Oauth Flow Questions

I’m having trouble getting passed the oauth flow. I first hit the oauth/authorize endpoint with my client id and in the call_back I get the code to exchange for an access token. However, I don’t get a state.

  1. Is that correct? does veeqo only return a code?

When I try to exchange the code for an access_token, I always get the same 401 error saying:

    "error": "invalid_client",
    "error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."

I don’t understand how that’s possible if the same client_id worked for getting the code.

  1. Does any know what the headers of the request should look like? I didn’t fin any info on the documentation regarding the headers during oauth flow, and I’m thinking my error may be there.
    Right now I’m using:
    ‘Content-Type: application/x-www-form-urlencoded’
    But I’m thinking maybe I need to include the x-api-key parameter as well? Or instead of naming it content-type, name it ‘accept’, as in their documentation for other endpoints?

Thank you