diff --git a/internal/ghl/oauth.go b/internal/ghl/oauth.go
index e5b6054..003e684 100644
--- a/internal/ghl/oauth.go
+++ b/internal/ghl/oauth.go
@@ -293,9 +293,11 @@ func (h *OAuthHandler) getCompanyLocations(ctx context.Context, companyAccessTok
 	if err != nil {
 		return nil, err
 	}
+	// appId expects the 24-hex MongoDB ObjectId portion of the client ID (before any "-" suffix).
+	appID := strings.SplitN(h.clientID, "-", 2)[0]
 	q := req.URL.Query()
 	q.Set("companyId", companyID)
-	q.Set("appId", h.clientID)
+	q.Set("appId", appID)
 	q.Set("isInstalled", "true")
 	req.URL.RawQuery = q.Encode()
 	req.Header.Set("Authorization", "Bearer "+companyAccessToken)