We hope you never find errors on Upwork. If you do, we’d like to handle it right away.  The API returns standard HTTP error codes and provides additional error information in the response body (when allowed by HTTP specification), and in the special HTTP headers. For details on an error message, please refer to the Error Handling section of our API public documentation.

Report a bug

If you uncover a bug or have an improvement suggestion, please contact our Support team to report it.

Need help?

If you need assistance with an error response, an unexpected call return, API usage, or any other general guidance, please visit Stack Overflow, where Upwork engineers try to answer common usage issues and questions.


Don’t share your API key/secret or any other sensitive information there. Remember that although Stack Overflow questions are periodically addressed by our API team, it is a public source of information.

If you don’t find a solution there, contact our Support team. Please make sure you provide the following information on the call to conduct further research:

  • Time of the request (if available)
  • Method used (GET/POST/PUT/DELETE. Note that PUT and DELETE are overloaded via POST+http_method=<method>)
  • URL of the API resource used. Include all the available details such as keys, signature, token and parameters
  • Headers sent on the request
  • Username used for authorization
  • Environment used to send the request (OS, library, programming language)
  • Platform used to send the request (mobile, desktop, command line, web -browser-, etc.)
  • Response headers and HTTP status received
  • Response body received

Frequently Asked Questions

I get the response message “This APP has no access to the requested resource.”

This message is returned when your API Key does not have enough permissions/scopes. You can edit your API Key permissions at the API Center.

I’m making a POST request for getting a token and I get an HTML message with code 411.

This usually happens when the POST request is incomplete. For example, when you use the POST method with parameters as a part of URL, but your Content-Length header is invalid. In other words, for an empty request body you have to use Content-Length: 0 or if the body exists, calculate it correctly.

The call fails with status 401 if there are spaces in the parameter using OAuth. What's wrong?

Parameters must be encoded according to RFC1738. For example, in Python you can use urllib.quote(), and in PHP there is a function called rawurlencode().

Log in to get personalized help.