authentication – SharePoint API: Invalid Access Token Resource


I am trying to obtain an access token for use with the SharePoint Rest API. For my organizations base site. I am able to obtain a token and use that token to make subsequent requests successfully.

Next, I followed the same process and created more app permissions for a different site: {{tenant removed}}/sites/testsite. I was initially unable to create the request for the token because the resource parameter was not valid (see image below):

enter image description here

Per the URI encoding standards, I replaced the “/” in the site url with “%2f” and I am able to get a token (see image below):

enter image description here

Next however, the requests using that token to the API fail:

{
"error_description":
"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."
}

In the response header:

3000003;reason=”Invalid audience Uri
‘00000003-0000-0ff1-ce00-000000000000/{{tenant
removed}}%2fsites%2f{{removed}}@{{realm
removed}}’.”;category=”invalid_client”

Did I encode the resource incorrectly? What am I missing? How can I use this method to get information from the other site?