Upwork API returns standard HTTP error codes and provides additional error information in the response body (when allowed by HTTP specification), and in the special HTTP headers. For details on an error message received, please refer to the Error Handling section of our API public documentation.

Report a bug

If you uncover a bug or have an improvement suggestion, please contact our Customer Support team by clicking here to report it. Make us better, to serve you better.

I get the response message This APP has no access to the requested resource.

This message is returned when your API Key does not have enough permissions/scopes. You can edit your API Key permissions at the API Center.

I’m making a POST request for getting a token and I get an HTML message with code 411.

This usually happens when the POST request is incomplete. For example, when you use the POST method with parameters as a part of URL, but your Content-Length header is invalid. In other words, for an empty request body you have to use Content-Length: 0 or if the body exists, calculate it correctly.

The call fails with status 401 if there are spaces in the parameter using OAuth, what’s wrong?

Parameters must be encoded according to RFC1738. For example, in Python you can use urllib.quote(), in PHP there is a function called rawurlencode().

Still have questions? Ask our API team

If you need assistance with an error response or an unexpected call return, API usage or any other general guidance, please visit Stack Overflow, where Upwork engineers try to answer common usage issues and questions. Please don’t share your API key/secret or any other sensitive information there. Remember that although Stack Overflow questions are periodically addressed by our API team, it is a public source of information.

If you don’t find a solution there, contact our Customer Support team by clicking here. Please make sure you provide the following information on the call to conduct further research:

  • time of the request (if available)
  • method used (GET/POST/PUT/DELETE. Note that PUT and DELETE are overloaded via POST+http_method=<method>)
  • URL of the API resource used. Include all the available details such as keys, signature, token and parameters
  • headers sent on the request
  • username used for authorization
  • environment used to send the request (OS, library, programming language)
  • platform used to send the request (mobile, desktop, command line, web -browser-, etc.)
  • response headers and HTTP status received
  • response body received

Log in to get personalized help.