Access denied error on API
Developers · Troubleshooting
"Service not enabled within domain"? You're mixing Sandbox and Live
This specific access_denied error means your token and your URL belong to two different environments.
Error
access_denied
Cause
Sandbox/Live mix-up
Level
Technical
If you see this specific error, it means you're calling a Live URL with Sandbox credentials — or the other way around:
{
"error": "access_denied",
"error_description": "Service not enabled within domain: https://topups.reloadly.com"
}
Why this happens
Sandbox and Live each have their own access token, scoped to their own domain. If you obtained your token using the Sandbox audience but then call the Live URL (like https://topups.reloadly.com), the token simply isn't valid there — hence "Service not enabled within domain."
🧪 Sandbox
https://topups-sandbox.reloadly.com
🟢 Live
https://topups.reloadly.com
✅ The fix
Make sure your token's audience and the URL you're calling point to the same environment — both Sandbox, or both Live. If you're testing, request a token with the Sandbox audience and call the Sandbox URL. If you're in production, do the same with the Live audience and Live URL.
Still mixing environments?
Our support team can help you double-check your setup.