API v2.0 Error Responses

Integrating with the OwnerRez API can return errors when a request does not meet authentication, access, validation, or processing requirements. This article documents those errors, what triggers them, and the changes needed to resolve them. The sections below are grouped by error type, beginning with authentication and access errors that are evaluated before the requested operation runs.

OwnerRez API v2 error responses include a stable code field and a doc_url link to this article. Use code in your integration to branch error handling instead of parsing human-readable messages.

Every error response uses Content-Type: application/json with these fields:

  • messages — human-readable detail (one or more strings)
  • code — stable machine-readable identifier (snake_case)
  • doc_url — link to the section below for that code
  • status — HTTP status as snake_case text (for example, unauthorized)
  • status_code — numeric HTTP status (for example, 401)

Authentication and access errors

Returned when a request fails authentication, authorization, or account access checks before the requested API operation runs.

https_required

HTTP 400. The request was not made over HTTPS. Retry using https://.

user_agent_required

HTTP 401. OAuth Bearer requests must include a User-Agent header that identifies your application.

auth_required

HTTP 401. No credentials were provided. Send a valid Personal Access Token (Basic) or OAuth access token (Bearer). See API authentication.

invalid_token

HTTP 401. The token is missing, expired, inactive, or otherwise invalid. Legacy X-OwnerRez-App / X-OwnerRez-User headers are no longer accepted.

invalid_request

HTTP 401. Basic authentication credentials are not valid Base64 or do not contain username:token format.

ip_blocked

HTTP 403. The client IP is blocked by the token’s IP allow/block list. Update the list in Settings > API, or call from an allowed address.

account_locked

HTTP 403. The OwnerRez account is locked. Contact help@ownerrez.com.

account_closed

HTTP 403. The OwnerRez account is closed and can no longer use the API.

wordpress_plugin_required

HTTP 403. The request used the WordPress plugin User-Agent prefix but the account does not have the WordPress plugin feature enabled.

messaging_not_enabled

HTTP 402. Messaging API access is not enabled for this OAuth app or token type. Personal Access Tokens cannot call messaging endpoints. See OAuth apps.

external_sites_not_enabled

HTTP 402. The Reviews and Listings endpoints require the WordPress Plugin + Integrated Websites premium, or an OAuth app with listing access. If you’re accessing your own account, self-use is included — create an OAuth app and click Grant Access To Me on the Users tab. See OAuth apps.

Request and application errors

Returned while processing an authenticated request, when the input or operation cannot be completed.

validation_failed

HTTP 400. Request data failed validation. Read messages for field-level detail.

not_found

HTTP 404. The requested resource does not exist or is not visible to the authenticated account.

permission_denied

HTTP 403. The authenticated user or app is not allowed to perform this action.

conflict

HTTP 409. The update conflicted with another change or could not complete because of a temporary conflict. Refresh and retry.

duplicate

HTTP 409. The record already exists or would create a duplicate.

rate_limited

HTTP 429. The request rate limit has been exceeded. Add a delay before retrying the request.

temporary_failure

HTTP 503. A temporary upstream or infrastructure failure occurred. Retry later.

internal_error

HTTP 500. An unexpected server error occurred. If it persists, contact support with your request timestamp and endpoint.

availability_calculation_failed

HTTP 400. Availability or pricing could not be calculated for the supplied dates or configuration. Check messages for specifics.