Status codes and errors

HTTP status codes

General status codes

After your request is processed, the HTTP servers return a response with an HTTP status code.

HTTP status code and description Possible reasons

200 (OK)

Request was successful.


400 (Bad Request)

Invalid format for request.

The API call includes incorrect request parameters or values, such as:

  • The return date precedes the departure date.
  • A required parameter is not valid.
  • A required parameter or value is missing.

The grant_type key and value pair are missing from the OAuth HTTP request payload.

See also: the error section of each REST API documentation page for a full list of errors.

401 (Unauthorized)

Not authorized to make this request. Check access level and refer to API documentation for access information.

Your Client ID or password is incorrect.

These errors apply to the oauth/token authentication service.

The service returns a non-200 HTTP status code for a failed authentication.

401 (Validation)


These errors apply to the API services.

A call was made without authorization.

An incorrect access token was used to make an API call.

An expired access token was used to make an API call.

403 (Forbidden)

Request is for a resource that is forbidden.

Your client authentication credentials do not include authorization to call the API.

404 (Not Found)

Response does not contain any data.

No fares or flights were found to fulfill the corresponding request.

A URI is not valid or has missing segments, such as a version number.

A URL is incorrect.


Method Not Allowed

A client called a method that the client is not authorized to use.

Additional headers are also returned.

406 (Not Acceptable)

Requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request.


413 FULL head

The API returns this error when a request URI is too long. For example, the HTTP request’s query string exceeds the server limit.

The response will be empty as a result.

Please consider reducing the number of request parameters in the URI or separating parameters into multiple HTTP requests.

500 (Server Error)

The service encountered an unexpected condition that prevented it from fulfilling the client’s request.

503 (Service Unavailable)

Server is currently unavailable. Please try again later and report if problem persists.


504 (Gateway Timeout)

Server timed out trying to fulfill request. Please try again later and report if problem persists.


Authentication status codes

HTTP status code Description Possible reasons Resolution
401 (Unauthorized) invalid_client

Authentication credentials are missing.

Authentication must first be requested before you can make subsequent calls. See also: the authentication page for detailed instructions.

    The Client ID does not exist. Verify your base64-encoded Client ID. See also: the authentication page for detailed instructions.
  Credentials are missing or the syntax is not correct. The base64 encoded string is incorrect. Verify that your base64-encoded credentials were encoded correctly. See also: the authentication page for detailed instructions.
    Authentication credentials are not base64-encoded or the format is incorrect. Verify that your base64-encoded credentials were encoded correctly. See also: the authentication page for detailed instructions.
  Wrong clientID or clientSecret. The password is not the correct password for the Client ID. Verify your password.
429 too many requests temporarily_unavailable The internal limit is exceeded.  Wait and try again later.
  Throttled. Active token count is exceeded. The token count has exceeded the maximum value. Concurrent requests have exceeded the maximum value.

You can send up to the number of concurrent transactions per second (TPS) configured and specific to each individual API. If the concurrent-transactions per second limits are exceeded for an API, the system will throttle the requests and respond with this error.

We strongly advise that you code to this error as part of your workflow.

Please contact us if you wish to increase allowed number of concurrent requests for any API.


Error codes

Error code

Possible reasons

Authentication error codes
ERR.2SG.SEC.MISSING_CREDENTIALS Authentication data is missing or an incorrect auth data type was used.
ERR.2SG.SEC.INVALID_CREDENTIALS Authentication failed because credentials are not valid.
ERR.2SG.SEC.NOT_AUTHORIZED Authentication failed because the client is not authorized to call a service or access an API.
ERR.2SG.SEC.INTERNAL_PROCESSING_ERROR These are internal errors related to a specific security mechanism.
Client error codes
ERR.2SG.CLIENT.INVALID_REQUEST A client request is not valid.
ERR.2SG.CLIENT.SERVICE_UNKNOWN A service in a routing table is not found for a specific input. A parameter may be missing from the request.
Gateway error codes
ERR.2SG.GATEWAY.TIMEOUT The gateway timed out. The service is unable to process the request within the timeout that is established for service calls.
ERR.2SG.GATEWAY.REQUEST_THROTTLED The gateway throttled a request because throttling limits were exceeded.
ERR.2SG.GATEWAY.INTERNAL_PROCESSING_ERROR The gateway encountered an error during transaction processing, and the error is not categorized.
ERR.2SG.APP.INTERNAL_ERROR The gateway encountered an error that is not related to transaction processing; however, transaction processing possibly triggered the error. The error is not categorized.
ERR.2SG.GATEWAY.INVALID_PROVIDER_RESPONSE The gateway cannot understand the response from a provider because of bad format or failure to comply with a given protocol.
ERR.2SG.GATEWAY.PROVIDER_CONNECTION_ERROR A call to a provider encountered a transport error, e.g., the connection was refused.

Docs Navigation