/
Standard status codes

Standard status codes

Nov 05, 2025

The complete list of HTTP status codes returned by the API.

 This list includes the standard ApiStatusSubCodes returned by the API, however some endpoints return other values. These are listed in the documentation for the specific endpoints.

200

Success

201

Created successfully

The object or connection was successfully created.

202

Processing incomplete

The request is waiting on an asynchronous operation, which is not yet complete.

204

Operation successful but no content returned

The requested operation was carried out successfully but didn't return any data.

 303

Already exists

An attempt was made to create an object or connection which already exists. Along with the status code, a "location" URL pointing to a GET method for the existing object may be returned.

400

Invalid data

Even though the request was in the right format, the data within the request do not meet the validation rules.

401

API authentication failed

The request authentication signature is invalid. The response header will contain a sub-code with more information about the specific error:

401.1

The "signature" header is missing

401.2

Multiple "signature" headers

401.3

Signature must be a correctly formatted JSON string

401.4

Signature is missing “AppKey” or it is invalid

401.5

Signature is missing “IssuedAt” or it is invalid

401.6

"IssuedAt" timestamp is not within 60 minutes of the server time

401.7

AppKey not found

401.8

Signature is missing "Token"

401.9

Signature has an incorrect "Token" hash

401.10

The "Token" was encrypted using an expired AppSecret

Token authentication failed.

401.20

The javascript "sessionID" is not unique

401.21

Invalid javascript session

401.22

Unknown request domain

401.23

Token not recognized

401.24

Token expired

Public authentication failed.

401.30

PublicID expired

401.31

Unknown public IP address

401.32

PublicID not recognized

403

Entity authentication failed

Credentials for a specific account were invalid.

In case Data Isolation is enabled, the following sub codes may be returned in the response header:

403.21

The 'ApiSessionKey' header was missing

403.22

The 'ApiSessionKey' header was not recognised

403.23

The ApiSession session is expired

403.25

Access denied. The ApiSession does not have access to this resource

In case Illegal Access Prevention (IAP) is enabled, the following sub codes may be returned in the response header:

403.30

API access has temporarily been denied due to unusual request activity

404

Object not found

The requested object wasn't found.

Any endpoint that uses dpKey may return the following sub code in the response header:

404.1

User not found

Any endpoint that uses extKey/extType may return the following sub code in the response header:

404.2

External user could not be found

409

Duplicate request

A duplicate request is currently being processed.

409.1

Duplicate functionality is being processed (OperationLock)

412

Operation not allowed

Even though the app was correctly authenticated, the requested operation is not permitted due to restrictions on the app.

500

Server error