Backend API errors
{
"shortMessage": "cannot revoke",
"longMessage": "Actor token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
"code": "actor_token_cannot_be_revoked_code"
}{
"shortMessage": "cannot revoke agent task",
"longMessage": "cannot revoke agent task",
"code": "agent_task_cannot_be_revoked"
}{
"shortMessage": "agent task not found",
"longMessage": "The requested agent task could not be found.",
"code": "agent_task_not_found"
}{
"shortMessage": "user not found",
"longMessage": "The user of the agent task no longer exists. Please request a new one.",
"code": "agent_task_subject_not_found"
}{
"shortMessage": "Identifier not found",
"longMessage": "No identifier was found with id <identifierID>",
"code": "resource_not_found"
}{
"shortMessage": "duplicate allowlist identifier",
"longMessage": "the identifier <identifier> already exists",
"code": "duplicate_record"
}{
"shortMessage": "API Keys not enabled",
"longMessage": "API Keys not enabled",
"code": "api_keys_not_enabled"
}Applications
AccountlessApplicationNotFound signifies an error when no application with the given claim token could be found
{
"shortMessage": "Application not found",
"longMessage": "No application was found with the given claim token.",
"code": "resource_not_found"
}{
"shortMessage": "already belongs to organization",
"longMessage": "Application already belongs to the selected organization.",
"code": "application_already_belongs_to_organization"
}
ApplicationNotFound signifies an error when no application with the specified id was found
{
"shortMessage": "Application not found",
"longMessage": "No application was found with the specified id",
"code": "resource_not_found"
}{
"shortMessage": "invalid application name",
"longMessage": "The application name %q is invalid: <name>",
"code": "form_param_value_invalid",
"meta": {
"name": "name"
}
}
WorkspaceNotConfigured is returned when the workspace is missing
configuration required to complete the operation (for example, a role
or feature that has not yet been provisioned).
{
"shortMessage": "workspace not configured",
"longMessage": "Workspace is not configured for this operation.",
"code": "workspace_not_configured"
}{
"shortMessage": "Could not authenticate request.",
"longMessage": "Could not authenticate request.",
"code": "could_not_authenticate_request"
}
IdentificationExists signifies an error when the identifier already exists
{
"shortMessage": "already exists",
"longMessage": "This <identifier> already exists.",
"code": ""
}{
"shortMessage": "Access not allowed.",
"longMessage": "<who> <pluralization> not allowed to access this application.",
"code": "not_allowed_access",
"meta": "{\"Identifiers\": identifiers}"
}
InvalidAuthentication signifies an error when the request is not authenticated
{
"shortMessage": "Invalid authentication",
"longMessage": "Unable to authenticate the request, you need to supply an active session",
"code": "authentication_invalid"
}
InvalidAuthorization signifies an error when the request is not authorized to perform the given operation
{
"shortMessage": "Unauthorized request",
"longMessage": "You are not authorized to perform this request",
"code": "authorization_invalid"
}
InvalidAuthorizationHeaderFormat signifies an error when the Authorization header has no proper format.
{
"shortMessage": "Invalid Authorization header format",
"longMessage": "Invalid Authorization header format. Must be 'Bearer <YOUR_API_KEY>'",
"code": "authorization_header_format_invalid"
}
InvalidClerkSecretKey signifies an error when the supplied client key is invalid
{
"shortMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
"longMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
"code": "clerk_key_invalid"
}
InvalidRequestForEnvironment signifies an error when the incoming request is invalid for given environment(s)
{
"shortMessage": "Invalid request for environment",
"longMessage": "Request only valid for <envTypes> instances.",
"code": "request_invalid_for_environment"
}
InvalidUserSettings signifies an error where the auth settings of the instance
are not well configured, which results in sign in and sign up endpoints to be
restricted.
{
"shortMessage": "invalid auth configuration",
"longMessage": "The authentication settings are invalid.",
"code": "user_settings_invalid"
}
RequestInvalidForInstance signifies an error when the incoming request is invalid for the given instance, due to the auth_config
{
"shortMessage": "Invalid request for instance",
"longMessage": "This request is not valid for your instance. Modify your instance settings to use this request.",
"code": "request_invalid_for_instance"
}{
"shortMessage": "This email address is already in use.",
"longMessage": "This email address is already in use. Creating multiple accounts with the same email address is not allowed.",
"code": "not_allowed_access"
}{
"shortMessage": "Unsupported country code",
"longMessage": "Phone numbers from this country (<countryName>) are currently not supported. For more information, please contact <support>.",
"code": "unsupported_country_code",
"meta": "{\"Alpha2\": alpha2, \"CountryCode\": countryCode}"
}{
"shortMessage": "Identifier not found",
"longMessage": "No identifier was found with id <identifierID>",
"code": "resource_not_found"
}{
"shortMessage": "duplicate blocklist identifier",
"longMessage": "the identifier <identifier> already exists",
"code": "duplicate_record"
}{
"shortMessage": "Client not found",
"longMessage": "No client was found with id <clientID>",
"code": "resource_not_found"
}
ClientNotFoundInRequest signifies an error when no client is found in an incoming request
{
"shortMessage": "No client found",
"longMessage": "This request is expecting a client and did not find one",
"code": "client_not_found"
}{
"shortMessage": "Annual only plans are not enabled",
"longMessage": "Annual only plans are not enabled, please enable the update in Clerk dashboard.",
"code": "billing_annual_only_plans_not_enabled"
}{
"shortMessage": "Cannot disable Billing",
"longMessage": "Cannot disable Billing because <reason>.",
"code": "billing_cannot_be_disabled"
}{
"shortMessage": "Cannot enable Billing",
"longMessage": "Cannot enable Billing because <reason>.",
"code": "billing_cannot_be_enabled"
}{
"shortMessage": "access denied",
"longMessage": "The billing feature for organizations is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "billing_not_enabled"
}{
"shortMessage": "access denied",
"longMessage": "The billing feature for users is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "billing_not_enabled"
}{
"shortMessage": "Invalid free trial days",
"longMessage": "Free trial days must be at least 1 day",
"code": "billing_too_few_free_trial_days"
}{
"shortMessage": "Invalid free trial days",
"longMessage": "Free trial days must be at most 365 days",
"code": "billing_too_many_free_trial_days"
}{
"shortMessage": "Another checkout is already in progress",
"longMessage": "Another checkout is already in progress",
"code": "checkout_already_in_progress"
}{
"shortMessage": "Insufficient seats",
"longMessage": "You have reached the seat limit for your current plan.",
"code": "insufficient_seats",
"meta": {
"seatsquantity": "totalneeded"
}
}{
"shortMessage": "Invalid currency",
"longMessage": "Currency is not supported",
"code": "currency_invalid"
}{
"shortMessage": "Default plan amount update forbidden",
"longMessage": "Default plan pricing cannot be modified. Only paid plans support amount updates",
"code": "default_plan_amount_update_forbidden"
}{
"shortMessage": "Free trial not allowed on free plan",
"longMessage": "Free trials cannot be enabled on free plans",
"code": "free_trial_not_allowed_on_free_plan"
}{
"shortMessage": "Invalid credit action",
"longMessage": "Credit action must be either 'increase' or 'decrease'",
"code": "invalid_credit_action"
}{
"shortMessage": "Invalid credit amount",
"longMessage": "Credit amount must be greater than zero",
"code": "invalid_credit_amount"
}{
"shortMessage": "Missing name",
"longMessage": "Name is required to perform this operation",
"code": "missing_name"
}{
"shortMessage": "Missing slug",
"longMessage": "Slug is required to perform this operation",
"code": "missing_slug"
}{
"shortMessage": "Invalid name format",
"longMessage": "Name cannot contain colons (:)",
"code": "name_invalid_format",
"meta": {
"name": "name"
}
}{
"shortMessage": "Name length is invalid",
"longMessage": "Name must be between %d and %d characters",
"code": "name_invalid_length",
"meta": {
"name": "name"
}
}{
"shortMessage": "Payee not active",
"longMessage": "Payee is not active",
"code": "payee_not_active"
}{
"shortMessage": "Payee not found",
"longMessage": "Payee not found",
"code": "payee_not_found"
}{
"shortMessage": "Payee status is invalid",
"longMessage": "Payee status is invalid",
"code": "payee_status_invalid"
}{
"shortMessage": "Payer credits disabled",
"longMessage": "The payer credits feature is not enabled for this application",
"code": "payer_credits_disabled"
}{
"shortMessage": "Payer not found",
"longMessage": "Payer not found",
"code": "payer_not_found"
}{
"shortMessage": "Invalid payer type",
"longMessage": "Payer type is invalid",
"code": "payer_type_invalid"
}{
"shortMessage": "Requires confirmation",
"longMessage": "The payment attempt failed because it requires additional confirmation, which is not currently supported. Please use a different payment method.",
"code": "payment_attempt_failed_requires_confirmation"
}{
"shortMessage": "Your card was declined",
"longMessage": "The card was declined.",
"code": "payment_attempt_failed_card_declined"
}{
"shortMessage": "Card expired",
"longMessage": "The card has expired.",
"code": "payment_attempt_failed_card_expired"
}{
"shortMessage": "Insufficient funds",
"longMessage": "The card has insufficient funds.",
"code": "payment_attempt_failed_card_insufficient_funds"
}{
"shortMessage": "Processing error",
"longMessage": "There was a processing error with the payment method.",
"code": "payment_attempt_failed_processing_error"
}{
"shortMessage": "Paid plan month or annual fee invalid",
"longMessage": "Paid plan month or annual fee invalid",
"code": "plan_amount_invalid"
}{
"shortMessage": "Paid plan monthly base fee exceeds upper limit",
"longMessage": "Paid plan monthly base fee must be less than $999,999.99",
"code": "plan_amount_exceeds_upper_limit"
}{
"shortMessage": "Plan cannot be deleted",
"longMessage": "This plan cannot be deleted because <reason>.",
"code": "plan_cannot_be_deleted"
}{
"shortMessage": "Free trials disabled",
"longMessage": "Free trials are disabled for this plan",
"code": "plan_free_trials_disabled"
}{
"shortMessage": "Plan name already exists",
"longMessage": "Plan name already exists",
"code": "plan_name_already_exists",
"meta": {
"name": "name"
}
}{
"shortMessage": "Plan not found",
"longMessage": "Plan not found",
"code": "plan_not_found"
}{
"shortMessage": "Product not found",
"longMessage": "Product not found",
"code": "product_not_found"
}{
"shortMessage": "Invalid slug format",
"longMessage": "Slug must only use letters, numbers, dashes (-), and underscores (_). Colons and other characters are not allowed.",
"code": "slug_invalid_format",
"meta": {
"name": "slug"
}
}{
"shortMessage": "Slug length is invalid",
"longMessage": "Slug must be between %d and %d characters",
"code": "slug_invalid_length",
"meta": {
"name": "slug"
}
}{
"shortMessage": "Subscription item not found",
"longMessage": "Subscription item not found",
"code": "subscription_item_not_found"
}{
"shortMessage": "Subscription item is not in free trial",
"longMessage": "Subscription item is not in free trial",
"code": "subscription_item_not_in_free_trial"
}{
"shortMessage": "",
"code": "config_validation_error",
"meta": {
"config_key": "configkey",
"param_name": "paramname",
"schema_path": "schemapath"
}
}
ConfigVersionConflict returns a 409 error for ETag mismatch
{
"shortMessage": "Config version conflict",
"longMessage": "Config was modified since last read. Re-fetch and retry.",
"code": "config_version_conflict",
"meta": {
"current_version": "currentversion",
"provided_version": "providedversion"
}
}
DestructiveOperationNotAllowed returns a 400 error
{
"shortMessage": "",
"longMessage": "Cannot clear config key '<key>' without destructive=true",
"code": "destructive_operation_not_allowed",
"meta": {
"param_name": "key"
}
}
InvalidConfigKeyBody returns a 400 error indicating the value for a config
key has the wrong shape (e.g. an array of objects where the schema expects
an array of strings).
{
"shortMessage": "",
"longMessage": "The value for config key '<key>' does not match the expected schema.",
"code": "config_key_body_invalid",
"meta": {
"param_name": "key"
}
}
MissingConfigKeys returns a 400 error listing keys that were not included in a PUT request
{
"shortMessage": "Missing config keys",
"longMessage": "PUT requires all config keys to be included. Some keys are missing.",
"code": "missing_config_keys",
"meta": {
"missingkeys": "missing"
}
}
UnknownConfigKey returns a 400 error with typo suggestions
{
"shortMessage": "",
"longMessage": "Unknown config key '<key>'",
"code": "unknown_config_key",
"meta": "meta"
}{
"shortMessage": "",
"code": "cookie_invalid"
}
InvalidRotatingToken signifies an error when rotating token does not match the client's rotating token
{
"shortMessage": "",
"longMessage": "The client's rotating key does not match the given one <token>",
"code": "cookie_invalid"
}
MissingClaims signifies an error when token is missing claim
{
"shortMessage": "",
"longMessage": "The token is missing the following claims: <claims>",
"code": "cookie_invalid"
}{
"shortMessage": "endpoint is deprecated and pending removal",
"longMessage": "endpoint is deprecated and pending removal",
"code": "operation_deprecated"
}Domains
DomainUpdateForbidden signifies an error when trying to update an non production instance domain
{
"shortMessage": "Domain update was forbidden",
"longMessage": "Domain can be only updated for production instances",
"code": "domain_update_forbidden"
}
FeatureRequiresCustomDomain signifies an error when a feature is blocked
because the instance only has a provider domain (e.g. vercel.app).
{
"shortMessage": "custom domain required",
"longMessage": "<feature> requires a custom domain. Add a custom domain to unlock this feature.",
"code": "feature_requires_custom_domain"
}{
"shortMessage": "",
"longMessage": "Clerk Frontend API cannot be accessed through the proxy URL. Make sure your proxy is configured correctly.",
"code": "invalid_proxy_configuration",
"meta": {
"name": "proxy_url"
}
}{
"shortMessage": "operation not allowed",
"longMessage": "This operation is not allowed on a primary domain. Try again with a satellite domain of the instance.",
"code": "operation_not_allowed_on_primary_domain"
}
PrimaryDomainAlreadyExists signifies an error when a new domain is added as
primary when there is already once in the instance.
Currently, we only support a single primary domain per instance.
{
"shortMessage": "primary domain already exists",
"longMessage": "Currently, only a single primary domain is supported and the current instance already has one. All new domains need to be set a satellites.",
"code": "primary_domain_already_exists",
"meta": {
"name": "is_satellite"
}
}
Return this error when an API other than Platform API is used to create/update/delete a provider domain.
{
"shortMessage": "operation not allowed",
"longMessage": "*<provider> domains are not supported for production instances. Please purchase a domain then try again.",
"code": "provider_domain_operation_not_allowed"
}
ProxyURLRequiredForProviderDomain signifies an error when a provider domain
(e.g., replit.app, vercel.app) is created without a proxy URL.
{
"shortMessage": "proxy URL required",
"longMessage": "Provider domain <domainName> requires a proxy URL. Provider domains must be configured with a proxy.",
"code": "proxy_url_required_for_provider_domain",
"meta": {
"name": "paramname"
}
}
DevMonthlyEmailLimitExceeded signifies an error when an email sending attempt is made while the development limit has already been reached
{
"shortMessage": "Development monthly email limit exceeded",
"longMessage": "The monthly limit for email messages in development (%d) has been reached. Please use test emails (https://go.clerk.com/test-emails) instead",
"code": "dev_monthly_email_limit_exceeded",
"meta": "{\"DevMonthlyEmailLimit\": limit}"
}{
"shortMessage": "Feature in use",
"longMessage": "Feature is in use",
"code": "feature_in_use"
}{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled on this instance",
"code": "feature_not_enabled"
}{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled on this instance",
"code": "feature_not_enabled",
"meta": {
"name": "paramname"
}
}{
"shortMessage": "Feature not found",
"longMessage": "Feature not found",
"code": "feature_not_found"
}{
"shortMessage": "not an OIDC provider",
"longMessage": "You are using the legacy OAuth 2.0 provider. Please migrate to the new OIDC compatible provider to use this feature",
"code": "feature_requires_oidc_provider"
}{
"shortMessage": "not a Progressive Sign Up instance",
"longMessage": "<feature> can only be used in instances that migrated to Progressive Sign Up. This feature is deprecated, please contact support if you need assistance.",
"code": "feature_requires_progressive_sign_up"
}{
"shortMessage": "not implemented",
"longMessage": "Feature `<feature>` is not available yet",
"code": "feature_not_implemented"
}{
"shortMessage": "",
"code": "form_already_exists",
"meta": {
"name": "param"
}
}
FormAlreadyExistsByProviderManagedDomain signifies an error when a domain
already exists on an app managed by an external provider.
{
"shortMessage": "",
"longMessage": "The <domain> root domain is already in use by a <providerName> app. Delete the <providerName> app or contact <providerName> support to remove the domain before using it in Clerk.",
"code": "form_already_exists",
"meta": {
"name": "param"
}
}
FormAtLeastOneOptionalParameterMissing signifies an error when at least one optional parameter must be provided
{
"shortMessage": "at least one parameter must be provided",
"longMessage": "at least one of `<parameters>` must be provided",
"code": "form_param_missing",
"meta": {
"names": "paramnames"
}
}{
"shortMessage": "Date values must not be in the future.",
"longMessage": "Date values must not be in the future.",
"code": "form_disallow_future_date",
"meta": {
"name": "param"
}
}
FormDuplicateParameter signifies an error when a duplicate parameter is found in a form
{
"shortMessage": "is duplicate",
"longMessage": "<param> included multiple times. There should only be one.",
"code": "form_param_duplicate",
"meta": {
"name": "param"
}
}
FormDuplicateParameterValue signifies an error when a value has been provided multiple times
{
"shortMessage": "duplicate values",
"longMessage": "<value> contains duplicate values",
"code": "form_param_duplicate",
"meta": {
"name": "param"
}
}
FormIdentifierExists signifies an error when given identifier already exists
{
"shortMessage": "",
"code": "form_identifier_exists",
"meta": {
"name": "param"
}
}
FormIdentifierExistsWithAnotherAccount signifies an error when given identifier already exists.
This is used to signal to a user that the identifier, phone number, is already associated with another account and should remove it from the other account.
{
"shortMessage": "",
"code": "form_identifier_exists",
"meta": {
"name": "param"
}
}{
"shortMessage": "Date values must be given in Unix millisecond timestamp format.",
"longMessage": "Date values must be given in Unix millisecond timestamp format.",
"code": "form_param_invalid_date",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<parameter> must be a valid email address.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid email address local part.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidEncodingParameterValue signifies an error when the given parameter has an invalid encoding
{
"shortMessage": "invalid character encoding",
"longMessage": "<param> contains invalid UTF-8 characters",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<param> must be either a valid email address, a valid phone number according to E.164 international standard or a valid web3 wallet.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidOrigin signifies an error when the given origin is http/https
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid origin such as my-app://localhost, chrome-extension://mnhbilbfebpbokpjjamapdecdgieldho, or capacitor://localhost:3000",
"code": "form_invalid_origin",
"meta": {
"name": "param"
}
}
FormInvalidParameterFormat signifies an error when the given parameter has an invalid format
{
"shortMessage": "",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterFormatBCP47 signifies an error when the given parameter does not match the BCP-47 format
{
"shortMessage": "is invalid",
"longMessage": "<parameter> must be a valid BCP-47 language tag.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<param> is invalid. Only one of the following parameter values is allowed: <allowedValues>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValue signifies an error when the given parameter has an invalid value
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match one of the allowed values for parameter <param>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<param> is invalid. Must be not empty",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValueWithAllowed signifies an error when the given parameter has an invalid value.
The difference with FormInvalidParameterValue is that this error also includes the allowed values
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match the allowed values for parameter <param>. Allowed values: <allowedValues>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooLong signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_long",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooShort signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_short",
"meta": {
"name": "param"
}
}{
"shortMessage": "Passwords must contain at least one lowercase character.",
"longMessage": "Passwords must contain at least one lowercase character.",
"code": "form_password_no_lowercase",
"meta": {
"name": "param"
}
}{
"shortMessage": "Passwords must contain at least one number.",
"longMessage": "Passwords must contain at least one number.",
"code": "form_password_no_number",
"meta": {
"name": "param"
}
}{
"shortMessage": "",
"code": "form_password_no_special_char",
"meta": {
"name": "param"
}
}{
"shortMessage": "Given password is not strong enough.",
"longMessage": "Given password is not strong enough.",
"code": "form_password_not_strong_enough"
}{
"shortMessage": "Passwords must contain at least one uppercase character.",
"longMessage": "Passwords must contain at least one uppercase character.",
"code": "form_password_no_uppercase",
"meta": {
"name": "param"
}
}
FormInvalidPasswordSizeInBytesExceeded signifies that the size in bytes was exceeded.
Note that the maximum character length constraint may fail to detect this case,
if multi-byte characters are included in the password.
For example, bcrypt limit https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.8.0:bcrypt/bcrypt.go;l=87
{
"shortMessage": "Your password is too long. Please use a shorter one.",
"longMessage": "Your password is too long. Please use a shorter one.",
"code": "form_password_size_in_bytes_exceeded",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "<parameter> must be a valid phone number according to E.164 international standard.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}{
"shortMessage": "invalid format",
"longMessage": "<param> must contain a datetime specified in RFC3339 format (e.g. `2022-10-20T10:00:27.645Z`).",
"code": "form_param_invalid_time",
"meta": {
"name": "param"
}
}
FormInvalidTypeParameter signifies an error when a form parameter has the wrong type
{
"shortMessage": "is invalid",
"longMessage": "`<param>` must be a `<paramType>`.",
"code": "form_param_type_invalid",
"meta": {
"name": "param"
}
}
FormInvalidUsernameCharacter signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_invalid_character",
"meta": {
"name": "param"
}
}
FormInvalidUsernameLength signifies an error when the given username does not have required length
{
"shortMessage": "",
"code": "form_username_invalid_length",
"meta": {
"name": "param"
}
}
FormInvalidUsernameNeedsNonNumberCharCode signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_needs_non_number_char",
"meta": {
"name": "param"
}
}
FormInvalidWeb3WalletAddress signifies an error when the given web3 wallet address is invalid
{
"shortMessage": "is invalid",
"longMessage": "<parameter> must be a valid web3 wallet address.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormMetadataInvalidType signifies an error when the given metadata is not a valid key-value object
{
"shortMessage": "",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormMissingConditionalParameter signifies an error when required parameter based on conditions is missing
{
"shortMessage": "is missing",
"longMessage": "`<param>` is required when `<leftCondition>` is `<rightCondition>`.",
"code": "form_conditional_param_missing"
}
FormMissingConditionalParameterOnExistence signifies an error when parameter is required because of the existence of another
{
"shortMessage": "is missing",
"longMessage": "`<missingParam>` is required when `<conditionalParam>` is present.",
"code": "form_conditional_param_missing",
"meta": {
"name": "missingparam"
}
}
FormMissingParameter signifies an error when an expected form parameter is missing
{
"shortMessage": "is missing",
"longMessage": "<param> must be included.",
"code": "form_param_missing",
"meta": {
"name": "param"
}
}
FormMissingResource signifies an error when the form parameter is referring to a missing resource
{
"shortMessage": "is missing",
"longMessage": "The resource associated with the supplied <param> was not found.",
"code": "form_resource_not_found",
"meta": {
"name": "param"
}
}
FormNilParameter signifies an error when a nil parameter is found in a form
{
"shortMessage": "",
"code": "form_param_nil",
"meta": {
"name": "param"
}
}
FormNotAllowedToDisableDefaultSecondFactor signifies an error when trying to disable the default flag from a second-factor
{
"shortMessage": "The default second factor method can only be changed by assigning another method as the default.",
"longMessage": "The default second factor method can only be changed by assigning another method as the default.",
"code": "form_disable_default_second_factor_not_allowed",
"meta": {
"name": "param"
}
}
FormParameterArraySizeExceeded signifies an error when the given array exceeds the maximum allowed size
{
"shortMessage": "exceeds maximum size",
"longMessage": "<parameter> should not exceed %d items.",
"code": "form_param_array_size_exceeded",
"meta": {
"name": "param"
}
}
FormParameterDeprecated signifies an error when a form parameter has been
deprecated and is no longer accepted by the endpoint. The resolution argument
can describe the recommended replacement (e.g. a different endpoint) and is
appended to the long message when non-empty.
{
"shortMessage": "is deprecated",
"longMessage": "is deprecated",
"code": "form_param_deprecated",
"meta": {
"name": "param"
}
}
FormParameterMaxLengthExceeded signifies an error when the given param value exceeds the maximum allowed length
{
"shortMessage": "exceeds maximum length",
"longMessage": "<parameter> should not exceed %d characters.",
"code": "form_param_max_length_exceeded",
"meta": {
"name": "param"
}
}
FormParameterMinLengthExceeded signifies an error when the given param value is less than the minimum allowed length
{
"shortMessage": "does not reach minimum length",
"longMessage": "<parameter> must be at least %d characters long.",
"code": "form_param_min_length_exceeded",
"meta": {
"name": "param"
}
}
FormParameterNotAllowedConditionally signifies an error when parameter is not allowed based on condition
{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed when `<leftCondition>` is <rightCondition>.",
"code": "form_conditional_param_disallowed",
"meta": {
"name": "param"
}
}
FormParameterNotAllowedIfAnotherParameterIsPresent signifies an error when a parameter is present but
is not allowed because another parameter is also present
{
"shortMessage": "is not allowed",
"longMessage": "`<notAllowedParam>` isn't allowed when `<existingParam>` is present.",
"code": "form_conditional_param_disallowed",
"meta": {
"name": "notallowedparam"
}
}
FormParameterSizeTooLarge signifies an error when a parameter exceeds the max allowed size
{
"shortMessage": "",
"code": "form_param_exceeds_allowed_size",
"meta": {
"name": "param"
}
}{
"shortMessage": "Value too large",
"longMessage": "The value of <param> can't be greater than %d",
"code": "form_param_value_too_large",
"meta": {
"name": "param"
}
}
FormPasswordDigestInvalid signifies an error when the provided password_digest is not valid for the provided password_hasher
{
"shortMessage": "",
"code": "form_password_digest_invalid_code",
"meta": {
"name": "param"
}
}
FormPasswordValidationFailed signifies a generic error when the password validation failed
{
"shortMessage": "Incorrect password. Please try again.",
"longMessage": "Incorrect password. Please try again.",
"code": "form_password_validation_failed",
"meta": {
"name": "param"
}
}{
"shortMessage": "is invalid",
"longMessage": "PKCE is required for OAuth clients without a secret",
"code": "form_public_client_requires_pkce",
"meta": {
"name": "param"
}
}
FormPwnedPassword signifies an error when the chosen password has been found in the pwned list
{
"shortMessage": "",
"code": "form_password_pwned",
"meta": {
"name": "param"
}
}
FormUnknownParameterDueToDisabledFeature signifies an error when an unexpected parameter is found in a form due to a disabled feature
{
"shortMessage": "is unknown",
"longMessage": "<param> is not a valid parameter for this request.<possibleResolution>",
"code": "form_param_unknown",
"meta": {
"name": "param"
}
}
FormUnverifiedIdentification signifies an error when the identification included in the form is unverified
{
"shortMessage": "is unverified",
"longMessage": "This identification needs to be verified before you can perform this action.",
"code": "form_verification_needed",
"meta": {
"name": "param"
}
}
FormUsernameCannotBePhoneNumber signifies an error when the given username
is in canonical E.164 phone-number format. This is rejected regardless of
the configured username character set so that the value remains reserved
for the phone-number identifier and avoids ambiguity at sign-in.
{
"shortMessage": "",
"longMessage": "<parameter> cannot be a phone number. Please choose a different username.",
"code": "form_username_cannot_be_phone_number",
"meta": {
"name": "param"
}
}
FormValidationFailed converts validator.ValidationErrors to Error.
{
"shortMessage": "is invalid",
"longMessage": "<sanitizedField> is invalid",
"code": "form_param_value_invalid",
"meta": {
"name": "sanitizedfield"
}
}{
"shortMessage": "Action blocked",
"longMessage": "This action was detected as suspicious and has been blocked. If you believe this was a mistake, please contact support.",
"code": "action_blocked"
}Home Url
HomeURLTaken signifies an error when the root domain of the provided home_url already in use by another application
{
"shortMessage": "Domain already in use",
"longMessage": "The <homeURL> root domain is already in use by another application.",
"code": "home_url_taken",
"meta": {
"name": "paramname"
}
}
HomeURLTakenByProvider signifies an error when the root domain of the
provided home_url is already used by a provider-managed app.
{
"shortMessage": "",
"longMessage": "The <homeURL> root domain is already in use by a <providerName> app. Delete the <providerName> app or contact <providerName> support to remove the domain before using it in Clerk.",
"code": "home_url_taken",
"meta": {
"name": "paramname"
}
}
KnownHostingDomain signifies an error when the domain extracted from the provided home_url belongs to a
known hosting service and cannot be used to deploy production apps
{
"shortMessage": "Known hosting domain",
"longMessage": "The <domain> domain cannot be used to deploy production apps.",
"code": "known_hosting_domain",
"meta": {
"name": "paramname"
}
}
ReservedDomain signifies an error when the domain extracted from the provided home_url is reserved by Clerk
{
"shortMessage": "Domain reserved by Clerk",
"longMessage": "The <domain> domain is reserved by Clerk.",
"code": "reserved_domain",
"meta": {
"name": "paramname"
}
}
ReservedSubdomain signifies an error when the subdomain extracted from the provided home_url is reserved by Clerk
{
"shortMessage": "Reserved subdomain",
"longMessage": "The <subdomain> subdomain is reserved by Clerk.",
"code": "reserved_subdomain",
"meta": {
"name": "paramname"
}
}{
"shortMessage": "Create failed",
"longMessage": "Unverified identifications cannot be a second factor",
"code": "identification_create_second_factor_unverified"
}
IdentificationNotFound signifies an error when comm is not found
{
"shortMessage": "Resource not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}{
"shortMessage": "Update failed",
"longMessage": "You cannot set your last identification as second factor.",
"code": "identification_update_failed"
}{
"shortMessage": "Update failed",
"longMessage": "Cannot update second factor attributes for unverified identification",
"code": "identification_update_second_factor_unverified"
}{
"shortMessage": "Image decode error",
"longMessage": "The image could not be decoded. Please ensure the image is valid and try again.",
"code": "request_body_invalid"
}{
"shortMessage": "Image not found",
"longMessage": "Image not found",
"code": "image_not_found"
}
ImageTooLarge signifies an error when the image being uploaded is too large to handle.
{
"shortMessage": "Image too large",
"longMessage": "The image being uploaded is more than 10MB. Please choose a smaller one.",
"code": "image_too_large"
}{
"shortMessage": "Unsupported image type",
"longMessage": "'<imageType>' images are not currently supported. Please consult the API documentation for more information.",
"code": "request_body_invalid"
}
RequestWithoutImage signifies an error when no image was present in the request.
{
"shortMessage": "Image file missing",
"longMessage": "There was no image file present in the request",
"code": "form_param_missing"
}{
"shortMessage": "Impersonation limit exceeded",
"longMessage": "Your application has reached the impersonation limit for your plan (%d/%d). The limit will reset at the beginning of the next billing period.",
"code": "impersonation_limit_exceeded",
"meta": "{\"Limit\": limit, \"Used\": used}"
}Instance Keys
InstanceKeyRequired signifies an error when no instance keys exist
{
"shortMessage": "Key required",
"longMessage": "Please generate at least one instance key",
"code": "instance_key_required"
}{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed to be set for this instance",
"code": "disabled_instance_restriction",
"meta": {
"name": "param"
}
}{
"shortMessage": "Invalid captcha widget type",
"longMessage": "The captcha widget type '<widgetType>' is invalid. Allowed values: <allowedTypes>",
"code": "invalid_captcha_widget_type"
}{
"shortMessage": "Invalid captcha widget type transition",
"longMessage": "The captcha widget type cannot be changed from '<from>' to '<to>'.",
"code": "invalid_captcha_widget_type"
}{
"shortMessage": "Breaks instance invariant",
"longMessage": "%v - This invariant is determined by your user settings",
"code": "breaks_instance_invariant"
}
InstanceNotFound signifies an error when no instance with given instanceID was found
{
"shortMessage": "Instance not found",
"longMessage": "No instance was found with id <instanceID>",
"code": "resource_not_found"
}
ProductionInstanceExists signifies an error when trying to create a production instance
when there is already one
{
"shortMessage": "You can only have one production instance.",
"longMessage": "You can only have one production instance.",
"code": "production_instance_exists"
}{
"shortMessage": "Bad request",
"longMessage": "Bad request",
"code": "bad_request"
}{
"shortMessage": "",
"code": "bad_request"
}
409 - conflict. This apierror provides very little context and should likely be avoided for errors that will be customer- or end-user-facing. For lock errors, consider instead ResourceBusy().
{
"shortMessage": "Conflict",
"longMessage": "Conflict",
"code": "conflict"
}
403 - quota exceeded
{
"shortMessage": "Quota exceeded",
"longMessage": "Quota exceeded, you have reached your limit.",
"code": "quota_exceeded"
}
409 - resource locked
{
"shortMessage": "resource busy",
"longMessage": "This resource is currently being modified by another request. Please try again.",
"code": "resource_locked"
}
Unexpected is used for all unexpected errors
It unwraps the error chain to check if an API error was wrapped,
and returns that instead of creating a 500 error
{
"shortMessage": "Oops, an unexpected error occurred",
"longMessage": "There was an internal error on our servers. We've been notified and are working on fixing it.",
"code": "internal_clerk_error"
}Invitations
DuplicateInvitations denotes an error when there are already invitations
for the given email addresses
{
"shortMessage": "",
"longMessage": "There are already pending invitations for the following email addresses: <emails>",
"code": "duplicate_record",
"meta": {
"emailaddresses": "emailaddresses"
}
}
InvitationAlreadyAccepted denotes an error when someone tries to use
an invitation which is already accepted.
{
"shortMessage": "Invitation is already accepted, try signing in instead.",
"longMessage": "Invitation is already accepted, try signing in instead.",
"code": "invitation_already_accepted"
}
InvitationAlreadyRevoked denotes an error when someone tries to revoke
an invitation which is already revoked.
{
"shortMessage": "Invitation is already revoked.",
"longMessage": "Invitation is already revoked.",
"code": "invitation_already_revoked"
}
InvitationNotFound denotes an error when there is no invitation with
the given id
{
"shortMessage": "not found",
"longMessage": "No invitation was found with id <invitationID>.",
"code": "resource_not_found"
}
InvitationsNotSupportedInInstance denotes an error when user is
trying to create an invitation on an instance that doesn't support it
{
"shortMessage": "Invitations are only supported on instances that accept email addresses.",
"longMessage": "Invitations are only supported on instances that accept email addresses.",
"code": "invitations_not_supported"
}
RevokedInvitation denotes an error when the given invitation token
does not correspond to any invitations, which means that the invitation
has been removed.
{
"shortMessage": "The invitation was revoked.",
"longMessage": "The invitation was revoked.",
"code": "revoked_invitation"
}Jwt Templates
JWTTemplateNotFound signifies an error when a JWT template was not found by the provided attribute
{
"shortMessage": "JWT template not found",
"longMessage": "No JWT template exists with <attribute>: <val>",
"code": "resource_not_found"
}
JWTTemplateReservedClaim denotes an error when the provided template contains a reserved claim.
{
"shortMessage": "reserved claim used",
"longMessage": "You can't use the reserved claim: '<claim>'",
"code": "jwt_template_reserved_claim",
"meta": {
"name": "param"
}
}{
"shortMessage": "session token template cannot be deleted",
"longMessage": "This template cannot be deleted because it's a session token template",
"code": "session_token_jwt_template"
}Machine Token
MachineTokenReservedClaim denotes an error when the provided machine token claims object contains a reserved claim.
{
"shortMessage": "reserved claim used",
"longMessage": "You can't use the reserved claim: '<claim>'",
"code": "machine_token_reserved_claim",
"meta": {
"name": "param"
}
}{
"shortMessage": "duplicate list items not allowed",
"longMessage": "duplicate list items not allowed: <param>",
"code": "duplicate_list_items_not_allowed"
}{
"shortMessage": "invalid environment type",
"longMessage": "invalid environment types: <envTypes>",
"code": "invalid_environment_type"
}{
"shortMessage": "too many secret keys",
"longMessage": "You can only rotate secret keys when your instance has exactly one key.",
"code": "too_many_secret_keys"
}Network
GatewayTimeout signifies an error when a 3rd party service takes too long to respond.
{
"shortMessage": "Gateway Timeout",
"longMessage": "A request to a 3rd party service timed out",
"code": "gateway_timeout"
}{
"shortMessage": "active custom OAuth provider cannot be deleted",
"longMessage": "The custom OAuth provider %q is currently active and cannot be deleted. You can disable it instead.",
"code": "custom_oauth_provider_cannot_delete_active"
}{
"shortMessage": "custom OAuth provider cannot use discovery URL",
"longMessage": "The custom OAuth provider cannot use the discovery URL. Please provide the necessary configuration manually.",
"code": "custom_oauth_provider_cannot_use_discovery_url",
"meta": {
"name": "discovery_url"
}
}{
"shortMessage": "issuer mismatch in custom OAuth provider discovery URL",
"longMessage": "The issuer in the discovery URL (<url>) does not match the issuer returned in the configuration (<issuer>).",
"code": "custom_oauth_provider_discovery_issuer_mismatch",
"meta": {
"name": "discovery_url"
}
}{
"shortMessage": "error retrieving OAuth response from provider's discovery URL",
"longMessage": "An error was encountered when attempting to retrieve metadata from the oauth url %q: %q",
"code": "custom_oauth_provider_discovery_server_retrieval_error",
"meta": {
"name": "discovery_url"
}
}{
"shortMessage": "Missing OAuth access token",
"longMessage": "OAuth access token is missing",
"code": "oauth_missing_access_token"
}{
"shortMessage": "Cannot refresh OAuth access token",
"longMessage": "The current access token has expired and we cannot refresh it, because the authorization server hasn't provided us with a refresh token",
"code": "oauth_missing_refresh_token"
}{
"shortMessage": "OAuth provider not enabled",
"longMessage": "Single-sign on for this OAuth provider is not enabled in the instance settings.",
"code": "oauth_token_provider_not_enabled"
}{
"shortMessage": "Token retrieval failed",
"longMessage": "Failed to retrieve a new access token from the OAuth provider",
"code": "oauth_token_retrieval_error"
}
UnsupportedOauthProvider signifies an error when an instance tries to enable
an OAuth external provider which is not supported.
{
"shortMessage": "",
"longMessage": "%v OAuth is not supported. Please contact us if you think this error should not appear.",
"code": "oauth_unsupported_provider"
}{
"shortMessage": "duplicate redirect URI",
"longMessage": "the redirect URI already exists",
"code": "duplicate_record"
}{
"shortMessage": "consent screen cannot be disabled",
"longMessage": "Consent screen cannot be disabled for a dynamically registered OAuth Application",
"code": "oauth_application_consent_screen_cannot_be_disabled"
}Organizations
400 - User with given identifier is already a member of the organization and cannot be added again
{
"shortMessage": "already a member",
"longMessage": "<user> is already a member of the organization.",
"code": "already_a_member_in_organization"
}{
"shortMessage": "not allowed",
"longMessage": "`force_organization_selection` cannot be enabled when organizations are disabled. Please enable organizations first.",
"code": "force_organization_selection_not_allowed_when_organizations_disabled"
}{
"shortMessage": "missing permission",
"longMessage": "Current user is missing an organization permission.",
"code": "missing_organization_permission",
"meta": {
"permissions": "permissions"
}
}
403 - Only for organization members Deprecated: This error reveals the existence of an organization to an unauthorized user. Use OrganizationNotFoundOrUnauthorized instead, and ensure other pathways that error when the organization isn't found also use OrganizationNotFoundOrUnauthorized
{
"shortMessage": "not a member",
"longMessage": "Current user is not a member of the organization. Only organization members can perform this action.",
"code": "not_a_member_in_organization"
}{
"shortMessage": "this organization already has an SSO connection",
"longMessage": "This organization already has an SSO connection.",
"code": "organization_already_has_sso_connection",
"meta": {
"name": "organization_id"
}
}
400 - Creator doesn't exist
{
"shortMessage": "creator not found",
"longMessage": "No users found with id <userID>.",
"code": "organization_creator_not_found"
}{
"shortMessage": "organizaton domain already exists",
"longMessage": "This domain is already used by another organization.",
"code": "organization_domain_already_exists",
"meta": {
"name": "param"
}
}{
"shortMessage": "blocked email domain",
"longMessage": "This is a blocked email provider domain. Please use a different one.",
"code": "organization_domain_blocked",
"meta": {
"name": "param"
}
}{
"shortMessage": "common email domain",
"longMessage": "This is a common email provider domain. Please use a different one.",
"code": "organization_domain_common",
"meta": {
"name": "param"
}
}{
"shortMessage": "organization enrollment mode not enabled",
"longMessage": "Enrollment mode <enrollmentMode> is not enabled for this instances's organizations.",
"code": "organization_domain_enrollment_mode_not_enabled"
}{
"shortMessage": "organization domains quota exceeded",
"longMessage": "You have reached your limit of %d domains per organization.",
"code": "organization_domain_quota_exceeded"
}{
"shortMessage": "organization roles for instance quota exceeded",
"longMessage": "You have reached your limit of %d organization roles per instance.",
"code": "organization_instance_roles_quota_exceeded"
}{
"shortMessage": "organization invitation not unique",
"longMessage": "Organizations cannot have duplicate pending invitations for an email address.",
"code": "organization_invitation_not_unique"
}{
"shortMessage": "organization membership quota exceeded",
"longMessage": "You have reached your limit of %d organization memberships, including outstanding invitations.",
"code": "organization_membership_quota_exceeded"
}{
"shortMessage": "membership role managed by SCIM",
"longMessage": "This membership is managed by a SCIM directory and cannot be changed manually.",
"code": "organization_membership_managed_by_scim"
}{
"shortMessage": "minimum organization permissions needed",
"longMessage": "There has to be at least one organization member with the minimum required permissions",
"code": "organization_minimum_permissions_needed"
}{
"shortMessage": "missing permissions for creator role",
"longMessage": "The creator role must contain the following permissions: <permissionKeys>",
"code": "organization_missing_creator_role_permissions"
}{
"shortMessage": "invalid organization name",
"longMessage": "The organization name %q is invalid: <name>",
"code": "form_param_value_invalid",
"meta": {
"name": "name"
}
}{
"shortMessage": "access denied",
"longMessage": "The organizations feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "organization_not_enabled_in_instance"
}
404 - Organization not found
WARNING: This is safe to use for endpoints where the caller is authorized to be
aware of every organization. But if the endpoint errors if the caller is not
authorized on the organization, do not use this, because it leaks the existence
of the organization! Use OrganizationNotFoundOrUnauthorized instead.
{
"shortMessage": "not found",
"longMessage": "Given organization not found.",
"code": "resource_not_found"
}
404 - Used for any case
{
"shortMessage": "not found or unauthorized",
"longMessage": "Given organization not found, or you don't have permission to access the organization",
"code": "organization_not_found_or_unauthorized"
}{
"shortMessage": "not found",
"longMessage": "Organization permission not found",
"code": "resource_not_found"
}{
"shortMessage": "role is assigned to organization members",
"longMessage": "The organization role is currently assigned to one or more organization members.",
"code": "organization_role_assigned_members"
}{
"shortMessage": "role exists in pending organization invitations",
"longMessage": "The organization role exists in one or more pending organization invitations. Please revoke these invitations to proceed.",
"code": "organization_role_exists_in_invitations"
}{
"shortMessage": "not found",
"longMessage": "Organization role not found",
"code": "resource_not_found",
"meta": {
"name": "paramname"
}
}{
"shortMessage": "permission already assigned to role",
"longMessage": "This organization permission is already associated to this organization role.",
"code": "organization_role_permission_association_exists"
}{
"shortMessage": "role is used as the creator role",
"longMessage": "The organization role cannot be deleted as it is currently used as the creator role.",
"code": "organization_role_default_creator_role"
}{
"shortMessage": "role is used as the domain default role",
"longMessage": "The organization role cannot be deleted as it is currently used as the default domain role.",
"code": "organization_role_domain_default_role"
}{
"shortMessage": "cannot disable organizations",
"longMessage": "Cannot disable organizations because <reason>.",
"code": "organizations_disable_not_allowed"
}{
"shortMessage": "organization system permission cannot be modified",
"longMessage": "This organization permission cannot be modified because it is a system permission.",
"code": "organization_system_permission_not_modifiable"
}Platform
PlatformAPIPolicyViolation signifies policy or issuer restrictions on OAuth access tokens for the Platform API (HTTP 403).
{
"shortMessage": "Authentication policy violation",
"longMessage": "This request cannot be completed due to a policy restriction.",
"code": "authorization_invalid"
}
PlatformAPIRequestNotAllowed signifies that the Platform API request is forbidden for the authenticated principal or target resource (HTTP 403).
{
"shortMessage": "Request not allowed",
"longMessage": "This Platform API request cannot be completed for the authenticated principal or resource.",
"code": "authorization_invalid"
}
PlatformAPIUnrecognizedCredential signifies that the bearer credential does not match any supported Platform API authentication format.
{
"shortMessage": "Unrecognized credential",
"longMessage": "The credential format is not recognized for the Platform API.",
"code": "platform_api_unrecognized_credential"
}
PlatformOAuthAccessTokenInvalid signifies that an OAuth access token could not be parsed or verified.
{
"shortMessage": "Invalid OAuth access token",
"longMessage": "The OAuth access token is invalid, malformed, or could not be verified.",
"code": "platform_oauth_access_token_invalid"
}
PlatformOAuthAccessTokenMissingClaims signifies that a JWT access token is missing required claims.
{
"shortMessage": "Invalid OAuth access token",
"longMessage": "Invalid OAuth access token",
"code": "platform_oauth_access_token_missing_claims",
"meta": {
"claims": "cp"
}
}{
"shortMessage": "Unsupported plan features",
"longMessage": "Some features are not supported in your current plan. Upgrade your subscription to unlock them.",
"code": "unsupported_subscription_plan_features",
"meta": {
"unsupportedfeatures": "unsupportedfeatures"
}
}Public Keys
PublicKeyNotFound signifies an error when no public key was found with the given id
{
"shortMessage": "Public key not found",
"longMessage": "No public key was found with id <publicKeyID>",
"code": "resource_not_found"
}Redirect Urls
RedirectURLNotFound signifies an error when a RedirectURL was not found by the provided attribute
{
"shortMessage": "Redirect url not found",
"longMessage": "No RedirectURL exists with <attribute>: <val>",
"code": "resource_not_found"
}{
"shortMessage": "bulk size exceeded",
"longMessage": "Parameters exceed the maximum allowed bulk processing size of %d.",
"code": "bulk_size_exceeded"
}
FailedToParseRequestBody is a dynamic error which should be used after
receiving an error from a JSON decode attempt.
{
"shortMessage": "is invalid",
"longMessage": "%v is invalid. Received %v, must be of type %v.",
"code": "form_param_value_invalid"
}
InvalidRequestBody signifies an error when the body of the request does not conform to the expected format
{
"shortMessage": "Request body invalid",
"longMessage": "The request body is invalid. Please consult the API documentation for more information.",
"code": "request_body_invalid"
}{
"shortMessage": "Malformed publishable key",
"longMessage": "Ensure the provided publishable key (<key>) is the one displayed in Dashboard",
"code": "malformed_publishable_key"
}
MalformedRequestParameters signifies an error when the request parameters are malformed and result in parsing errors
{
"shortMessage": "Malformed request parameters",
"longMessage": "The request parameters are malformed and could not be parsed",
"code": "malformed_request_parameters"
}{
"shortMessage": "Missing query parameter",
"longMessage": "Either of the following query parameters must be provided: <parameters>.",
"code": "missing_query_parameter"
}
MissingQueryParameter denotes that the required query parameter, param, was
not provided by the request.
{
"shortMessage": "",
"longMessage": "The query parameter '<param>' is missing from the request. Please consult the API documentation for more information.",
"code": "missing_query_parameter"
}{
"shortMessage": "Request body too large",
"longMessage": "The request body exceeds the maximum allowed size of %d bytes.",
"code": "request_body_too_large"
}
UnsupportedContentType signifies an error when provided content type is unsupported
{
"shortMessage": "Content-Type is unsupported",
"longMessage": "Content-Type <actual> is unsupported. You should use <expected> instead.",
"code": "unsupported_content_type"
}{
"shortMessage": "SAML Connection can't be activated",
"longMessage": "You have to provide the <fields> before you are able to activate this connection.",
"code": "saml_connection_cant_be_activated"
}{
"shortMessage": "Failed to fetch IdP metadata",
"longMessage": "We failed to fetch the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
"code": "saml_failed_to_fetch_idp_metadata"
}{
"shortMessage": "Failed to parse IdP metadata",
"longMessage": "We failed to parse the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
"code": "saml_failed_to_parse_idp_metadata"
}{
"shortMessage": "IdP metadata is missing required fields",
"longMessage": "The IdP metadata is missing the following required fields: <fields>",
"code": "saml_metadata_missing_fields",
"meta": {
"missingfields": "missingfields"
}
}Scim
SCIMAttributeManagedByDirectory returns a 409 Conflict error when attempting to
update an attribute that is managed by a SCIM directory.
{
"shortMessage": "attribute managed by SCIM",
"longMessage": "attribute managed by SCIM",
"code": "attribute_managed_by_scim",
"meta": {
"name": "paramname"
}
}
SCIMGroupRoleMappingDisabled returns an error when attempting to mutate group role
mappings on a SCIM directory that has role mapping disabled.
{
"shortMessage": "role mapping disabled",
"longMessage": "Role mapping is disabled for this SCIM directory. Enable role mapping to add, edit, or remove mappings.",
"code": "feature_not_enabled"
}{
"shortMessage": "expired session token consumed",
"longMessage": "The provided expired session token was already consumed in a previous refresh request",
"code": "session_refresh_expired_session_token_consumed"
}{
"shortMessage": "Invalid expired_token param",
"longMessage": "The session token provided could not be successfully verified",
"code": "expired_session_token_invalid"
}{
"shortMessage": "session token too old",
"longMessage": "The provided expired session token is too old",
"code": "session_refresh_expired_session_token_too_old"
}{
"shortMessage": "session inactive",
"longMessage": "The provided session is not active",
"code": "session_refresh_inactive_session"
}{
"shortMessage": "expired session token ineligible",
"longMessage": "The provided expired session token is not eligible for refresh",
"code": "session_refresh_session_token_ineligible"
}{
"shortMessage": "Request origin is invalid",
"longMessage": "The request_origin parameter could not be parsed",
"code": "refresh_request_origin_invalid"
}{
"shortMessage": "missing 'azp' claim",
"longMessage": "No 'azp' claim present in the provided expired session token",
"code": "expired_session_token_missing_azp"
}{
"shortMessage": "missing 'iat' claim",
"longMessage": "No 'iat' claim present in the provided expired session token",
"code": "session_refresh_expired_session_token_missing_iat"
}{
"shortMessage": "missing 'sid' claim",
"longMessage": "No 'sid' claim present in the provided expired session token",
"code": "expired_session_token_missing_sid"
}{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled in your instance",
"code": "feature_not_enabled"
}{
"shortMessage": "Request origin does not match azp claim",
"longMessage": "The request_origin parameter does not match the 'azp' claim of expired_token",
"code": "refresh_request_origin_azp_mismatch"
}{
"shortMessage": "Session not found",
"longMessage": "No session was found with id <sessionID>",
"code": "session_refresh_session_not_found"
}{
"shortMessage": "Session ID does not match the 'sid' claim",
"longMessage": "The 'sid' claim of the provided expired session token does not match the session ID provided in the request path",
"code": "refresh_sid_mismatch"
}{
"shortMessage": "Refresh token not found",
"longMessage": "The provided refresh token was not found",
"code": "refresh_token_not_found"
}{
"shortMessage": "user not found",
"longMessage": "The provided user was not found",
"code": "session_refresh_user_not_found"
}{
"shortMessage": "account deprovisioned",
"longMessage": "Your account is deprovisioned",
"code": "deprovisioned"
}{
"shortMessage": "account deprovisioned",
"longMessage": "The target user's account has been deprovisioned according to their external identity provider",
"code": "deprovisioned"
}{
"shortMessage": "Invalid session token",
"longMessage": "The token provided could not be successfully verified",
"code": "invalid_session_token"
}
SessionNotFound signifies an error when no session with given sessionID was found
{
"shortMessage": "Session not found",
"longMessage": "No session was found with id <sessionID>",
"code": "resource_not_found"
}Sign In
IdentificationClaimed signifies an error when the requested identification is already claimed by another user
{
"shortMessage": "Identification claimed by another user",
"longMessage": "One or more identifiers on this sign up have since been connected to a different User. Please sign up again.",
"code": "identification_claimed"
}{
"shortMessage": "cannot revoke",
"longMessage": "Sign in token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
"code": "sign_in_token_cannot_be_revoked_code"
}{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed to be `%v` when sign-up mode is set to <value>",
"code": "sign_up_mode_restricted_invalid_value",
"meta": {
"name": "param"
}
}{
"shortMessage": "Sign up cannot be updated",
"longMessage": "This sign up has reached a terminal state and cannot be updated",
"code": "sign_up_cannot_be_updated"
}{
"shortMessage": "Invalid sign-up mode",
"longMessage": "The sign-up mode '<mode>' is invalid. Allowed values: <allowedModes>",
"code": "sign_up_mode_invalid"
}Signing Keys
SigningKeyNotFound signifies an error when no signing key with a given signingKeyID was found
{
"shortMessage": "Signing key not found",
"longMessage": "No signing key was found with id <signingKeyID>",
"code": "resource_not_found"
}Sms
SMSCountryRemovalRestricted signals that the caller tried to remove one or more
tier B-F countries from the SMS blocklist on an instance whose plan lacks the
phone_code feature. Removing those countries is restricted to prevent SMS pumping abuse on
free/dev instances; activating them requires upgrading the plan or contacting support.
{
"shortMessage": "SMS country removal restricted",
"longMessage": "Cannot remove the following countries from the SMS blocklist without an upgraded plan: %v. Contact support to activate these countries.",
"code": "sms_country_removal_restricted",
"meta": "{\"CountryCodes\": countryCodes}"
}{
"shortMessage": "Product not supported by subscription plan",
"longMessage": "The product <productID> is not compatible with the current subscription plan",
"code": "product_not_supported_by_subscription_plan"
}{
"shortMessage": "Invalid template body",
"longMessage": "This template body is invalid and cannot be rendered successfully, please check for syntax errors",
"code": "invalid_template_body",
"meta": {
"name": "body"
}
}{
"shortMessage": "",
"longMessage": "Body should contain the {{<requiredVariable>}} variable",
"code": "required_variable_missing",
"meta": {
"name": "body"
}
}{
"shortMessage": "Template body cannot be modified",
"longMessage": "The body of template with slug <slug> can't be modified",
"code": "template_body_modification_restricted"
}
TemplateDeletionRestricted signifies an error when a deletion is attempted for a built-in (non-custom) template
{
"shortMessage": "Template deletion restricted",
"longMessage": "Template with slug <slug> can't be deleted",
"code": "template_deletion_restricted"
}
TemplateNotFound signifies an error when no template with given slug was found
{
"shortMessage": "Template not found",
"longMessage": "No template was found with slug <slug>",
"code": "resource_not_found"
}
TemplateRevertRestricted signifies an error when a custom template is attempted to be reverted
{
"shortMessage": "Template revert restricted",
"longMessage": "Template with slug <slug> can't be reverted",
"code": "template_revert_error"
}
TemplateTypeUnsupported signifies an error when an invalid template type is provided
{
"shortMessage": "Template type not supported",
"longMessage": "Template type <templateType> is not supported",
"code": "template_type_unsupported"
}{
"shortMessage": "invalid TOTP secret",
"longMessage": "The TOTP secret is invalid, please provide a valid one base32 encoded",
"code": "invalid_totp_secret_code"
}{
"shortMessage": "Insecure URL",
"longMessage": "Please provide a secure URL (https)",
"code": "insecure_url",
"meta": {
"name": "paramname"
}
}{
"shortMessage": "at least one attribute must be verified on sign up",
"longMessage": "at least one attribute must be verified on sign up because <reason>",
"code": "attribute_at_least_one_must_be_verified_at_sign_up"
}{
"shortMessage": "forbidden",
"longMessage": "Resource forbidden",
"code": "resource_forbidden"
}{
"shortMessage": "Resource invalid",
"longMessage": "Resource invalid",
"code": "resource_invalid"
}{
"shortMessage": "not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}Users
DeleteLinkedCommNotAllowed signifies an error when trying to delete a linked communication
TODO Alex: Check if this is the correct place for this error
{
"shortMessage": "Deleting a linked email address is not allowed",
"longMessage": "This email address is linked to one or more Connected Accounts. Remove the Connected Account before deleting this email address.",
"code": "delete_linked_identification_disallowed"
}{
"shortMessage": "incorrect password",
"longMessage": "The provided password is not the one the user has set",
"code": "incorrect_password"
}{
"shortMessage": "incorrect TOTP",
"longMessage": "The provided TOTP code is incorrect",
"code": "totp_incorrect_code"
}{
"shortMessage": "invalid length",
"longMessage": "The provided TOTP code must be 6 characters long.",
"code": "totp_invalid_length"
}{
"shortMessage": "no password set",
"longMessage": "This user does not have a password set for their account",
"code": "no_password_set"
}{
"shortMessage": "password disabled",
"longMessage": "Password is disabled for this instance. Cannot force a password reset.",
"code": "password_disabled"
}{
"shortMessage": "TOTP is disabled",
"longMessage": "This user does not have TOTP enabled in their account",
"code": "totp_disabled"
}
UserBanned signifies an error when a user is banned
{
"shortMessage": "User banned",
"longMessage": "You have been banned. If you think this was by mistake, please contact support.",
"code": "user_banned"
}{
"shortMessage": "missing data",
"longMessage": "%q data doesn't match user requirements set for this instance",
"code": "form_data_missing",
"meta": {
"names": "missingparams"
}
}{
"shortMessage": "User deactivated",
"longMessage": "You have been deactivated. Please contact support.",
"code": "user_deactivated"
}
UserNotFound signifies an error when no user is found with userID
{
"shortMessage": "not found",
"longMessage": "No user was found with id <userID>",
"code": "resource_not_found"
}{
"shortMessage": "user quota exceeded",
"longMessage": "You have reached your limit of %d users. <maxAllowed>",
"code": "user_quota_exceeded"
}{
"shortMessage": "user managed by SCIM",
"longMessage": "This user is managed by a SCIM directory and cannot be deleted manually.",
"code": "user_managed_by_scim"
}{
"shortMessage": "Waitlist entry is locked",
"longMessage": "This waitlist entry is locked and cannot be modified at this time. Please try again later.",
"code": "waitlist_entry_locked"
}{
"shortMessage": "Only one Svix app is allowed per instance.",
"longMessage": "Only one Svix app is allowed per instance.",
"code": "svix_app_exists"
}{
"shortMessage": "Svix app creation failed",
"longMessage": "Could not create a Svix app with name <name> at this time. Please contact us if this error persists.",
"code": "svix_app_create_error"
}Feedback
Last updated on