Common mistakes when calling Smarty APIs

WEBINAR RECAP: Recently, our Support Team Lead, Lyle Durland went over common mistakes and outlined what you need to know to avoid API problems.

Updated October 29, 2025

Status code 401 - Authentication required

If you're seeing this error there's a chance that there's an issue with your API key, there's a mistake inside your client-side request, or a mistake in the server-side request. In the recording Lyle dives deep into each of these, but here are the basics.

How to authenticate API requests

it’s important that you’re familiar with your API keys. Inside your Smarty account there's an API Keys tab where you can find embedded keys, as well as secret keys. Knowing which keys are used in which environment will help you avoid some errors. If you don't have access to the Smarty account, it may be a good idea to contact the account owner and get access to it.

Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have a Referer header, our system treats it as a server-side request.

Common mistakes in client-side requests

For client-side requests, you'll want to use the embedded keys, not the secret keys. To do so will return a 401 error. Also, don't list the wrong referer/host value with the embedded key. There are a few specific places where your host will be a little different.

For localhost, just list "localhost" without the port number.
For calls from the jsfiddle website, the correct host is fiddle.jshell.net

When using a wildcard in a hostname, don't use the * for more than one level of subdomain, or you will get the 401 error.

And lastly, don't forget to URL-encode the request URL. For example, a # symbol that is not URL-coded will break up the request URL and return an error.

Common mistakes in server-side requests

For server-side requests, you'll want to use the secret keys, not the embedded keys. Don't type the auth-id or auth-token by hand; you might mistype a 1 for a lower-case L or a 0 for a capital O. And of course, don't forget to URL-encode the request URL.

Status code 402 - Payment required

Most of these errors stem from a misunderstanding of the way Smarty's products work, or what each license provides you with. There are a few things you can do to avoid these errors.

If you’re a developer trying to work with the Smarty APIs we recommend that you be able to log in to the Smarty account that you’re trying to use. If you’re not the primary account owner, you'll need to obtain those login details from whoever is.

It is beneficial to be familiar with the different pages available in your account dashboard, such as the Subscriptions and API Keys pages. Knowing what you have available in the Subscriptions section will help you identify the APIs you are allowed to call and what specific abilities are included. If you are ever unclear, you can contact the Smarty Support team on any of Smarty's pages via chat, email, or phone call.

If you have several accounts with licenses make sure you're using the correct APIs from the correct accounts. Several of our customers are contractors or independent users who are utilizing several accounts. That may be the first thing you want to check if that is the case.

If you are using one of our SDKs, don't assume that the e-license value listed in the GitHub example code is the right one. For example, the default license listed in the GitHub example code is us-rooftop-geocoding-cloud, but you may not have a Rooftop Geocoding license.