Help get this topic noticed by sharing it on Twitter, Facebook, or email.
MarkK (API Architect) April 12, 2016 15:10

Upcoming May 2016 updates to /token error responses.

Hello ecobee Developers,

We strive to continuously improve ecobee’s API by constantly reviewing
our actions and responding to your valuable feedback. In this regard, we
have two important updates planned for the ecobee API in the coming
month and wanted to notify the developer community in advance of
releasing the updates.

What updates are we making?

  1. Fixing inconsistency between ecobee API OAuth token grant
    & refresh error responses and those defined by the OAuth 2.0
    specifications
  2. Removing support for the RC4 cipher suite for SSL communication


Details are provided at the end of this email

How will this impact your applications?

  1. The OAuth token grant & refresh error response update
    has no impact to application behaviour where there may be scenarios that
    should return errors and are not, and vice versa. These responses only
    affect token grant and refresh calls made to
    the api.ecobee.com/token endpoint.
  2. You will need to update your application if it is using RC4 cipher suite for SSL communication


When will these updates take effect?

All the aforementioned updates will take place in the week of May 9th. We kindly request that you make any necessary adjustment prior to May 9th.

If you have questions or concerns, our API team is always available on our forum http://developer.ecobee.com/api and can be reached directly at developer@ecobee.com.

Update details

ecobee API Oauth token grant & refresh error responses:

It was pointed out by our developer community that there were
some inconsistencies between the ecobee API OAuth token grant &
refresh error responses, and those defined by the OAuth 2.0
specification (https://tools.ietf.org/html/rfc6749#section-5.2). These responses only affect the token grant and refresh calls made to the api.ecobee.com/token endpoint.

The table below summarizes the error message changes:

Request contains an empty "grant_type" parameter (an empty string or string with only whitespaces)


Old Error Response: unsupported_grant_type

New Error Response: invalid_request




A non-empty "grant_type" type value that is unsupported (e.g. “password”)

Old Error Response: invalid_request

New Error Response: unsupported_grant_type



"code" or "refresh_token" with invalid values

Old Error Response: invalid_client

New Error Response: invalid_grant




Application has been deauthorized by the ecobee user


Old Error Response: invalid_client

New Error Response: invalid_grant




ecobee user no longer exists (ecobee account has been deleted)


Old Error Response: invalid_client 

New Error Response: invalid_grant




RC4 Cipher deprecation

As per the IETF guidelines (https://tools.ietf.org/html/rfc7465),
RC4 is no longer considered a secure cipher suite. Hence in the
interest of all our ecobee users we are depreciating the support for it
in the API.

We appreciate your understanding in adjusting to these changes. As always we welcome your feedback and questions
Reply