Overview
Getting Started
Widgets
Categories
Keywords
Reviews
Users
Businesses
Businesses Search
Negotiations
Messages
Requests
On-Demand Orders
Help
Changelog
Terms and Policies
Thumbtack uses conventional HTTP response codes to indicate the success or failure of an API request.
In general:
- 200 response code indicates success.
- Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, url formatted incorrectly, etc.).
- Codes in the 5xx range indicate an error with Thumbtack's servers.
HTTP Response Code | Description | Notes |
|---|---|---|
200 | OK | Everything works as expected |
202 | WAF Silent Challenge | WAF issued a silent challenge to the request. |
400 | Bad Request | The request was unacceptable, often due to missing a required parameter. |
401 | Unauthorized | Invalid auth key provided. |
403 | Forbidden | The request was from a blocked IP or User Agent. |
404 | Not Found | The requested resource doesn’t exist. |
429 | Rate Limited | Too many requests hit the API too quickly. |
451 | Forbidden due to sanctioned countries | The request was made from a sanctioned country (North Korea, Syria, Iran, etc). |
502 | Invalid audience parameter (proxy_oauth_failed) | Please view the Common Issues section below for more details. |
5XX | Server Errors | Something went wrong on Thumbtack's end. |
If you receive a 401 Unauthorized response when hitting the /oauth2/token endpoint, your response body may look like:
{"error": "invalid_client","error_description": "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
This is due to a Client not being found in the associated Environment's OAuth Authorization Server. To resolve this, ensure that you are using the correct OAuth Authorization Server, clientID, and clientSecret for the desired Environment.
If you receive a 401 Unauthorized response when hitting an API endpoint, your response body may look like:
{"type": "about:blank","title": "Unauthorized","status": 401,"detail": "invalid token. failure reason(s): [token is not active]"}
This is due to your access_token having expired. Be sure you utilize an OAuth2 library or the OAuth2 functionality of your API Client to handle refreshing for you.
If you receive a 502 Bad Gateway response when hitting an API endpoint, your response body may look like:
{"error": "proxy_oauth_failed","detail": "Error: oauth_400:invalid_request: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience '<your audience>' has not been whitelisted by the Auth 2.0 Client."}
This is caused by an incorrect value for the audience parameter. The audience parameter must be set to urn:partner-api.
Last Updated: Dec 9th, 2025