Go To Top


Q: I receive an error message from the Public APIs, or they return unexpected data

A: To rule out that the issues are inside your application, we recommend debugging using a simple REST client, such as "Chrome Advanced Rest Client". The error message "Invalid API key" indicates that the API Key is not properly supplied in the header, or that the key is invalid.

Other errors will most likely be due to parameters being passed or formatted incorrectly. We use the same APIs to build Trustpilot services, such as our consumer site trustpilot.com. So, if the site displays correct information, it is safe to assume that the APIs are working as designed. Planned and unplanned outages to our API infrastructure will be announced on the homepage of apps.trustpilot.com.

Q: What is my Business Unit and how do I find it?

A: The Business Unit ID is a unique key for your domain. To find your Business Unit ID, please use the Find Business Unit API.

To read more about Business Units and how to find your Business Unit ID, read the API Introduction here.

Q: I am not able to make OAuth authentication return tokens

A: Please make sure to follow our documentation dilligently or refer to the RFC documentation. For security reasons, OAuth error messages are not very elaborate. We use the same authentication mechanism in our Business Product (b2b.trustpilot.com) and 3rd party integrations such as Zapier.

As long as these integrations work, it is very likely to be a bug in your implementation, incorrect usage of key and secret, or the Redirect URL supplied to us does not match one or more of your environments (test, staging, production, etc). Also, make sure that the Redirect URL is URL encoded a querystring paramater, and while posting to access_token, your infrastructure should ensure proper encoding.

Q: What are the supported grant types for OAuth authentication?

A: We support Password; Authorization Code; and Implicit gran types. Please refer to the Authentication documentation for more details.

Q: Customer APIs return 401 Unauthorized

A: 401 Unauthorized is returned because the token has not been properly passed in the header or querystring. Please refer to the Authentication documentation for more details.
To rule out token expiration, please make sure to test the request right after receiving a new access token.

Q: Customer APIs return server error or unexpected results

A: The Customer APIs are used to build our Business Product (b2b.trustpilot.com), so if an error occurs, the first step should be to log in to b2b.trustpilot.com using the same user account.
Then test the same functionality on the same business unit. If the problem persists here, please report to our Support Center with the steps needed to reproduce the error.

If the problem does not persist in the Business Product, please consult the documentation to ensure your implementation complies. A common problem is the user not having access to the business unit; this is surfaced when testing in the Business Product.

Q: Customer API returns 400 Bad Request

A: Calling private API to retrieve reviews https://api.trustpilot.com/v1/private/business-units/{0}/reviews "Request was malformed", errorCode: 1001. In this case, it is likely that the business user who authenticated does not have access to the business unit. To verify, try to retrieve the business users who have permission to use the business unit. If you do not have access the return will b

message: "Authorization has been denied for this request."
details: "BusinessUnitNotAllowed"

Q: I'm trying to use the Create New Invitation API but get an error message: "Something went wrong."

A: Check the Content Type of your Post request. Our API currently support JSON as request and response format. It's likely the error is returned because your request is in another data format.

Q: I get "Invalid redirect URI" on the Trustpilot login page when trying to authenticate

A: This could happen for a couple of reasons:

1. Your redirect URL must be https, but you can test locally with http://localhost
2. Before receiving your API key you supplied us with a redirect URI domain which we configure as the allowed redirect domain. Contact support to understand whether the allowed domain configured matches in our backend matches the domain you are currently redirecting to.

Q: What is the data format for access token?

A: "issued_at" is measured in milliseconds. "expires_in" is measured in seconds. Both are have data type - string.

Q: What is the maximum length of access token and refresh token

The maximum length of "access_token" and "refresh_token" is 32 characters.

Q: What is the maximum length for Business Unit ID, reviewId and consumerId?

The length of these IDs is 24 characters, but it is recommended to keep the maximum length as a 64-character string.

Q: I need more help

A: Trustpilot does not provide API implementation support. You may reach out to our developer community on Stackoverflow with your post tagged as “trustpilot.” For general questions or feedback about Trustpilot APIs, please contact our Business Support team at support@trustpilot.com.

Q: How can I build an integration or become a Trustpilot integration partner?

A: Begin by reading the section Technology Partners which has all the details needed for building an integration and applying to our Integration Partner Program.