# Authentication Errors
Below is a description of possible authentication errors that can be returned.
| Error | Message | Details |
|---|---|---|
| invalid_client | Browser requests to the token endpoint must use Proof Key for Code Exchange | You are trying to authenticate through a client side script such as Javascript. Please use a middleware proxy layer for a Machine to Machine authentication. |
| invalid_client | Invalid value for 'client_id' parameter. | The Client Id provided is inaccurate. Double check the credentials supplied to you by Benevity. |
| invalid_client | The client secret supplied for a confidential client is invalid. | The Client Secret provided is inaccurate. Double check the credentials supplied to you by Benevity. |
| invalid_request | The token request must specify a 'grant_type'. Valid values: [client_credentials] | You did not supply the grant type via query parameter. Example: ?grant_type=client_credentials. |
| E0000021 | Bad request. Accept and/or Content-Type headers likely do not match supported values. | You must supply the Content-Type in the header with a value of application/x-www-form-urlencoded. |
| x-amzn-ErrorType: UnauthorizedException | Unauthorized | The token you're using has expired. Tokens have a 3600 second (1 hour) lifetime. |