CarsXE

This page is a complete reference for every error the CarsXE API can return. Each entry explains why the error happened and how to fix it, so you can resolve most issues without contacting support.

You can tell whether a request succeeded from the HTTP status code. Every response body also includes a success boolean, so you can check either one.


The error envelope

All errors share the same JSON shape:

json
{
  "success": false,
  "message": "Missing vin (vehicle identification number)"
}

A few legacy v1 routes return a 500 status for validation problems (for example, a missing make/model on the Images API). Always check the success field in addition to the status code when working with v1 endpoints. v2 endpoints use precise status codes throughout.


Status codes

StatusMeaningSafe to retry?
200Success.
202Accepted — an async job (e.g. Recalls Batch) was queued. Poll its status endpoint.
400Bad request — a parameter is missing or invalid.No — fix the request first.
401Authentication failed — missing, invalid, or inactive API key.No — fix your key or billing.
403Forbidden — your key is blocked or your plan doesn't include this API.No
404Not found — no data exists for this VIN/plate, or an invalid state/country code.No — same input returns the same result.
405Method not allowed — e.g. GET sent to a POST-only endpoint.No — change the HTTP method.
429Usage quota exceeded.Not as-is — quota errors persist until you upgrade, enable overage, or the period resets. See Rate Limits & Quotas.
500Internal server error.Yes — once, with backoff. If persistent, contact support.
502Upstream data provider could not be reached.Yes — with backoff.
503Upstream provider temporarily unavailable.Yes — with backoff.
504Upstream request timed out.Yes — with backoff.

Authentication errors

MessageStatusWhy it happenedHow to fix it
Missing API key401The request did not include the key parameter.Pass your API key as the key query parameter on every request. See Authentication.
User with this API key was not found or the API key is disabled401The key has a typo, was revoked, or was disabled.Copy the key again from your dashboard. Check for whitespace or truncation.
User with this API key is not active. To activate update your billing on https://api.carsxe.com/dashboard/billing401A payment failed or your billing is not in good standing, so API access was suspended.Update your payment method on the billing page. Access resumes immediately after.
This API key has been blocked, please contact support if you believe this is an error.403The key was flagged for abuse.Contact support with your account email.
This API is not available for your current subscription tier. Visit https://api.carsxe.com/pricing to review upgrade options.403Your plan does not include this endpoint.Compare plans on the pricing page and upgrade, or remove the call.

Validation errors

These are returned before any lookup happens, so they don't count against your quota. Fix the request and resend.

MessageStatusHow to fix it
Missing vin (vehicle identification number)400Pass the vin parameter.
Wrong VIN length, must be 17 characters400VINs are exactly 17 characters. Strip whitespace; check for O/0 and I/1 transcription mistakes.
Missing vehicle registration number or license plate number400Pass the plate parameter.
Missing 2 letter state code400Pass state as a 2-letter code (e.g. CA). Required for US plate lookups.
Invalid state or country code.404Use ISO-style 2-letter codes. See the supported-country list on the Plate Decoder page.
Invalid condition. Available conditions: excellent, clean, average, rough400The condition parameter on Market Value v2 accepts only those four values.
Invalid mileage. Must be a number400Pass mileage as digits only — no commas or units.
Missing image data400VIN OCR and Plate Recognition need an image — pass a URL or base64 string.
Invalid image data format. Must be a valid URL or base64 encoded string.400Check the URL is publicly reachable, or that the base64 payload is complete.
Please supply a make and model. Visit http://api.carsxe.com/docs for more information500The Images API requires both make and model. (Legacy route — note the 500 status.)

The Recalls Batch endpoints have additional validation rules (VIN count, CSV size and hosting, webhook URLs) — those messages are self-describing and documented on the batch page.


Data not found

A 404 with one of these messages means the request was valid, but no data exists for that vehicle. Retrying the same input returns the same result.

MessageHow to fix it
No data found for this VINVerify the VIN is correct. Coverage varies by market and model year.
No data found for this VIN. Try a deep search by setting deepdata=1 in your requestRetry with deepdata=1 on the Specifications API for an extended-source lookup.
Plate searches for this country have been disabled, or No data found for this plateCheck the plate and region. Some countries are unavailable; see the coverage list on the Plate Decoder page.
No lien or theft data found for this VINNo records exist — for many use cases this is the answer you want.
No images foundTry a less specific query (drop trim or color).
No plates detected in imageUse a sharper, better-lit image where the plate is clearly visible.
No valid VIN candidates found in the image / No text detected in the imageUse a higher-resolution image of the VIN plate or windshield etching.

Not-found results for VIN lookups are cached for about one day. If you believe data should exist, wait before retrying rather than hammering the endpoint with the same VIN.


Rate limit and quota errors

A 429 means you've used up your plan's included volume for this API:

json
{
"success": false,
"message": "API limit exceeded for market_value (6/2026). Subscription tier: starter. Current usage: 5000, Limit: 5000.",
"usage": {
  "current": 5000,
  "limit": 5000,
  "remaining": 0
}
}

See Rate Limits & Quotas for how limits work, the exact response shapes, and backoff strategies.


Server and upstream errors

CarsXE aggregates data from multiple providers. When a provider fails or times out, you'll see one of these:

MessageStatusWhat it meansWhat to do
Internal server error500An unhandled error on our side.Retry once with backoff. If it persists, contact support with the endpoint, parameters, and timestamp.
Unable to authenticate internal request (code CV-001). Please try again later500An internal provider credential issue — not your request.Retry later. Quote the CV-001 code to support if it persists.
Unable to authenticate internal request (code CV-002). Please try again later500Same as above, for the History API.Retry later. Quote CV-002 to support.
Could not fetch data502The upstream provider was unreachable or returned an error.Retry with exponential backoff.
Cannot access the internet at this time503The upstream provider is temporarily down.Retry with backoff.
Request timed out. Please try again.504The provider didn't respond in time.Retry with backoff — these are usually transient.

Handling errors in code

Check response.ok / the status code first, then branch on the category. Retry only 5xx — a 4xx (including quota 429s, which persist until you upgrade or enable overage) needs a fix, not a retry:

Error handling

Code
CARSXE_API_KEY="CARSXE_API_KEY"
URL="https://api.carsxe.com/specs?key=${CARSXE_API_KEY}&vin=1HGCM82633A004352"
retries=3

for attempt in $(seq 0 $retries); do
  response=$(curl -s -w "\n%{http_code}" "$URL")
  body=$(echo "$response" | sed '$d')
  status=$(echo "$response" | tail -n 1)

  if [ "$(echo "$body" | jq -r '.success')" = "true" ]; then
    echo "$body"
    exit 0
  fi

  # 4xx: fix the request (or your quota) — retrying won't help
  if [ "$status" -lt 500 ]; then
    echo "CarsXE $status: $(echo "$body" | jq -r '.message')" >&2
    exit 1
  fi

  # 5xx: exponential backoff
  if [ "$attempt" -lt "$retries" ]; then
    sleep $((2 ** attempt))
  fi
done

echo "CarsXE request failed after retries" >&2
exit 1

CORS errors

The CarsXE API is meant to be called from your server, never from the browser. This protects your API key from being stolen — any key shipped to a browser is public. If you call the API from frontend JavaScript, the browser will block the request with a CORS error.

Route requests through your backend instead, and keep your key in an environment variable.


Still stuck?

If you've checked the tables above and the error doesn't make sense, contact support and include: