OAuth Generated Errors

The following are the errors generated from both the key and resource endpoints. Note that many of the errors are the same; they are broken out to show what errors are returned under which conditions:

Token Endpoint Errors Protected resource endpoint

Condition: When api key (client_id) not found in request

Error:

HTTP/1.1 400 Bad Request
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_request"}

Condition: When token not found in request (Authorization header for MAC and Authorization header, query string or submitted form for Bearer)

Error:

 HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Bearer realm="<hostname>"
OR
WWW-Authenticate: MAC realm="<hostname>"

Condition: When developer not found

Error:

 HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When token not found in request but caller attempted to authenticate with OAuth (we can tell the attempted token type but can't find the token) and the token type doesn't match the one supported by the service

Error:

 HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Bearer realm="<hostname>", error="invalid_request"
OR
WWW-Authenticate: MAC realm="<hostname>", error="invalid_request"

Condition: When developer is found to be inactive

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_DEVELOPER_INACTIVE
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When no mapi found for the token in request (i.e., no corresponding token record in db) or developer config not found for the mapi (not sure how this could happen)

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Bearer realm="<hostname>", error="invalid_token"
OR
WWW-Authenticate: MAC realm="<hostname>", error="invalid_token"

Condition: When invalid referer (if configured)

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_DEVELOPER_UNKNOWN_REFERER
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When developer is found to be inactive

Error:

HTTP/1.1 403 Forbidden
X-Mashery-Error-Code: ERR_403_DEVELOPER_INACTIVE
WWW-Authenticate: Bearer realm="<hostname>", error="invalid_token"
OR
WWW-Authenticate: MAC realm="<hostname>", error="invalid_token"

Condition: When authentication fails due to bad Authorization header (e.g., anything other than Basic)

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When token type indicated in request (through authentication method) doesn't match the recorded token type

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Bearer realm="<hostname>", error="invalid_token"
OR
WWW-Authenticate: MAC realm="<hostname>", error="invalid_token"

Condition: When authentication fails due to bad credentials (e.g., client_id doesn't match the one in Authorization header, or bad secret)

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When token expired

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Bearer realm="<hostname>", error="invalid_token"
OR
WWW-Authenticate: MAC realm="<hostname>", error="invalid_token"

Condition: When authentication fails due to missing credentials (e.g., no Authorization header and no client_secret submitted with application/x-www-form urlencoded form)

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

{"error":"invalid_client"}

Condition: When MAC nonce or mac param are missing

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: MAC realm="<hostname>", error="invalid_request"

Condition: When any other error encountered until createAccessToken (e.g., limiting, scheduled maintenance, etc.)

Error:

HTTP/1.1 <corresponding status code and message>
X-Mashery-Error-Code: <corresponding error code>
Content-Type: application/json
Cache-Control: no-store

{"error":"<error code (int)>"}

Condition: When MAC body hash doesn't match

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: MAC realm="<hostname>", error="invalid_request"

Condition: When "invalid_client" error returned from createAccessToken call with rcp error code = -2001

Error:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="<hostname>"
Content-Type: application/json
Cache-Control: no-store

<the returned error object, serialized to json>

Condition: When computed mac doesn't match

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: MAC realm="<hostname>", error="invalid_request"

Condition: When any other error returned from createAccessToken call with rcp error code = -2001

Error:

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store

<the returned error object, serialized to json>

Condition: When client_id/nonce not unique

Error:

HTTP/1.1 401 Unauthorized
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
WWW-Authenticate: MAC realm="<hostname>", error="invalid_request"

Condition: When any other error returned from createAccessToken call with rcp error != -2001

Error:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store

{"error":"<error code (int)>"}

 

Docs Navigation