Support
Troubleshooting

Troubleshoot authentication

View as Markdown

Common authentication errors when calling GoDaddy APIs, with causes and resolutions.

Overview

This page covers the most common authentication and authorization errors you'll encounter when calling GoDaddy APIs. Each section describes the symptom, cause, and resolution.

401 Unauthorized

Symptom: API returns 401 with code: "UNAUTHORIZED".

Cause: The Authorization header is missing, malformed, or the token has expired or been revoked.

Resolution:

  • Verify the header format is Authorization: Bearer <token> (no extra whitespace or quotes around the token value).
  • Check the token hasn't expired — PATs have a configurable expiration. Generate a new one if needed.
  • Confirm the token hasn't been revoked on the Personal Access Token page.
  • If using sso-key, verify the format is sso-key <key>:<secret> with no extra spaces.

403 Forbidden — missing scope

Symptom: API returns 403 with a code indicating insufficient permissions, despite a valid token.

Cause: The token is valid but doesn't include the scope required for the operation.

Resolution:

  • Check the code field in the error response — it distinguishes between scope and eligibility issues.
  • Generate a new token with the required scopes. Go to Authentication — PAT scopes for the full list.
  • The domains.domain:read scope is required even for write operations that need to verify state.

403 Forbidden — account eligibility

Symptom: API returns 403 with a code like ACCOUNT_NOT_ELIGIBLE despite having the correct scope.

Cause: The account doesn't meet the eligibility requirements for the operation — typically a missing payment profile or domain ownership requirement.

Resolution:

  • For billing-related eligibility: add a payment method. Go to Set up a payment profile.
  • For domain management eligibility: the account must hold at least one domain or be on a plan that grants management access.
  • Check the code field — don't rely on HTTP status alone to distinguish scope from eligibility issues.

422 with NO_PAYMENT_PROFILE

Symptom: API returns 422 with code: "NO_PAYMENT_PROFILE" on quote or purchase calls.

Cause: The operation requires a funded billing method (registration, renewal, transfer) but the account has no payment method on file.

Resolution: Add a payment method. Go to Set up a payment profile.

Token stops working after working previously

Symptom: A token that was working returns 401 without any code changes.

Cause: The token expired (PATs have a configurable expiration) or was revoked.

Resolution:

  • Check the token's expiration date on the Personal Access Token page.
  • If expired or revoked, generate a new token.
  • Update your secrets manager or environment variable with the new value.

Agent & Automation Notes

ScopesAny — this page covers cross-cutting auth issues
Rate limitN/A (diagnostic reference)
On failureDiagnostic page. On 401, check token format and expiration. On 403, distinguish scope vs eligibility via the code field.

Last updated on

How is this guide?

On this page