Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update 403.30 to describe IAP instead of DOS


Excerpt

The complete list of HTTP status codes returned by the API.

 This list includes the standard ApiStatusSubCodes returned by the API, however some endpoints return other values. These are listed in the documentation for the specific endpoints.


200Success
201

Created successfully

The

request to create some sort of object was completed with success and the new object was created

object or connection was successfully created.

202

Processing incomplete

The request is waiting on an asynchronous operation, which is not yet complete.

204

Operation successful but no content returned

The requested operation was carried out successfully but

didn’t

didn't return any data.

 303

Already exists

The object that was attempted created already exists in the database

An attempt was made to create an object or connection which already exists. Along with the status code

is usually the location

, a "location" URL pointing to a GET method

to retrieve

for the

object that already exists

existing object may be returned.

400

Invalid data

Even though the request was in the right format, the data within the request

doesn’t

do not meet the validation rules.

Anchor
401
401
401
Bad signature

API authentication failed

The

signature for authenticating the app making the request

request authentication signature is invalid.

Response body will hold

The response header will contain a sub-code with more information about the specific error:

401.1

The "signature" header is missing

401.2

Multiple "signature" headers

401.3

Signature must be a correctly formatted JSON string

401.4

Signature is missing “AppKey” or it is invalid

401.5

Signature is missing “IssuedAt” or it is invalid

401.6

"IssuedAt" timestamp is not within

5

60 minutes of the server time

401.7

AppKey not found

401.8

Signature is missing "Token"

401.9

Signature has an

invalid

incorrect "Token" hash

When requested in our test environment, the latter will include information about correct hash and correct string to build token.

403Authentication

401.10

The "Token" was encrypted using an expired AppSecret

Token authentication failed.

401.20The javascript "sessionID" is not unique
401.21Invalid javascript session
401.22Unknown request domain
401.23Token not recognized
401.24Token expired

Public authentication failed.

401.30PublicID expired
401.31Unknown public IP address
401.32PublicID not recognized


Anchor
403
403
403

Entity authentication failed

Credentials for a specific account

was invalid

were invalid.

In case Data Isolation is enabled, the following sub codes may be returned in the response header:

403.21The 'ApiSessionKey' header was missing
403.22The 'ApiSessionKey' header was not recognised
403.23The ApiSession session is expired
403.25Access denied. The ApiSession does not have access to this resource

In case Illegal Access Prevention (IAP) is enabled, the following sub codes may be returned in the response header:

403.30API access has temporarily been denied due to unusual request activity


404

Object not found

The requested object

wasn’t found

wasn't found.

Any endpoint that uses dpKey may return the following sub code in the response header:

404.1User not found

Any endpoint that uses extKey/extType may return the following sub code in the response header:

404.2External user could not be found


409

Duplicate request

A duplicate request is currently being processed.

409.1Duplicate functionality is being processed (OperationLock)


412

Operation not allowed

Even though the app was correctly authenticated,

it

the requested operation is not permitted

to carry out the requested operation

due to

the

restrictions

applied for

on the

particular

app.

500Server error
501

Malformed request

The data supplied in the request body is not in the expected format.