Skip to content
English
  • There are no suggestions because the search field is empty.

Access denied error on API

Developers · Troubleshooting

"Service not enabled within domain"? You're mixing Sandbox and Live

This specific access_denied error means your token and your URL belong to two different environments.

Error

access_denied

Cause

Sandbox/Live mix-up

Level

Technical

If you see this specific error, it means you're calling a Live URL with Sandbox credentials — or the other way around:

{
  "error": "access_denied",
  "error_description": "Service not enabled within domain: https://topups.reloadly.com"
}

Why this happens

Sandbox and Live each have their own access token, scoped to their own domain. If you obtained your token using the Sandbox audience but then call the Live URL (like https://topups.reloadly.com), the token simply isn't valid there — hence "Service not enabled within domain."

🧪 Sandbox

https://topups-sandbox.reloadly.com

🟢 Live

https://topups.reloadly.com

✅ The fix

Make sure your token's audience and the URL you're calling point to the same environment — both Sandbox, or both Live. If you're testing, request a token with the Sandbox audience and call the Sandbox URL. If you're in production, do the same with the Live audience and Live URL.

ℹ️ This is the same audience-scoping pattern covered in our article on sending your first API request — worth a re-read if you're not sure which audience/URL pair you should be using.

Still mixing environments?

Our support team can help you double-check your setup.

Contact support →