Integrating with the OwnerRez API can return errors when a request does not meet authentication, access, validation, or processing requirements. This article documents those errors, what triggers them, and the changes needed to resolve them. The sections below are grouped by error type, beginning with authentication and access errors that are evaluated before the requested operation runs.
OwnerRez API v2 error responses include a stable code field and a doc_url link to this article. Use code in your integration to branch error handling instead of parsing human-readable messages.
Every error response uses Content-Type: application/json with these fields:
messages— human-readable detail (one or more strings)code— stable machine-readable identifier (snake_case)doc_url— link to the section below for that codestatus— HTTP status as snake_case text (for example,unauthorized)status_code— numeric HTTP status (for example,401)
Authentication and access errors
Returned when a request fails authentication, authorization, or account access checks before the requested API operation runs.
https_required
HTTP 400. The request was not made over HTTPS. Retry using https://.
user_agent_required
HTTP 401. OAuth Bearer requests must include a User-Agent header that identifies your application.
auth_required
HTTP 401. No credentials were provided. Send a valid Personal Access Token (Basic) or OAuth access token (Bearer). See API authentication.
invalid_token
HTTP 401. The token is missing, expired, inactive, or otherwise invalid. Legacy X-OwnerRez-App / X-OwnerRez-User headers are no longer accepted.
invalid_request
HTTP 401. Basic authentication credentials are not valid Base64 or do not contain username:token format.
ip_blocked
HTTP 403. The client IP is blocked by the token’s IP allow/block list. Update the list in Settings > API, or call from an allowed address.
account_locked
HTTP 403. The OwnerRez account is locked. Contact help@ownerrez.com.
account_closed
HTTP 403. The OwnerRez account is closed and can no longer use the API.
wordpress_plugin_required
HTTP 403. The request used the WordPress plugin User-Agent prefix but the account does not have the WordPress plugin feature enabled.
messaging_not_enabled
HTTP 402. Messaging API access is not enabled for this OAuth app or token type. Personal Access Tokens cannot call messaging endpoints. See OAuth apps.
external_sites_not_enabled
HTTP 402. The Reviews and Listings endpoints require the WordPress Plugin + Integrated Websites premium, or an OAuth app with listing access. If you’re accessing your own account, self-use is included — create an OAuth app and click Grant Access To Me on the Users tab. See OAuth apps.
Request and application errors
Returned while processing an authenticated request, when the input or operation cannot be completed.
validation_failed
HTTP 400. Request data failed validation. Read messages for field-level detail.
not_found
HTTP 404. The requested resource does not exist or is not visible to the authenticated account.
permission_denied
HTTP 403. The authenticated user or app is not allowed to perform this action.
conflict
HTTP 409. The update conflicted with another change or could not complete because of a temporary conflict. Refresh and retry.
duplicate
HTTP 409. The record already exists or would create a duplicate.
rate_limited
HTTP 429. The request rate limit has been exceeded. Add a delay before retrying the request.
temporary_failure
HTTP 503. A temporary upstream or infrastructure failure occurred. Retry later.
internal_error
HTTP 500. An unexpected server error occurred. If it persists, contact support with your request timestamp and endpoint.
availability_calculation_failed
HTTP 400. Availability or pricing could not be calculated for the supplied dates or configuration. Check messages for specifics.