HTTP Status Codes
|
Error code |
Description |
Possible Causes |
How to fix? |
|---|---|---|---|
|
400 Bad Request |
The request could not be understood or was missing required parameters. |
Incorrect or missing parameters (e.g., client_id, client_secret, grant_type, etc.). Invalid request format or content type. |
Verify the request body and parameters. Make sure all required fields are present and valid. |
|
401 Unauthorized |
The request lacks valid authentication credentials. |
Missing or invalid Access Token in the request. Incorrect client_id or client_secret. The token has expired or been revoked. |
Ensure the Access Token is valid and not expired. Re-generate an Access Token if necessary. Double-check client_id and client_secret. |
|
403 Forbidden |
The authenticated user does not have permission to access the requested resource. |
Insufficient permissions or scopes associated with the Access Token. The user or client app is not authorized for this specific action. |
Ensure that the correct scopes are requested during the authorization process. Check if the resource requires additional permissions. |
|
404 Not Found |
The requested resource could not be found. |
Incorrect API endpoint or resource URL. The resource has been deleted or does not exist. |
Verify the API endpoint URL and ensure it is correct. |
|
405 Method Not Allowed |
The HTTP method used in the request is not supported for this endpoint. |
Using GET instead of POST for token requests. Using an unsupported method for an API resource. |
Check the documentation to ensure the correct HTTP method is used. |
| 406 Not Acceptable |
The server cannot provide a response in the requested format due to an invalid Accept header. | The request specifies an unsupported media type in the Accept header. | Ensure the Accept header is set to a supported format, such as application/json. Check API documentation for valid response types. |
| 413 Payload Too Large | The request body exceeds the maximum allowed size by the server. | Sending large file uploads, oversized JSON payloads, or improperly compressed data. | Reduce the payload size, use pagination if applicable, or check for API-specific limits in the documentation |
| 414 Request URI Too Long | The requested URL is too long for the server to process. | Sending excessively long query parameters or improperly encoded URLs. | Shorten the request URI by reducing query parameters or using a POST request with a request body. |
| 422 Unprocessable Entity | The request is well-formed but contains semantic errors that prevent processing. | Missing or incorrect field values, violating API validation rules. | Validate request parameters, check required fields, and correct any formatting issues based on API documentation. |
| 429 Too Many Requests | The client has sent too many requests within a given timeframe, exceeding rate limits. | Exceeding API rate limits or quota restrictions. | Implement exponential backoff or retry logic, monitor usage limits, and consider upgrading to a higher quota plan if available. |
| 431 Request Header Fields Too Large | The request headers exceed the size limits set by the server. | Sending too many headers or overly large individual headers. | Reduce the number or size of headers in the request, remove unnecessary metadata, and optimize cookie usage. |
|
500 Internal Server Error |
An unexpected server error occurred. |
A problem on the API provider's server side. Temporary service downtime. |
Retry the request later or contact support if the issue persists. |
|
503 Service Unavailable |
The server is temporarily unable to handle the request. |
Server overload or maintenance. Rate-limiting or throttling issues. |
Wait for some time and retry the request. |
OAuth 2.0 & OpenID Connect-Specific Error Codes
|
Error code |
Description |
Possible Causes |
How to fix? |
|---|---|---|---|
|
invalid_request |
The request is missing a required parameter or includes an invalid parameter. |
Required parameters like client_id, grant_type, or scope are missing or invalid. Malformed request or incorrect encoding. |
Review the request and add the missing or correct parameters. |
|
invalid_client |
The client authentication failed (e.g., incorrect client_id or client_secret). |
Wrong client_id or client_secret. Client credentials are invalid, revoked, or missing. |
Double-check the client credentials and make sure they are correct and properly included in the request. |
|
invalid_grant |
The provided authorization grant or refresh token is invalid, expired, or revoked. |
Incorrect or expired authorization code. Invalid refresh token. Mismatched redirect URI. |
Re-authenticate the user and request a new authorization grant or refresh token. |
|
unauthorized_client |
The client is not authorized to use this grant type. |
The client is not allowed to use a specific grant type (e.g., password, client_credentials). The client is not authorized to request certain scopes. |
Verify that the client is registered to use the grant type and requested scopes. |
|
unsupported_grant_type |
The authorization server does not support the requested grant type. |
The grant_type parameter in the request is unsupported or misspelled. |
Check if the grant type is supported by the server and correct any misspellings in the request. |
|
invalid_scope |
The requested scope is invalid, unknown, or malformed. |
The requested scope does not exist or is misspelled. The client is not allowed to request certain scopes. |
Verify the scope names and ensure they match the allowed scopes. |
|
access_denied |
The resource owner or authorization server denied the request. |
The user declined to grant permission to the application. The authorization server is denying access to the requested resource. |
Check the authorization flow and ensure that the user has granted permission. If the issue persists, contact the authorization provider. |
|
server_error |
The authorization server encountered an unexpected condition. |
Internal server error on the provider's side. |
Retry the request later, and if the problem persists, contact the service provider. |
|
temporarily_unavailable |
The authorization server is temporarily unable to handle the request. |
Server maintenance or service outage. |
Retry the request later. |
Token-Related Errors
|
Error code |
Description |
Possible Causes |
How to fix? |
|---|---|---|---|
|
invalid_token |
The provided token is invalid or expired. |
Access Token or Refresh Token is malformed, expired, or revoked. The token was issued for a different client or resource. |
Request a new token and ensure it is used within its validity period. |
|
insufficient_scope |
The token does not have sufficient scope to access the requested resource. |
Re-authenticate with the correct scope or request a new token with the required permissions. |
Re-authenticate with the correct scope or request a new token with the required permissions. |
