it fails, I just get the following response in an HTTP 401 error:

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Headers: origin
Access-Control-Allow-Methods:
GET
Access-Control-Allow-Origin:
https://developer.tdameritrade.com
Access-Control-Max-Age: 3628800
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 31
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/json;charset=UTF-8
Date: Sat, 04 Apr 2020 16:07:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Application-Context: OAUTH_SERVICE:run:8080
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
{
  "error": "invalid_grant"
}

What could the problem be? I've double and triple checked each step and the values in the text boxes (imaged below) to receive a refresh token, but I can't get it to work. The code and client ID are properly done, as well, based on the guide's steps - I double and triple checked.

I followed the steps in the Reddit guide, and from a linked guide by TDA Ameritrade themselves, to ensure I was putting the proper values in the proper fields, so I really have no clue what's going on.

Any help is appreciated.

Answer 1

"code" or "authorization code" is only a one-time pass-key that expires after 30 minutes. It allows you to get the "access token", which, although it has a similar name, seems to be different. So make sure you URL-decode the auth code reasonably rapidly, then get your first response correctly in before 30 minutes.

Also try on weekends, as TDAmeritrade's SMS gateway has been frustratingly slow recently during the GameStop raids, and it's possible their authentication handshaking could be having problems as well during trading hours.

Note that appending "@AMER.OAUTHAP" does not seem to be necessary for the client_id slot of the manual Post Access Token form.