The complete list of HTTP status codes returned by the API.

This list includes the standard ApiStatusSubCodes returned by the API, however some endpoints return other values. These are listed in the documentation for the specific endpoints.

200

Success

201

Created successfully

The object or connection was successfully created.

202

Processing incomplete

The request is waiting on an asynchronous operation, which is not yet complete.

204

Operation successful but no content returned

The requested operation was carried out successfully but didn't return any data.

303

Already exists

An attempt was made to create an object or connection which already exists. Along with the status code, a "location" URL pointing to a GET method for the existing object may be returned.

400

Invalid data

Even though the request was in the right format, the data within the request do not meet the validation rules.

401

API authentication failed

The request authentication signature is invalid. The response header will contain a sub-code with more information about the specific error:

401.1	The "signature" header is missing
401.2	Multiple "signature" headers
401.3	Signature must be a correctly formatted JSON string
401.4	Signature is missing “AppKey” or it is invalid
401.5	Signature is missing “IssuedAt” or it is invalid
401.6	"IssuedAt" timestamp is not within 60 minutes of the server time
401.7	AppKey not found
401.8	Signature is missing "Token"
401.9	Signature has an incorrect "Token" hash
401.10	The "Token" was encrypted using an expired AppSecret

Token authentication failed.

401.20	The javascript "sessionID" is not unique
401.21	Invalid javascript session
401.22	Unknown request domain
401.23	Token not recognized
401.24	Token expired

Public authentication failed.

401.30	PublicID expired
401.31	Unknown public IP address
401.32	PublicID not recognized

403

Entity authentication failed

Credentials for a specific account were invalid.

In case Data Isolation is enabled, the following sub codes may be returned in the response header:

403.21	The 'ApiSessionKey' header was missing
403.22	The 'ApiSessionKey' header was not recognised
403.23	The ApiSession session is expired
403.25	Access denied. The ApiSession does not have access to this resource

In case Illegal Access Prevention (IAP) is enabled, the following sub codes may be returned in the response header:

403.30

API access has temporarily been denied due to unusual request activity

404

Object not found

The requested object wasn't found.

Any endpoint that uses dpKey may return the following sub code in the response header:

404.1

User not found

Any endpoint that uses extKey/extType may return the following sub code in the response header:

404.2

External user could not be found

409

Duplicate request

A duplicate request is currently being processed.

409.1

Duplicate functionality is being processed (OperationLock)

412

Operation not allowed

Even though the app was correctly authenticated, the requested operation is not permitted due to restrictions on the app.

500

Server error

501

Malformed request

The data supplied in the request body is not in the expected format.