REST v20 API troubleshooting guide

Below are some common issues and solutions encountered when using the REST v20 API. If your question relates to how to use a certain feature of the API, please refer to our API technical documentation.
For further technical support, please email and include your complete request and server response logs, as well as other relevant information.
How to generate your API access token back to top
Before you can access your account on OANDA’s REST v20 API, you must first generate a personal access token. To do this, follow the instructions below:
  2. 1. Sign in online to your live or practice account
  3. 2. Under ‘My Services’, click on ‘Manage API Access’
  4. 3. Click the ‘Generate’ button to receive your personal token
  5. 4. A combination of letters and numbers will appear below the text that states, ‘Your key to OANDA’s API’. This is your API access token. Copy the entire line of text and use it to authenticate your account on the RESTv20 API application
  6. 5. To revoke access to the current token, click ‘Revoke’. If you have added any additional sub-accounts to your REST v20 API account, you will also need to revoke and generate a new token to access them through REST v20 API

‘Insufficient authorization to perform request’ error message back to top

The most common reason for this error message is that you may have used the incorrect endpoint for your request.
If you’re using a live account, use the following endpoint:
If you’re using a practice account, use the following endpoint:  

‘Insufficient authorisation to perform request’ error message when using REST-V20 API Java Wrapper back to top

When your JAR files for dependent libraries are out of date, you may receive this error while executing Java code. This can be independent of the fact that your accountID and token are still working with the REST v20 API curl commands.
The solution is to upgrade all libraries, delete the external JAR files and reload them from the internet. Below is the list of current libraries you may refer to.
  2. 1. common-logging-1.1.1.jar
  3. 2. gson-2.6.2.jar
  4. 3. httpclient-4.0-alpha4.jar
  5. 4 httpclient-4.3.5.jar
  6. 5. httpcore-4.3.2.jar
  7. 6. v20-3.0.21.jar
  8. 7. JRE System Library
  9. 8. Maven Dependencies (junit-3.8.1.jar)
‘Insufficient authorization to perform request’ error message when using oandapyv20 back to top

"oandapyV20" is a third party wrapper, which is not supported by OANDA.

We have a v20 Python wrapper available on our developer website for our API customers:

You will need to confirm that the following information is correct:

1.The URL provided to the curl command is correct. If you are using a live account, you’ll need to confirm that you are using

In your sample code, the default for 'environment' is set to practice. You should confirm that you have changed it to 'live'. Below is the code that you will need to edit:

client = oandapyV20.API(access_token=access_token,environment="live")

2. Make sure the authentication token is valid and has been added as a bearer token in the HTTP authorization header.

‘The provided request was forbidden’ error message back to top

The most common reason for this error is that you have used an invalid ‘accountID’ in your request. The format of ‘accountID’ will conform to 001-001-1234567-001 for live accounts, and 101-001-1234567-001 for practice accounts. Please follow the instructions below to locate your correct ‘accountID’.
  2. 1. Sign in online to your live or practice account
  3. 2. Click on ‘Manage Funds (View)’
User-added image
  2. 3. Click on the relevant sub-account
  3. 4. Note your’ v20 Account Number’ under ‘Account Summary’. This is also your ‘accountID’.
User-added image

Why is historical data different from live data? back to top

OANDA’s historical data differs from live data as we offer different pricing segments and account types. For this reason, the live pricing feed of the API could be different from the historical data retrieved from the API.

This is because the ‘candle’ endpoint used to retrieve historical data only provides base-price group candlestick data. The ‘price polling’ and ‘streaming’ endpoints are used to retrieve live data, which uses your ‘account_id’ to provides live data based on your specific pricing group.

Using ‘get - /v3/accounts/{accountID}/orders’ returns an empty order list back to top

Because an order is changed to a trade once it is filled, using ‘get - /v3/accounts/{accountID}/orders’ may return an empty order list.

Changing the default condition of ‘orderstatefilter’ to ‘all’ will allow you to use ‘get /v3/accounts/{accountID}/orders’ even when the orders have been filled.

The values used for ‘Order State Filter’ are available on our API documentation.

Why can’t I construct OHLC candlesticks using REST v20 Stream endpoint? back to top

You cannot create OHLC candlestick data using the REST v20 Stream endpoint, since open, high, low, and close data of the period are not guaranteed to be returned in the response packets. The *instrument/candles* endpoint probes the server to receive data once a bar is "closed". The candle endpoint can thus be used to create accurate candle data with all the bar's activity.

Get more help