GuidesAPI EndpointsChangelog
Log In
Guides

Making Authorized Requests

Suggest Edits

Once you have obtained an API access token, you can make authorized requests to the REST API by including the following header:

Authorization: Bearer {access_token}

📘

Replace {access_token} with your valid access token.

Response Behavior

The API responds according to the validity of the access token provided:

ConditionResponse
Token is present and validRequest succeeds and returns the appropriate data.
Token is missing, invalid, or expiredHTTP 401 Unauthorized
Token is valid but lacks required permissionsHTTP 403 Forbidden

Example Error Responses

{
  "errors": [
    {
      "status": 401,
      "title": "Unauthorized",
      "detail": "This request requires authorization in the form of a bearer token or API key."
    }
  ]
}

{
  "errors": [
    {
      "source": {
        "header": "Authorization"
      },
      "title": "Invalid Token",
      "code": "2-10",
      "detail": "Verification failed"
    }
  ]
}

{
  "errors": [
    {
      "status": 401,
      "title": "Unauthorized",
      "detail": "The access token is expired."
    }
  ]
}

{
  "errors": [
    {
      "status": 403,
      "title": "Invalid Scope",
      "detail": "View menu data for listings"
    }
  ]
}

Troubleshooting Tips

IssueError Message / DescriptionHow to Fix
Invalid Client CredentialsInvalid client credentials

(401 Unauthorized)		• Double-check your client_id and client_secret.

• Ensure there are no extra spaces or incorrect characters.

• These values are case-sensitive.
Missing or Insufficient ScopesInvalid Scope or certain endpoints returning 403

(403 Forbidden)		Confirm that:
• You are requesting all necessary scopes during token creation.

• The listing has granted you access to the required scopes.

• Check scope in response.
Token Not RefreshingCalling /auth/token keeps returning the same token.

New tokens only issued after 50% of lifespan or scope change.		• Checkcreated_at and expires_in fields.

• If urgent, request a token with a different scope.
Token ExpiredThe access token is expired

(401 Unauthorized)		• Request a new access token by calling/auth/token.

• Expired tokens cannot be refreshed.

Diagnosing Authorization Issues

Checklist:

  • Token included in Authorization header.
  • Token is not expired (exp claim or created_at + expires_in).
  • Token scopes include the required permissions for the endpoint you're calling.
  • The listing has assigned you as an integrator.

Updated 4 days ago

What’s Next

Now that you know how to make an Authorized Request, let's go over rate limits real quick.