docs
  1. Api-guides/authentication-api
  2. Getting Started
  3. Errors

Errors

Overview

HTTP Status Codes

200er / 500er Status Codes

HTTP StatusError Key / CodeUser-Facing MessageDescription / Notes
200SUCCESSRequest completed successfully.Standard success response. Used for successful authentication actions, such as valid login, token refresh, or session check.
500API_EXCEPTIONSomething went wrong while processing your request. Please try again shortly.Internal server error caused by service outages, backend dependency failures, or unhandled backend exceptions. Not user-resolvable; should trigger retry or error report.

400er Status Codes

HTTP StatusError KeyUser-Facing MessageDescription / Notes
401INVALID_TOKENYour session has expired. Please log in again.Triggered when the provided token is invalid or has expired. Common across endpoints requiring BearerAuth.
403USER_DEACTIVATEDYour customer account has been deactivated. If you have any questions, feel free to get in touch.Account was blocked or deactivated; applies on login and session-authenticated calls.
404USER_NOT_FOUNDYour email address or password is incorrect. Please try again.Returned when login details do not match an existing user.
406PASSWORD_RESET_HASH_EXPIREDThis link has expired or has already been used.Specific to password reset flows; the provided reset hash is no longer valid.
409USER_ALREADY_EXISTSAn account with this email address already exists.Triggered when trying to register a user that already exists.
429TOO_MANY_ATTEMPTSYou’ve made too many attempts. Please wait a moment and try again.Rate-limiting error — typically shown after repeated failed login or sensitive action attempts.
424API_EXCEPTIONSomething went wrong while processing your request. Please try again shortly.General dependency or backend failure -often a catch-all when external services fail.

Schema

FieldTypeDescription
errorstringShort technical identifier (e.g., INVALID_CLIENT, invalid_request).
messagestringHuman-readable error explanation.
error_descriptionstring (optional)Extended backend description (sometimes same as message, sometimes more detailed).
hintstring (optional)Developer advice on fixing the issue (rarely user-facing).
contextobject or nullOptional debug context (usually null but reserved for extra info).

Payload Example

Error CaseExample JSON ResponseNotes
Unauthorized Clientjson { "error": "INVALID_CLIENT", "message": "Client authentication failed.", "context": null }Happens when client ID or secret is invalid. context is usually null but may include more in the future.
Unsupported Grant Typejson { "error": "unsupported_grant_type", "error_description": "The authorization grant type is not supported by the authorization server.", "hint": "Check that all required parameters have been provided", "message": "The authorization grant type is not supported by the authorization server." }The server doesn’t support the provided OAuth2 grant type (e.g., refresh_token, password, etc.).
Invalid Tokenjson { "error": "invalid_request", "error_description": "The refresh token is invalid.", "hint": "Token has been revoked", "message": "The refresh token is invalid." }The provided token is invalid, expired, or revoked. hint gives extra developer context for debugging or fixing.