Troubleshooting API issues
Here are some common issues that occur when accessing the API, along with their likely causes and recommended resolutions. It helps integration partners and administrators quickly diagnose authentication, authorization, and data access issues.
Common errors and solutions
Use the following table to identify API errors and apply the recommended steps before escalating the issue.
| Error code | Possible cause | Action |
|---|---|---|
400 Bad Request |
The request URL is malformed or contains invalid parameters, for example, an incorrect timestamp format. |
Validate the request URL, parameters, and timestamp format. |
401 Unauthorized (token) |
Client credentials are incorrect or the grant type is unsupported. |
Verify the |
403 Forbidden (GET) |
The policy doesn’t permit the requested resource or action, or the token is stale. |
Update the policy to allow the required access. Then regenerate the token and retry the request. |
Missing fields in response |
Required fields aren’t included in the policy’s chosen fields. |
Update the policy to include the required fields, save the changes, and generate a new token before retesting. |
Recommended practices for secure API access
Follow these recommendations to ensure secure and reliable API access:
-
Use Permit or Read policies for integration clients to enable GET requests for workers and cost centers.
-
Apply the principle of least privilege. Create one policy per resource group whenever possible.
-
Regenerate the OAuth token after any policy change before retesting API calls.
-
Select only the fields required for the integration to limit access.
-
During testing, start with broader access. Before moving to production, restrict field selection to only what is required.