Troubleshooting REST API requests
This page lists troubleshooting responses to two errors that you may run into when sending a request to the REST API.
If you are getting a "cookies required" error, check whether you're sending a "User-Agent" header as part of your request. Most languages and libraries automatically send a "User-Agent" header, but some (such as Java) do not.
Try setting the "User-Agent" header manually. The value that you set the header to does not matter.
If you are getting SSL/certificate errors, this may be happening because of outdated cacert files. Update
your trusted certificates to a later version.
This means that your Authorization header was invalid.
Check your JWT is valid and has the correct payload.
The JWT header must contain "alg": "HS256", and the payload must contain "tokenType": "app", "iss": "<app id>", and "sub": "<user id>".
If the JWT payload contains an exp expiry date, it must be in the future.
Your JWT must be signed with the correct secret key.
The secret key for your live app starts with sk_live and the secret key for your test app starts with sk_test.
Your Authorization header should be in the format Authorization: Bearer eyJhbGciO...
If you are able to make a few REST API requests at first, but then your requests start to fail with 401 Unauthorized, it is probably because your JWT has expired. The example code from the introduction generates JWTs that expire after 30 seconds. You should generate a new JWT for each REST API request.
Check that you are using the correct secret key for that app id.
The secret key for your live app starts with sk_live and the secret key for your test app starts with sk_test.
Your Authorization header should be in the format Authorization: Bearer sk_...