Authorization errors

These errors happen when something’s wrong with one of the authorization keys. Below you can find the most common situations and their respective solutions.

Invalid API key

HTTP code: 403 ForbiddenCheck your API key, maybe you have extra white space?


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "Invalid API Key - unknown Partner"
}

Solution

If you’re unsure about this then contact us at api-mercury-support@olx.com and we’ll help you out.


Invalid client credentials

HTTP code: 403 ForbiddenTo request an access token for a user you must provide your client credentials/APP Credentials (Authorization flow). If your credentials are invalid you’ll get the following error:


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "The client credentials are invalid"
}

Solution

Confirm that your Authorization header is correct. Remember that your client credentials should be a base64 encoded string (in UTF-8 encoding) consisting of a concatenation of your client ID and Secret separated by a colon (client_id:client_secret) with the word “Basic” in front of it. The end result should look similar to this: Basic MzoxNGI1NmMyNs2Q3ZGFlYTA1NjJkMDcxMTUzMWRmY2ZlZQ==.

Use our Base64 Encode/Decode to generate yours.


Invalid authorization code

HTTP code: 400 Bad RequestAuthorization codes have a duration of 60 seconds. When this code expires the user needs to re-authenticate so that your application can get a new one.


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "Authorization code doesn't exist or is invalid for the client"
}

Solution

Make sure the authorization code is the same that you got in the URL query string after the user authenticated on the site. As explained here.


Expired access token

HTTP code: 403 ForbiddenAccess tokens have a duration of 1h. When they expire, any request that needs user authentication will return a message like the one below.


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "The access token provided has expired"
}

Solution

To overcome this you must get a new token using the refresh token (Authorization flow).


Invalid access token

HTTP code: 403 ForbiddenThe access token you’re using is wrong. Maybe a misspelling?


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "The access token provided is invalid"
}

Solution

The user needs to authorize your application again by following the process described in Authorization flow page.Here are a few reasons why this might happen:

  • User revoked access directly in the Site
  • Access token expired and you weren’t able to get a new one due to a technical issue
  • You lost both the access and refresh tokens due to data corruption

Your application should be prepared to handle these cases in the best way possible.Make sure you assess the situation that may have occurred in order to resolve it as quickly as possible. Otherwise, the clients will have poor feedback not only of your APP but also from our Site.


Invalid Scope

HTTP code: 403 ForbiddenThe scope of your access token is not valid for the operation you are trying to perform. You will receive an error like this one:


{
    "transaction_id": "<TRANSACTION ID>",
    "message": "Invalid scope for this operation, you need one of: *, read:advert"
}

Solution

Make sure that your App requests the correct scope for the operations that it will use. Note that you will get a list of valid scopes in the error message.Or, you did some need implementations of scope. To enable it to clients, they need to authorize again your APP to allow the new scope. Make sure any time you are enabling new scope, you are confirming the scope clients token, and if don’t have that one, you need to show a warning message to them authorize again.