# Frontend API errors An index of Clerk Frontend API errors. ## Actor Tokens ### ActorTokenAlreadyUsed filename: Status Code: 400 ```json { "shortMessage": "actor token has already been used", "longMessage": "This actor token has already been used. Each token can only be used once.", "code": "actor_token_already_used_code" } ``` ### ActorTokenCanBeUsedOnlyInSignIn filename: Status Code: 400 ```json { "shortMessage": "not in sign in", "longMessage": "Actor tokens can only be used during sign in.", "code": "actor_token_not_in_sign_in_code" } ``` ### ActorTokenCannotBeUsed filename: Status Code: 400 ```json { "shortMessage": "actor token cannot be used", "longMessage": "This actor token cannot be used anymore. Please request a new one.", "code": "actor_token_cannot_be_used_code" } ``` ### ActorTokenRevoked filename: Status Code: 400 ```json { "shortMessage": "actor token has been revoked", "longMessage": "This actor token has been revoked and cannot be used anymore.", "code": "actor_token_revoked_code" } ``` ### ActorTokenSubjectNotFound filename: Status Code: 404 ```json { "shortMessage": "user not found", "longMessage": "The user of the actor token no longer exists. Please request a new one.", "code": "actor_token_subject_not_found" } ``` ## Agent Tasks ### AgentTaskAlreadyUsed filename: Status Code: 400 ```json { "shortMessage": "agent task has already been used", "longMessage": "This agent task has already been used. Each task can only be used once.", "code": "agent_task_already_used" } ``` ### AgentTaskCanBeUsedOnlyInSignIn filename: Status Code: 400 ```json { "shortMessage": "not in sign in", "longMessage": "Agent tasks can only be used during sign in.", "code": "agent_task_not_in_sign_in" } ``` ### AgentTaskCannotBeUsed filename: Status Code: 400 ```json { "shortMessage": "agent task cannot be used", "longMessage": "This agent task cannot be used anymore. Please request a new one.", "code": "agent_task_cannot_be_used" } ``` ### AgentTaskRevoked filename: Status Code: 400 ```json { "shortMessage": "agent task has been revoked", "longMessage": "This agent task has been revoked and cannot be used anymore.", "code": "agent_task_revoked" } ``` ### AgentTaskSubjectNotFound filename: Status Code: 404 ```json { "shortMessage": "user not found", "longMessage": "The user of the agent task no longer exists. Please request a new one.", "code": "agent_task_subject_not_found" } ``` ## Applications ### ManagementTokenSubjectNotFound `ManagementTokenSubjectNotFound` is returned when redeeming a management token whose referenced user no longer exists in the instance. filename: Status Code: 404 ```json { "shortMessage": "user not found", "longMessage": "The user referenced by this management token no longer exists. Mint a new token.", "code": "management_token_subject_not_found" } ``` ## Auth ### IdentificationExists `IdentificationExists` signifies an error when the identifier already exists filename: Status Code: 400 ```json { "shortMessage": "already exists", "longMessage": "This already exists.", "code": "" } ``` ### IdentifierContainsSubaddresses filename: Status Code: 403 ```json { "shortMessage": "Email subaddress not allowed.", "longMessage": "Email address must not contain the characters '+', '=', or '#'.", "code": "not_allowed_access", "meta": { "name": "email_address" } } ``` ### IdentifierFromBlockedCountryCode filename: Status Code: 403 ```json { "shortMessage": "Country code not allowed.", "longMessage": "Phone number sign ups are not allowed for this country code. Please use a different method.", "code": "not_allowed_access", "meta": { "name": "phone_number" } } ``` ### IdentifierNotAllowedAccess filename: Status Code: 403 ```json { "shortMessage": "Access not allowed.", "longMessage": " not allowed to access this application.", "code": "not_allowed_access", "meta": "{\"Identifiers\": identifiers}" } ``` ### InvalidAuthentication `InvalidAuthentication` signifies an error when the request is not authenticated filename: Status Code: 401 ```json { "shortMessage": "Invalid authentication", "longMessage": "Unable to authenticate the request, you need to supply an active session", "code": "authentication_invalid" } ``` ### InvalidAuthorization `InvalidAuthorization` signifies an error when the request is not authorized to perform the given operation filename: Status Code: 403 ```json { "shortMessage": "Unauthorized request", "longMessage": "You are not authorized to perform this request", "code": "authorization_invalid" } ``` ### InvalidAuthorizationHeaderFormat `InvalidAuthorizationHeaderFormat` signifies an error when the Authorization header has no proper format. filename: Status Code: 401 ```json { "shortMessage": "Invalid Authorization header format", "longMessage": "Invalid Authorization header format. Must be 'Bearer '", "code": "authorization_header_format_invalid" } ``` ### InvalidCSRFToken `InvalidCSRFToken` signifies an error when the request does not contain a CSRF token or the given token is invalid filename: Status Code: 403 ```json { "shortMessage": "Invalid or missing CSRF token", "longMessage": "To protect against CSRF attacks, the given request must include a valid CSRF token.", "code": "csrf_token_invalid" } ``` ### InvalidHandshake filename: Status Code: 400 ```json { "shortMessage": "invalid handshake", "longMessage": "The handshake request is invalid: ", "code": "invalid_handshake" } ``` ### InvalidHost `InvalidHost` signifies an error when the incoming request has an invalid host filename: Status Code: 400 ```json { "shortMessage": "Invalid host", "longMessage": "We were unable to attribute this request to an instance running on Clerk. Make sure that your Clerk Publishable Key is correct.", "code": "host_invalid" } ``` ### InvalidOriginHeader `InvalidOriginHeader` signifies an error when the origin header of the incoming request is invalid filename: Status Code: 400 ```json { "shortMessage": "Invalid HTTP Origin header", "longMessage": "The Request HTTP Origin header must be equal to or a subdomain of the requesting URL.", "code": "origin_invalid" } ``` ### InvalidRequestForEnvironment `InvalidRequestForEnvironment` signifies an error when the incoming request is invalid for given environment(s) filename: Status Code: 400 ```json { "shortMessage": "Invalid request for environment", "longMessage": "Request only valid for instances.", "code": "request_invalid_for_environment" } ``` ### InvalidUserSettings `InvalidUserSettings` signifies an error where the auth settings of the instance are not well configured, which results in sign in and sign up endpoints to be restricted. filename: Status Code: 409 ```json { "shortMessage": "invalid auth configuration", "longMessage": "The authentication settings are invalid.", "code": "user_settings_invalid" } ``` ### MissingRequestHeadersForNonStandardBrowsers `MissingRequestHeadersForNonStandardBrowsers` signifies an error when the incoming request is missing mandatory headers filename: Status Code: 400 ```json { "shortMessage": "Invalid request headers", "longMessage": "Your Clerk Frontend API is accessible from browsers and native applications. To protect against common web attacks, we require the HTTP Authorization header to be present in native application requests. Make sure the HTTP Authorization header is set a valid Clerk client JWT or set it to an empty string for your first Frontend API request that will return your Clerk client JWT.", "code": "request_header_missing" } ``` ### MissingRequestHeadersForStandardBrowsers `MissingRequestHeadersForStandardBrowsers` signifies an error when the incoming request is missing mandatory headers filename: Status Code: 400 ```json { "shortMessage": "Invalid request headers", "longMessage": "Your Clerk Frontend API is accessible from browsers and native applications. To protect against standard web attacks, the HTTP Origin header is required in browser requests. If you see this error, you probably accessed Clerk Frontend API directly from the address bar or a browser extension is intercepting your browser requests, removing the HTTP Origin header. For more information refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin.", "code": "request_header_missing" } ``` ### MultipleAuthorizationHeaderValues filename: Status Code: 400 ```json { "shortMessage": "Multiple 'Authorization' header values", "longMessage": "Setting multiple values in the 'Authorization' header is forbidden", "code": "multiple_authorization_header_values_forbidden" } ``` ### MultipleOriginHeaderValues filename: Status Code: 400 ```json { "shortMessage": "Multiple 'Origin' header values", "longMessage": "Setting multiple values in the 'Origin' header is forbidden", "code": "multiple_origin_header_values_forbidden" } ``` ### NativeAPIDisabled `NativeAPIDisabled` signifies an error when the incoming request is from a native client (`\_is\_native={1|true}`) and the instance is not configured to allow native API requests. filename: Status Code: 400 ```json { "shortMessage": "Native API disabled", "longMessage": "The Native API is disabled for this instance. Visit the Clerk Dashboard to enable it.", "code": "native_api_disabled" } ``` ### OriginAndAuthorizationMutuallyExclusive filename: Status Code: 400 ```json { "shortMessage": "Setting both the 'Origin' and 'Authorization' headers is forbidden", "longMessage": "For security purposes, only one of the 'Origin' and 'Authorization' headers should be provided, but not both. In browser contexts, the 'Origin' header is set automatically by the browser. In native application contexts (e.g. mobile apps), set the 'Authorization' header.", "code": "origin_authorization_headers_conflict" } ``` ### RateLimitedCountry supportEmail (\_) is unused here at the moment the customer who requested this change specifically wanted to avoid adding a support email since changing this is not in control of support. reference: https://clerkinc.slack.com/archives/C07U96ZAZ9T/p1759344749115659?thread_ts=1758659910.343909&cid=C07U96ZAZ9T filename: Status Code: 403 ```json { "shortMessage": "Rate limited country code", "longMessage": "SMS to the country is temporarily disabled. Please try again later.", "code": "unsupported_country_code", "meta": "{\"Alpha2\": alpha2, \"CountryCode\": countryCode}" } ``` ### SignedOut `SignedOut` signifies an error when a user is signed out filename: Status Code: 401 ```json { "shortMessage": "Signed out", "longMessage": "You are signed out", "code": "signed_out" } ``` ### SubaddressRestrictionEmailAlreadyUsed filename: Status Code: 403 ```json { "shortMessage": "This email address is already in use.", "longMessage": "This email address is already in use. Creating multiple accounts with the same email address is not allowed.", "code": "not_allowed_access" } ``` ### SubdomainNotAllowed `SubdomainNotAllowed` signifies an error when the subdomain is not in the allowlist filename: Status Code: 403 ```json { "shortMessage": "Subdomain not allowed", "longMessage": "The request origin subdomain is not in the allowed subdomains list. Please add it to your subdomain allowlist in the Dashboard.", "code": "subdomain_not_allowed" } ``` ### UnsupportedCountry filename: Status Code: 403 ```json { "shortMessage": "Unsupported country code", "longMessage": "Phone numbers from this country () are currently not supported. For more information, please contact .", "code": "unsupported_country_code", "meta": "{\"Alpha2\": alpha2, \"CountryCode\": countryCode}" } ``` ### URLBasedSessionSyncingDisabled `URLBasedSessionSyncingDisabled` signifies an error when the incoming request attempts to use an endpoint with URL-based session syncing, when the instance operates with third-party cookies instead. filename: Status Code: 400 ```json { "shortMessage": "URL-based session syncing is disabled for this instance", "longMessage": "This is a development instance operating with legacy, third-party cookies. This feature is deprecated, please contact support if you need assistance.", "code": "url_based_session_syncing_disabled" } ``` ## Awscognito ### AwsCognitoAdminUserPasswordAuthNotEnabled filename: Status Code: 400 ```json { "shortMessage": "ADMIN_USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client.", "longMessage": "ADMIN_USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client. Ensure that your Cognito user pool has a public client with the ALLOW_ADMIN_USER_PASSWORD_AUTH auth flow enabled.", "code": "aws_cognito_admin_user_password_auth_not_enabled" } ``` ### AwsCognitoUserLambdaValidationFailed filename: Status Code: 422 ```json { "shortMessage": "AWS Cognito user validation failed.", "longMessage": "The sign-in attempt was rejected by the AWS Cognito user validation Lambda trigger.", "code": "aws_cognito_user_lambda_validation_failed" } ``` ### AwsCognitoUserPasswordAuthNotEnabled filename: Status Code: 400 ```json { "shortMessage": "USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client.", "longMessage": "USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client. Ensure that your Cognito user pool has a public client with the ALLOW_USER_PASSWORD_AUTH auth flow enabled.", "code": "aws_cognito_user_password_auth_not_enabled" } ``` ## Backup Codes ### BackupCodesNotAvailable filename: Status Code: 400 ```json { "shortMessage": "Backup codes not available", "longMessage": "In order to use backup codes, you have to enable any other Multi-factor method", "code": "backup_codes_not_available" } ``` ## Clients ### ClientNotFound `ClientNotFound` signifies an error when no client is found with clientID filename: Status Code: 404 ```json { "shortMessage": "Client not found", "longMessage": "No client was found with id ", "code": "resource_not_found" } ``` ### ClientNotFoundInRequest `ClientNotFoundInRequest` signifies an error when no client is found in an incoming request filename: Status Code: 400 ```json { "shortMessage": "No client found", "longMessage": "This request is expecting a client and did not find one", "code": "client_not_found" } ``` ## Commerce ### AnnualPlanPeriodNotSupported filename: Status Code: 422 ```json { "shortMessage": "Annual plan period not supported", "longMessage": "Annual plan period not supported", "code": "annual_plan_period_not_supported" } ``` ### BillingNotEnabled filename: Status Code: 403 ```json { "shortMessage": "access denied", "longMessage": "The billing feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.", "code": "billing_not_enabled" } ``` ### BillingNotEnabledForOrg filename: Status Code: 403 ```json { "shortMessage": "access denied", "longMessage": "The billing feature for organizations is not enabled for this instance. You can enable it at https://dashboard.clerk.com.", "code": "billing_not_enabled" } ``` ### BillingNotEnabledForUser filename: Status Code: 403 ```json { "shortMessage": "access denied", "longMessage": "The billing feature for users is not enabled for this instance. You can enable it at https://dashboard.clerk.com.", "code": "billing_not_enabled" } ``` ### BillingPlanIsHidden filename: Status Code: 400 ```json { "shortMessage": "Plan is not Publicly available", "longMessage": "Plan is not Publicly available, and should not be used in checkout", "code": "billing_plan_is_hidden" } ``` ### CheckoutAlreadyInProgress filename: Status Code: 409 ```json { "shortMessage": "Another checkout is already in progress", "longMessage": "Another checkout is already in progress", "code": "checkout_already_in_progress" } ``` ### CheckoutNotFound filename: Status Code: 404 ```json { "shortMessage": "Checkout not found", "longMessage": "Checkout not found", "code": "checkout_not_found" } ``` ### CommerceStatementNotFound filename: Status Code: 404 ```json { "shortMessage": "Statement not found", "longMessage": "No statement found with id .", "code": "commerce_statement_not_found" } ``` ### ExternalPaymentsNotSetup filename: Status Code: 422 ```json { "shortMessage": "External payments not setup", "longMessage": "External payments not setup", "code": "external_payments_not_setup" } ``` ### InvalidGatewayType filename: Status Code: 400 ```json { "shortMessage": "Invalid gateway type", "longMessage": "Gateway type is invalid", "code": "invalid_gateway_type" } ``` ### InvalidPlanChange filename: Status Code: 400 ```json { "shortMessage": "Invalid plan change", "longMessage": "Please choose a different plan or billing interval, or contact support.", "code": "invalid_plan_change", "meta": "{\"Plan\": {\"ID\": \"planID\", \"Name\": \"planName\", \"CurrencySymbol\": \"currencySymbol\", \"AmountFormatted\": \"amountFormatted\", \"AnnualAmountFormatted\": \"annualMonthlyAmountFormatted\"}, \"Period\": period, \"IsPlanUpgradePossible\": isPlanUpgradePossible}" } ``` ### InvalidPlanType filename: Status Code: 422 ```json { "shortMessage": "Invalid plan type", "longMessage": "Plan type () is invalid", "code": "invalid_plan_type" } ``` ### InvalidUseOfTestCard filename: Status Code: 400 ```json { "shortMessage": "Invalid use of test card", "longMessage": "Test card cannot be used in production environment.", "code": "invalid_use_of_test_card" } ``` ### MaxPaymentSourcesQuotaExceeded filename: Status Code: 403 ```json { "shortMessage": "Max payment methods quota exceeded", "longMessage": "You have reached your limit of %d payment methods. Please delete a payment source to add a new one.", "code": "max_payment_methods_quota_exceeded" } ``` ### MissingPayerEmail filename: Status Code: 400 ```json { "shortMessage": "Missing payer email", "longMessage": "Payer email is required to perform this operation", "code": "missing_payer_email" } ``` ### MissingPlanID filename: Status Code: 400 ```json { "shortMessage": "Missing plan ID", "longMessage": "Plan ID is required to perform this operation", "code": "missing_plan_id" } ``` ### MonthlyPlanPeriodNotSupported filename: Status Code: 422 ```json { "shortMessage": "Monthly plan period not supported", "longMessage": "Monthly plan period not supported", "code": "monthly_plan_period_not_supported" } ``` ### OrgMemberLimitExceededForPlanChange filename: Status Code: 422 ```json { "shortMessage": "Organization member limit exceeded", "longMessage": "Plan change is not allowed because the organization's occupied seats exceed the limit of organization memberships.", "code": "org_member_limit_exceeded_for_plan_change" } ``` ### PayeeNotActive filename: Status Code: 409 ```json { "shortMessage": "Payee not active", "longMessage": "Payee is not active", "code": "payee_not_active" } ``` ### PayeeNotFound filename: Status Code: 404 ```json { "shortMessage": "Payee not found", "longMessage": "Payee not found", "code": "payee_not_found" } ``` ### PayerNotFound filename: Status Code: 404 ```json { "shortMessage": "Payer not found", "longMessage": "Payer not found", "code": "payer_not_found" } ``` ### PaymentAttemptFailedRequiresConfirmation filename: Status Code: 422 ```json { "shortMessage": "Requires confirmation", "longMessage": "The payment attempt failed because it requires additional confirmation, which is not currently supported. Please use a different payment method.", "code": "payment_attempt_failed_requires_confirmation" } ``` ### PaymentDeclined filename: Status Code: 422 ```json { "shortMessage": "Your card was declined", "longMessage": "The card was declined.", "code": "payment_attempt_failed_card_declined" } ``` ### PaymentExpiredCard filename: Status Code: 422 ```json { "shortMessage": "Card expired", "longMessage": "The card has expired.", "code": "payment_attempt_failed_card_expired" } ``` ### PaymentInsufficientFunds filename: Status Code: 422 ```json { "shortMessage": "Insufficient funds", "longMessage": "The card has insufficient funds.", "code": "payment_attempt_failed_card_insufficient_funds" } ``` ### PaymentProcessingError filename: Status Code: 422 ```json { "shortMessage": "Processing error", "longMessage": "There was a processing error with the payment method.", "code": "payment_attempt_failed_processing_error" } ``` ### PaymentSourceExpired filename: Status Code: 400 ```json { "shortMessage": "Payment method is expired", "longMessage": "Payment method is expired", "code": "payment_source_expired" } ``` ### PaymentSourceInUse filename: Status Code: 409 ```json { "shortMessage": "Payment source in use", "longMessage": "Payment source is in use, as you have active subscriptions. Please cancel those subscriptions before deleting the payment source.", "code": "payment_source_in_use" } ``` ### PaymentSourceNotFound filename: Status Code: 404 ```json { "shortMessage": "Payment source not found", "longMessage": "Payment source not found", "code": "payment_source_not_found" } ``` ### PlanAlreadyActive filename: Status Code: 409 ```json { "shortMessage": "Plan already active", "longMessage": "Plan already active", "code": "plan_already_active" } ``` ### PlanCannotHaveSeats filename: Status Code: 422 ```json { "shortMessage": "Plan cannot have seats", "longMessage": "The selected plan is not seat-based, but the checkout request included a seat_quantity.", "code": "plan_cannot_have_seats" } ``` ### PlanNotFound filename: Status Code: 404 ```json { "shortMessage": "Plan not found", "longMessage": "Plan not found", "code": "plan_not_found" } ``` ### PlanSeatLimitExceeded filename: Status Code: 422 ```json { "shortMessage": "Plan seat limit exceeded", "longMessage": "Your organization has members, but the requested plan would only support members. Please remove members before switching to this plan.", "code": "plan_seat_limit_exceeded", "meta": "{\"PlanSeatLimit\": planSeatLimit, \"CurrentMembers\": currentMembers}" } ``` ### PriceIDInvalidForCheckout filename: Status Code: 422 ```json { "shortMessage": "Invalid price_id for checkout", "longMessage": "You cannot checkout with that price.", "code": "price_id_invalid_for_checkout" } ``` ### RequestedSeatsInsufficient filename: Status Code: 422 ```json { "shortMessage": "Requested seats insufficient", "longMessage": "Your organization has members but this checkout only grants seats. Please request at least seats or remove members.", "code": "requested_seats_insufficient", "meta": "{\"PlanSeatLimit\": grantedSeats, \"CurrentMembers\": currentMembers}" } ``` ### SeatBasedBillingExceedsOrgMemberLimit filename: Status Code: 422 ```json { "shortMessage": "Seat-based billing exceeds plan's organization member limit", "longMessage": "The seat-based plan you are trying to create exceeds your Clerk plan's organization member limit. Adjust your seat limits to match your plan's limit or upgrade your subscription.", "code": "seat_based_billing_exceeds_org_member_limit" } ``` ### SeatReductionInCheckoutNotSupported filename: Status Code: 422 ```json { "shortMessage": "Seat reduction not supported in checkout", "longMessage": "Seats cannot be reduced through checkout.", "code": "seat_reduction_in_checkout_not_supported" } ``` ### SubscriptionItemNotFound filename: Status Code: 404 ```json { "shortMessage": "Subscription item not found", "longMessage": "Subscription item not found", "code": "subscription_item_not_found" } ``` ## Domains ### OperationNotAllowedOnSatelliteDomain filename: Status Code: 403 ```json { "shortMessage": "operation not allowed", "longMessage": "This operation is not allowed on a satellite domain. Try again using the primary domain of your instance.", "code": "operation_not_allowed_on_satellite_domain" } ``` ### SyncNonceAlreadyConsumed `SyncNonceAlreadyConsumed` signifies an error when the nonce that was given during the sync flow is already consumed. filename: Status Code: 403 ```json { "shortMessage": "sync nonce already consumed", "longMessage": "The given sync nonce has already been consumed and cannot be re-used.", "code": "sync_nonce_already_consumed" } ``` ## Email ### DevMonthlyEmailLimitExceeded `DevMonthlyEmailLimitExceeded` signifies an error when an email sending attempt is made while the development limit has already been reached filename: Status Code: 400 ```json { "shortMessage": "Development monthly email limit exceeded", "longMessage": "The monthly limit for email messages in development (%d) has been reached. Please use test emails (https://go.clerk.com/test-emails) instead", "code": "dev_monthly_email_limit_exceeded", "meta": "{\"DevMonthlyEmailLimit\": limit}" } ``` ## Enterprise Sso ### EnterpriseConnectionInvalidType filename: Status Code: 400 ```json { "shortMessage": "Invalid enterprise connection type", "longMessage": "The enterprise connection type is not supported.", "code": "enterprise_connection_invalid_type" } ``` ### EnterpriseSSOAccountAlreadyConnectedWithEmail filename: Status Code: 400 ```json { "shortMessage": "Already connected", "longMessage": "An enterprise account is already connected for this connection email: ", "code": "enterprise_sso_account_already_connected" } ``` ### EnterpriseSSOAdditionalIdentificationsDisabled filename: Status Code: 422 ```json { "shortMessage": "Identifications creation disabled by your enterprise account", "longMessage": "You cannot create identifications because your enterprise account does not allow it.", "code": "enterprise_sso_additional_identifications_disabled" } ``` ### EnterpriseSSOEmailAddressDomainMismatch filename: Status Code: 400 ```json { "shortMessage": "Enterprise Connection email address domain mismatch", "longMessage": "The email address returned by the provider does not match the domain of the enterprise connection that initiated the authentication.", "code": "enterprise_sso_email_address_domain_mismatch", "meta": { "expecteddomain": "expected", "receiveddomain": "received" } } ``` ### EnterpriseSSOHostedDomainMismatch filename: Status Code: 400 ```json { "shortMessage": "Hosted domain mismatch", "longMessage": "The Enterprise Connection domain does not match the user's hosted domain from the OAuth provider.", "code": "enterprise_sso_hosted_domain_mismatch" } ``` ### EnterpriseSSOSignUpConnectionMissing filename: Status Code: 422 ```json { "shortMessage": "No Enterprise Connection for this sign-up", "longMessage": "The current sign-up does not have a corresponding Enterprise Connection. Please check the domain of the provided email address.", "code": "enterprise_sso_sign_up_connection_missing" } ``` ### EnterpriseSSOUserAttributeMissing filename: Status Code: 400 ```json { "shortMessage": "Enterprise Connection user attribute missing", "longMessage": "This account does not have an associated '' attribute. Contact the IdP administrator for resolution.", "code": "enterprise_sso_user_attribute_missing", "meta": { "missingattribute": "attrname" } } ``` ## Features ### FeatureNotEnabled filename: Status Code: 403 ```json { "shortMessage": "not enabled", "longMessage": "This feature is not enabled on this instance", "code": "feature_not_enabled" } ``` ### FeatureRequiresDynamicOauthClientRegistration filename: Status Code: 422 ```json { "shortMessage": "dynamic client registration is not enabled", "longMessage": "Dynamic client registration is not enabled on this instance. Please enable it in the instance settings to use this feature", "code": "feature_requires_dynamic_oauth_client_registration" } ``` ### FeatureRequiresEmailAddressAttributeEnabled filename: Status Code: 422 ```json { "shortMessage": "Email address attribute must be enabled", "longMessage": "This feature requires the email address attribute to be enabled. Please enable it in your instance settings to continue.", "code": "feature_requires_email_address_enabled" } ``` ### FeatureRequiresEndSessionEnabled filename: Status Code: 400 ```json { "shortMessage": "End session feature is not enabled", "longMessage": "The end session feature is not enabled for this instance. Please contact support to enable this feature", "code": "feature_requires_end_session_enabled" } ``` ### FeatureRequiresOAuth2ConsentScreenEnabled filename: Status Code: 422 ```json { "shortMessage": "OAuth Client does not have the consent screen enabled", "longMessage": "OAuth Client does not have the consent screen enabled, please enable it in the OAuth Client settings to use this feature", "code": "feature_requires_oauth2_consent_screen_enabled" } ``` ### FeatureRequiresOIDCProvider filename: Status Code: 422 ```json { "shortMessage": "not an OIDC provider", "longMessage": "You are using the legacy OAuth 2.0 provider. Please migrate to the new OIDC compatible provider to use this feature", "code": "feature_requires_oidc_provider" } ``` ## Forms ### FormAtLeastOneOptionalParameterMissing `FormAtLeastOneOptionalParameterMissing` signifies an error when at least one optional parameter must be provided filename: Status Code: 422 ```json { "shortMessage": "at least one parameter must be provided", "longMessage": "at least one of `` must be provided", "code": "form_param_missing", "meta": { "names": "paramnames" } } ``` ### FormDisabledParameterValue `FormDisabledParameterValue` signifies an error when the given parameter has an invalid value because it is not enabled in the settings filename: Status Code: 400 ```json { "shortMessage": "is disabled", "longMessage": " is disabled. Please verify you're using the correct instance, or see our docs to learn how to enable this value.", "code": "form_param_value_disabled", "meta": { "name": "param" } } ``` ### FormDisallowFutureDate filename: Status Code: 422 ```json { "shortMessage": "Date values must not be in the future.", "longMessage": "Date values must not be in the future.", "code": "form_disallow_future_date", "meta": { "name": "param" } } ``` ### FormDuplicateParameter `FormDuplicateParameter` signifies an error when a duplicate parameter is found in a form filename: Status Code: 422 ```json { "shortMessage": "is duplicate", "longMessage": " included multiple times. There should only be one.", "code": "form_param_duplicate", "meta": { "name": "param" } } ``` ### FormIdentifierExists `FormIdentifierExists` signifies an error when given identifier already exists filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_identifier_exists", "meta": { "name": "param" } } ``` ### FormIdentifierExistsWithAnotherAccount `FormIdentifierExistsWithAnotherAccount` signifies an error when given identifier already exists. This is used to signal to a user that the identifier, phone number, is already associated with another account and should remove it from the other account. filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_identifier_exists", "meta": { "name": "param" } } ``` ### FormIdentifierNotFound `FormIdentifierNotFound` signifies an error when a required identifier is not found filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_identifier_not_found", "meta": { "name": "param" } } ``` ### FormIncorrectCode `FormIncorrectCode` signifies an error when the given code is incorrect filename: Status Code: 422 ```json { "shortMessage": "is incorrect", "longMessage": "Incorrect code", "code": "form_code_incorrect", "meta": { "name": "param" } } ``` ### FormIncorrectSignature filename: Status Code: 422 ```json { "shortMessage": "is incorrect", "longMessage": "Incorrect signature", "code": "form_incorrect_signature" } ``` ### FormInvalidEmailAddress filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " must be a valid email address.", "code": "form_param_format_invalid", "meta": { "name": "param" } } ``` ### FormInvalidEmailAddresses filename: Status Code: 422 ```json { "shortMessage": "invalid email addresses", "longMessage": "The following email addresses are invalid: ", "code": "form_param_format_invalid", "meta": { "emailaddresses": "invalidemailaddresses" } } ``` ### FormInvalidEncodingParameterValue `FormInvalidEncodingParameterValue` signifies an error when the given parameter has an invalid encoding filename: Status Code: 422 ```json { "shortMessage": "invalid character encoding", "longMessage": " contains invalid UTF-8 characters", "code": "form_param_value_invalid", "meta": { "name": "param" } } ``` ### FormInvalidParameterFormat `FormInvalidParameterFormat` signifies an error when the given parameter has an invalid format filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_param_format_invalid", "meta": { "name": "param" } } ``` ### FormInvalidParameterFormatBCP47 `FormInvalidParameterFormatBCP47` signifies an error when the given parameter does not match the BCP-47 format filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " must be a valid BCP-47 language tag.", "code": "form_param_format_invalid", "meta": { "name": "param" } } ``` ### FormInvalidParameterValue `FormInvalidParameterValue` signifies an error when the given parameter has an invalid value filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " does not match one of the allowed values for parameter ", "code": "form_param_value_invalid", "meta": { "name": "param" } } ``` ### FormInvalidParameterValueMustBeNotEmpty filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " is invalid. Must be not empty", "code": "form_param_value_invalid", "meta": { "name": "param" } } ``` ### FormInvalidParameterValueWithAllowed `FormInvalidParameterValueWithAllowed` signifies an error when the given parameter has an invalid value. The difference with FormInvalidParameterValue is that this error also includes the allowed values filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " does not match the allowed values for parameter . Allowed values: ", "code": "form_param_value_invalid", "meta": { "name": "param" } } ``` ### FormInvalidPasswordLengthTooLong `FormInvalidPasswordLengthTooLong` signifies an error when the password is invalid because of its length filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_length_too_long", "meta": { "name": "param" } } ``` ### FormInvalidPasswordLengthTooShort `FormInvalidPasswordLengthTooShort` signifies an error when the password is invalid because of its length filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_length_too_short", "meta": { "name": "param" } } ``` ### FormInvalidPasswordNoLowercase filename: Status Code: 422 ```json { "shortMessage": "Passwords must contain at least one lowercase character.", "longMessage": "Passwords must contain at least one lowercase character.", "code": "form_password_no_lowercase", "meta": { "name": "param" } } ``` ### FormInvalidPasswordNoNumber filename: Status Code: 422 ```json { "shortMessage": "Passwords must contain at least one number.", "longMessage": "Passwords must contain at least one number.", "code": "form_password_no_number", "meta": { "name": "param" } } ``` ### FormInvalidPasswordNoSpecialChar filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_no_special_char", "meta": { "name": "param" } } ``` ### FormInvalidPasswordNotStrongEnough filename: Status Code: 422 ```json { "shortMessage": "Given password is not strong enough.", "longMessage": "Given password is not strong enough.", "code": "form_password_not_strong_enough" } ``` ### FormInvalidPasswordNoUppercase filename: Status Code: 422 ```json { "shortMessage": "Passwords must contain at least one uppercase character.", "longMessage": "Passwords must contain at least one uppercase character.", "code": "form_password_no_uppercase", "meta": { "name": "param" } } ``` ### FormInvalidPasswordSizeInBytesExceeded `FormInvalidPasswordSizeInBytesExceeded` signifies that the size in bytes was exceeded. Note that the maximum character length constraint may fail to detect this case, if multi-byte characters are included in the password. For example, bcrypt limit https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.8.0:bcrypt/bcrypt.go;l=87 filename: Status Code: 422 ```json { "shortMessage": "Your password is too long. Please use a shorter one.", "longMessage": "Your password is too long. Please use a shorter one.", "code": "form_password_size_in_bytes_exceeded", "meta": { "name": "param" } } ``` ### FormInvalidPhoneNumber filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " must be a valid phone number according to E.164 international standard.", "code": "form_param_format_invalid", "meta": { "name": "param" } } ``` ### FormInvalidTime filename: Status Code: 422 ```json { "shortMessage": "invalid format", "longMessage": " must contain a datetime specified in RFC3339 format (e.g. `2022-10-20T10:00:27.645Z`).", "code": "form_param_invalid_time", "meta": { "name": "param" } } ``` ### FormInvalidTypeParameter `FormInvalidTypeParameter` signifies an error when a form parameter has the wrong type filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": "`` must be a ``.", "code": "form_param_type_invalid", "meta": { "name": "param" } } ``` ### FormInvalidUsernameCharacter `FormInvalidUsernameCharacter` signifies an error when the given username does not match username regex filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_username_invalid_character", "meta": { "name": "param" } } ``` ### FormInvalidUsernameLength `FormInvalidUsernameLength` signifies an error when the given username does not have required length filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_username_invalid_length", "meta": { "name": "param" } } ``` ### FormInvalidUsernameNeedsNonNumberCharCode `FormInvalidUsernameNeedsNonNumberCharCode` signifies an error when the given username does not match username regex filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_username_needs_non_number_char", "meta": { "name": "param" } } ``` ### FormInvalidWeb3WalletAddress `FormInvalidWeb3WalletAddress` signifies an error when the given web3 wallet address is invalid filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " must be a valid web3 wallet address.", "code": "form_param_format_invalid", "meta": { "name": "param" } } ``` ### FormLegalNotAccepted FormDisabledParameterValue signifies an error when the legal consent value has not been filled filename: Status Code: 422 ```json { "shortMessage": "legal not accepted", "longMessage": "Legal consent must be accepted in order to continue.", "code": "legal_not_accepted", "meta": { "name": "param" } } ``` ### FormMaximumParametersExceeded `FormMaximumParametersExceeded` signifies an error when more than 100 of the same param is included. filename: Status Code: 422 ```json { "shortMessage": "", "longMessage": " is included more than the maximum of 100 times.", "code": "form_param_duplicate", "meta": { "name": "param" } } ``` ### FormMetadataInvalidType `FormMetadataInvalidType` signifies an error when the given metadata is not a valid key-value object filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_param_value_invalid", "meta": { "name": "param" } } ``` ### FormMissingConditionalParameter `FormMissingConditionalParameter` signifies an error when required parameter based on conditions is missing filename: Status Code: 422 ```json { "shortMessage": "is missing", "longMessage": "`` is required when `` is ``.", "code": "form_conditional_param_missing" } ``` ### FormMissingConditionalParameterOnExistence `FormMissingConditionalParameterOnExistence` signifies an error when parameter is required because of the existence of another filename: Status Code: 422 ```json { "shortMessage": "is missing", "longMessage": "`` is required when `` is present.", "code": "form_conditional_param_missing", "meta": { "name": "missingparam" } } ``` ### FormMissingParameter `FormMissingParameter` signifies an error when an expected form parameter is missing filename: Status Code: 422 ```json { "shortMessage": "is missing", "longMessage": " must be included.", "code": "form_param_missing", "meta": { "name": "param" } } ``` ### FormMissingResource `FormMissingResource` signifies an error when the form parameter is referring to a missing resource filename: Status Code: 422 ```json { "shortMessage": "is missing", "longMessage": "The resource associated with the supplied was not found.", "code": "form_resource_not_found", "meta": { "name": "param" } } ``` ### FormNewPasswordMatchesCurrent filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": "New password cannot be the same as the current password.", "code": "form_new_password_matches_current", "meta": { "name": "param" } } ``` ### FormNilParameter `FormNilParameter` signifies an error when a nil parameter is found in a form filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_param_nil", "meta": { "name": "param" } } ``` ### FormNilParameterWithCustomText `FormNilParameterWithCustomText` signifies an error when a nil parameter is found in a form. This variant also accepts a custom text to be displayed. filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_param_nil", "meta": { "name": "param" } } ``` ### FormParameterArraySizeExceeded `FormParameterArraySizeExceeded` signifies an error when the given array exceeds the maximum allowed size filename: Status Code: 422 ```json { "shortMessage": "exceeds maximum size", "longMessage": " should not exceed %d items.", "code": "form_param_array_size_exceeded", "meta": { "name": "param" } } ``` ### FormParameterDeprecated `FormParameterDeprecated` signifies an error when a form parameter has been deprecated and is no longer accepted by the endpoint. The resolution argument can describe the recommended replacement (e.g. a different endpoint) and is appended to the long message when non-empty. filename: Status Code: 422 ```json { "shortMessage": "is deprecated", "longMessage": "is deprecated", "code": "form_param_deprecated", "meta": { "name": "param" } } ``` ### FormParameterMaxLengthExceeded `FormParameterMaxLengthExceeded` signifies an error when the given param value exceeds the maximum allowed length filename: Status Code: 422 ```json { "shortMessage": "exceeds maximum length", "longMessage": " should not exceed %d characters.", "code": "form_param_max_length_exceeded", "meta": { "name": "param" } } ``` ### FormParameterNotAllowedConditionally `FormParameterNotAllowedConditionally` signifies an error when parameter is not allowed based on condition filename: Status Code: 422 ```json { "shortMessage": "is not allowed", "longMessage": "`` isn't allowed when `` is .", "code": "form_conditional_param_disallowed", "meta": { "name": "param" } } ``` ### FormParameterNotAllowedIfAnotherParameterIsPresent `FormParameterNotAllowedIfAnotherParameterIsPresent` signifies an error when a parameter is present but is not allowed because another parameter is also present filename: Status Code: 422 ```json { "shortMessage": "is not allowed", "longMessage": "`` isn't allowed when `` is present.", "code": "form_conditional_param_disallowed", "meta": { "name": "notallowedparam" } } ``` ### FormParameterSizeTooLarge `FormParameterSizeTooLarge` signifies an error when a parameter exceeds the max allowed size filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_param_exceeds_allowed_size", "meta": { "name": "param" } } ``` ### FormPasswordCompromised `FormPasswordCompromised` signifies an error when the chosen password has been found in the pwned list filename: Status Code: 422 ```json { "shortMessage": "", "longMessage": "Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.", "code": "form_password_compromised", "meta": { "name": "param" } } ``` ### FormPasswordDigestInvalid `FormPasswordDigestInvalid` signifies an error when the provided password\_digest is not valid for the provided password\_hasher filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_digest_invalid_code", "meta": { "name": "param" } } ``` ### FormPasswordIncorrect `FormPasswordIncorrect` signifies an error when given password is incorrect filename: Status Code: 422 ```json { "shortMessage": "Password is incorrect. Try again, or use another method.", "longMessage": "Password is incorrect. Try again, or use another method.", "code": "form_password_incorrect", "meta": { "name": "param" } } ``` ### FormPasswordOrIdentifierIncorrect `FormPasswordOrIdentifierIncorrect` signifies an error when given password is incorrect or given identifier does not match an existing account, but does not return which is incorrect. This is used with enumeration protection. filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_or_identifier_incorrect" } ``` ### FormPasswordValidationFailed `FormPasswordValidationFailed` signifies a generic error when the password validation failed filename: Status Code: 422 ```json { "shortMessage": "Incorrect password. Please try again.", "longMessage": "Incorrect password. Please try again.", "code": "form_password_validation_failed", "meta": { "name": "param" } } ``` ### FormPwnedPassword `FormPwnedPassword` signifies an error when the chosen password has been found in the pwned list filename: Status Code: 422 ```json { "shortMessage": "", "code": "form_password_pwned", "meta": { "name": "param" } } ``` ### FormUnknownParameter `FormUnknownParameter` signifies an error when an unexpected parameter is found in a form filename: Status Code: 422 ```json { "shortMessage": "is unknown", "longMessage": " is not a valid parameter for this request.", "code": "form_param_unknown", "meta": { "name": "param" } } ``` ### FormUnknownParameterDueToDisabledFeature `FormUnknownParameterDueToDisabledFeature` signifies an error when an unexpected parameter is found in a form due to a disabled feature filename: Status Code: 422 ```json { "shortMessage": "is unknown", "longMessage": " is not a valid parameter for this request.", "code": "form_param_unknown", "meta": { "name": "param" } } ``` ### FormUnverifiedIdentification `FormUnverifiedIdentification` signifies an error when the identification included in the form is unverified filename: Status Code: 422 ```json { "shortMessage": "is unverified", "longMessage": "This identification needs to be verified before you can perform this action.", "code": "form_verification_needed", "meta": { "name": "param" } } ``` ### FormUsernameCannotBePhoneNumber `FormUsernameCannotBePhoneNumber` signifies an error when the given username is in canonical E.164 phone-number format. This is rejected regardless of the configured username character set so that the value remains reserved for the phone-number identifier and avoids ambiguity at sign-in. filename: Status Code: 422 ```json { "shortMessage": "", "longMessage": " cannot be a phone number. Please choose a different username.", "code": "form_username_cannot_be_phone_number", "meta": { "name": "param" } } ``` ### FormValidationFailed `FormValidationFailed` converts validator.ValidationErrors to Error. filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": " is invalid", "code": "form_param_value_invalid", "meta": { "name": "sanitizedfield" } } ``` ## Fraud ### DeviceAttestationChallengeClientMismatch filename: Status Code: 401 ```json { "shortMessage": "device attestation challenge client mismatch", "longMessage": "The device attestation challenge provided is not valid for the client.", "code": "device_attestation_challenge_client_mismatch" } ``` ### DeviceAttestationMisconfigured filename: Status Code: 401 ```json { "shortMessage": "device attestation is misconfigured", "longMessage": "Device attestation is misconfigured for this instance.", "code": "device_attestation_misconfigured" } ``` ### DeviceAttestationNotConfigured filename: Status Code: 401 ```json { "shortMessage": "device attestation not configured", "longMessage": "Device attestation is not configured for this instance.", "code": "device_attestation_not_configured" } ``` ### DeviceAttestationUnsupportedPlatform filename: Status Code: 401 ```json { "shortMessage": "unsupported native client platform", "longMessage": "Device attestation is not supported for the client platform.", "code": "device_attestation_unsupported_platform" } ``` ### DeviceAttestationVerificationFailed filename: Status Code: 401 ```json { "shortMessage": "device attestation verification failed", "longMessage": "Failed to verify the provided device attestation.", "code": "device_attestation_verification_failed" } ``` ### FraudActionBlocked filename: Status Code: 403 ```json { "shortMessage": "Action blocked", "longMessage": "This action was detected as suspicious and has been blocked. If you believe this was a mistake, please contact support.", "code": "action_blocked" } ``` ### FraudDeviceBlocked filename: Status Code: ```json { "shortMessage": "Device blocked", "longMessage": "This device was detected as suspicious and has been blocked. It will no longer be able to perform actions. If you believe this was by mistake, please contact support.", "code": "device_blocked" } ``` ### FraudRateLimitExceeded filename: Status Code: 400 ```json { "shortMessage": "Unusual activity was detected", "longMessage": "Unusual activity was detected. Please try again later or contact our support if you continue to experience issues.", "code": "captcha_invalid" } ``` ### FraudSignUpRateLimitExceeded filename: Status Code: 429 ```json { "shortMessage": "Sign up rate limit exceeded", "longMessage": "The sign up rate limit was exceeded. Please try a different method or contact our support if you continue to experience issues.", "code": "signup_rate_limit_exceeded" } ``` ### InvalidDeviceAttestationAssertion filename: Status Code: 401 ```json { "shortMessage": "invalid device attestation assertion", "longMessage": "The device attestation assertion provided is invalid.", "code": "invalid_device_attestation_assertion" } ``` ### InvalidDeviceAttestationChallenge filename: Status Code: 401 ```json { "shortMessage": "invalid device attestation challenge", "longMessage": "The device attestation challenge provided is either invalid or has expired.", "code": "invalid_device_attestation_challenge" } ``` ### ProtectCheckAlreadyResolved filename: Status Code: 400 ```json { "shortMessage": "protect check already resolved", "longMessage": "This protect check has already been completed and cannot be resolved again.", "code": "protect_check_already_resolved" } ``` ### RequiresDeviceAttestation filename: Status Code: 401 ```json { "shortMessage": "Device attestation is required", "longMessage": "A valid device attestation could not be found for the client.", "code": "requires_device_attestation" } ``` ## Google One Tap ### GoogleOneTapTokenInvalid filename: Status Code: 400 ```json { "shortMessage": "Google One Tap token is invalid", "longMessage": "The provided Google One Tap token is invalid. Make sure you're using a valid token generated by Google.", "code": "google_one_tap_token_invalid" } ``` ## Identifications ### IdentificationNotFound `IdentificationNotFound` signifies an error when comm is not found filename: Status Code: 404 ```json { "shortMessage": "Resource not found", "longMessage": "Resource not found", "code": "resource_not_found" } ``` ### ImmutableAttributeModificationNotAllowed filename: Status Code: 403 ```json { "shortMessage": "", "longMessage": "Your is immutable and cannot be modified or removed.", "code": "immutable_attribute_modification_not_allowed" } ``` ### OAuthConnectionBlockedByImmutableAttribute filename: Status Code: 403 ```json { "shortMessage": "Cannot connect account", "longMessage": "This account cannot be connected because its does not match your existing .", "code": "oauth_connection_blocked_by_immutable_attribute" } ``` ### SecondFactorDeletionNotAllowed filename: Status Code: 400 ```json { "shortMessage": "second factor deletion not allowed", "longMessage": "You are required to maintain at least one two-step verification method in your account at all times", "code": "second_factor_deletion_not_allowed" } ``` ### TooManyUnverifiedIdentifications filename: Status Code: 400 ```json { "shortMessage": "too many unverified contacts", "longMessage": "There are too many unverified contacts for this user.", "code": "too_many_unverified_identifications" } ``` ## Images ### ImageDecodingFailed filename: Status Code: 400 ```json { "shortMessage": "Image decode error", "longMessage": "The image could not be decoded. Please ensure the image is valid and try again.", "code": "request_body_invalid" } ``` ### ImageNotFound filename: Status Code: 404 ```json { "shortMessage": "Image not found", "longMessage": "Image not found", "code": "image_not_found" } ``` ### ImageTooLarge `ImageTooLarge` signifies an error when the image being uploaded is too large to handle. filename: Status Code: 413 ```json { "shortMessage": "Image too large", "longMessage": "The image being uploaded is more than 10MB. Please choose a smaller one.", "code": "image_too_large" } ``` ### ImageTypeNotSupported filename: Status Code: 400 ```json { "shortMessage": "Unsupported image type", "longMessage": "'' images are not currently supported. Please consult the API documentation for more information.", "code": "request_body_invalid" } ``` ### RequestWithoutImage `RequestWithoutImage` signifies an error when no image was present in the request. filename: Status Code: 400 ```json { "shortMessage": "Image file missing", "longMessage": "There was no image file present in the request", "code": "form_param_missing" } ``` ## Instances ### InstanceTypeInvalid `InstanceTypeInvalid` signifies an error when a request cannot be applied to the given instance filename: Status Code: 400 ```json { "shortMessage": "This request isn't valid for this instance type.", "longMessage": "This request isn't valid for this instance type.", "code": "instance_type_invalid" } ``` ## Internal ### BadRequest filename: Status Code: 400 ```json { "shortMessage": "Bad request", "longMessage": "Bad request", "code": "bad_request" } ``` ### BadRequestWithMessage filename: Status Code: 400 ```json { "shortMessage": "", "code": "bad_request" } ``` ### ResourceBusy 409 - resource locked filename: Status Code: 409 ```json { "shortMessage": "resource busy", "longMessage": "This resource is currently being modified by another request. Please try again.", "code": "resource_locked" } ``` ### Unexpected `Unexpected` is used for all unexpected errors It unwraps the error chain to check if an API error was wrapped, and returns that instead of creating a 500 error filename: Status Code: 500 ```json { "shortMessage": "Oops, an unexpected error occurred", "longMessage": "There was an internal error on our servers. We've been notified and are working on fixing it.", "code": "internal_clerk_error" } ``` ## Invitations ### InvitationAccountAlreadyExists `InvitationAccountAlreadyExists` denotes an error when there is an existing user identification with the same email as the invitation. filename: Status Code: 400 ```json { "shortMessage": "account exists", "longMessage": "An account already exists for this invitation. Sign in instead.", "code": "invitation_account_exists" } ``` ### InvitationAlreadyAccepted `InvitationAlreadyAccepted` denotes an error when someone tries to use an invitation which is already accepted. filename: Status Code: 400 ```json { "shortMessage": "Invitation is already accepted, try signing in instead.", "longMessage": "Invitation is already accepted, try signing in instead.", "code": "invitation_already_accepted" } ``` ### InvitationIdentificationNotExist filename: Status Code: 400 ```json { "shortMessage": "identification not found", "longMessage": "This invitation refers to a non-existing identification.", "code": "invitation_account_not_exists" } ``` ### InvitationNotFound `InvitationNotFound` denotes an error when there is no invitation with the given id filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "No invitation was found with id .", "code": "resource_not_found" } ``` ### RevokedInvitation `RevokedInvitation` denotes an error when the given invitation token does not correspond to any invitations, which means that the invitation has been removed. filename: Status Code: 400 ```json { "shortMessage": "The invitation was revoked.", "longMessage": "The invitation was revoked.", "code": "revoked_invitation" } ``` ## Jwt Templates ### JWTTemplateNotFound `JWTTemplateNotFound` signifies an error when a JWT template was not found by the provided attribute filename: Status Code: 404 ```json { "shortMessage": "JWT template not found", "longMessage": "No JWT template exists with : ", "code": "resource_not_found" } ``` ## Native Magic Link ### NativeMagicLinkApprovalTokenConsumed filename: Status Code: 422 ```json { "shortMessage": "approval token consumed", "longMessage": "The approval token has already been used.", "code": "approval_token_consumed" } ``` ### NativeMagicLinkApprovalTokenExpired filename: Status Code: 422 ```json { "shortMessage": "approval token expired", "longMessage": "The approval token has expired. Please request a new email link.", "code": "approval_token_expired" } ``` ### NativeMagicLinkApprovalTokenInvalid filename: Status Code: 422 ```json { "shortMessage": "approval token invalid", "longMessage": "The approval token is invalid.", "code": "approval_token_invalid" } ``` ### NativeMagicLinkPKCEVerificationFailed filename: Status Code: 422 ```json { "shortMessage": "PKCE verification failed", "longMessage": "The provided code verifier does not match the prepared code challenge.", "code": "pkce_verification_failed" } ``` ## Network ### GatewayTimeout `GatewayTimeout` signifies an error when a 3rd party service takes too long to respond. filename: Status Code: 504 ```json { "shortMessage": "Gateway Timeout", "longMessage": "A request to a 3rd party service timed out", "code": "gateway_timeout" } ``` ## Oauth ### ExternalAccountNotFound `ExternalAccountNotFound` signifies an error when the external account of the oauth callback is not found NOTE: This legacy error message and code is misleading. We also throw this error in transfer flows where an external account was created, but no corresponding user has yet been created. filename: Status Code: 404 ```json { "shortMessage": "Invalid external account", "longMessage": "The External Account was not found.", "code": "external_account_not_found" } ``` ### InvalidOAuthCallback `InvalidOAuthCallback` signifies an error when the form of OAuth callback is invalid filename: Status Code: 400 ```json { "shortMessage": "Invalid OAuth callback", "longMessage": "invalid form for oauth_callback", "code": "oauth_callback_invalid" } ``` ### MisconfiguredOAuthProvider `MisconfiguredOAuthProvider` signifies an error when there is a misconfiguration for an OAuth provider filename: Status Code: 400 ```json { "shortMessage": "Misconfigured OAuth provider", "longMessage": "Misconfigured OAuth provider. Please make sure you have set it correctly", "code": "misconfigured_oauth_provider" } ``` ### NonAuthenticatableOauthProvider `NonAuthenticatableOauthProvider` signifies an error when an oauth flow step is attempted for a provider that is not enabled for authentication. filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "%v OAuth is not supported for authentication. Please contact us if you think this error should not appear.", "code": "oauth_non_authenticatable_provider" } ``` ### OAuthAccessDenied filename: Status Code: 403 ```json { "shortMessage": "", "longMessage": "You did not grant access to your account", "code": "oauth_access_denied" } ``` ### OAuthAccountAlreadyConnected `OAuthAccountAlreadyConnected` signifies an error when an OAuth account if already connected for a specific provider filename: Status Code: 400 ```json { "shortMessage": "Already connected", "longMessage": "Another account is already connected for this particular provider ()", "code": "oauth_account_already_connected" } ``` ### OAuthConfigMissing `OAuthConfigMissing` signifies an error when an application does not have SSO credentials set, for a particular SSO provider. filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "The application does not have OAuth keys set in its settings.", "code": "oauth_config_missing" } ``` ### OAuthFetchUserError filename: Status Code: 400 ```json { "shortMessage": "Fetch user error", "longMessage": "Fetch user error", "code": "oauth_fetch_user_error" } ``` ### OAuthIdentificationClaimed `OAuthIdentificationClaimed` signifies an error when the requested oauth identification is already claimed by another user filename: Status Code: 400 ```json { "shortMessage": "Identification claimed by another user", "longMessage": "The email address associated with this OAuth account is already claimed by another user.", "code": "oauth_identification_claimed" } ``` ### OAuthInvalidRedirectURI filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "Your account configuration is invalid. Make sure you register this endpoint in the list of allowed callback URLs.", "code": "redirect_uri_mismatch" } ``` ### OAuthMalformedRedirectURI filename: Status Code: 400 ```json { "shortMessage": "malformed redirect uri provided", "longMessage": "malformed redirect uri provided", "code": "redirect_uri_mismatch" } ``` ### OAuthMissingAccessToken filename: Status Code: 422 ```json { "shortMessage": "Missing OAuth access token", "longMessage": "OAuth access token is missing", "code": "oauth_missing_access_token" } ``` ### OAuthMissingRefreshToken filename: Status Code: 422 ```json { "shortMessage": "Cannot refresh OAuth access token", "longMessage": "The current access token has expired and we cannot refresh it, because the authorization server hasn't provided us with a refresh token", "code": "oauth_missing_refresh_token" } ``` ### OAuthProviderNotEnabled filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "Single-sign on with OAuth provider is not enabled in the instance settings.", "code": "oauth_provider_not_enabled" } ``` ### OAuthSharedCredentialsNotSupported `OAuthSharedCredentialsNotSupported` signifies an error when an OAuth provider uses our shared credentials, but those are not supported anymore. filename: Status Code: 400 ```json { "shortMessage": "Shared credentials not supported", "longMessage": "Shared credentials are no longer supported for this provider. Please update via the Clerk Dashboard.", "code": "oauth_shared_credentials_not_supported" } ``` ### OAuthTokenExchangeError filename: Status Code: 400 ```json { "shortMessage": "Token exchange error", "longMessage": "Token exchange error", "code": "oauth_token_exchange_error" } ``` ### UnsupportedOauthProvider `UnsupportedOauthProvider` signifies an error when an instance tries to enable an OAuth external provider which is not supported. filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "%v OAuth is not supported. Please contact us if you think this error should not appear.", "code": "oauth_unsupported_provider" } ``` ## Oauth2 Idp ### OAuthFetchUserInfo `OAuthFetchUserInfo` signifies an error when user info cannot be retrieved with the access token filename: Status Code: 401 ```json { "shortMessage": "unable to fetch user info", "longMessage": "Unable to fetch user info. Check if access token is present and valid.", "code": "oauth_fetch_user_error" } ``` ## Organizations ### AlreadyAMemberOfOrganization 400 - User with given identifier is already a member of the organization and cannot be added again filename: Status Code: 400 ```json { "shortMessage": "already a member", "longMessage": " is already a member of the organization.", "code": "already_a_member_in_organization" } ``` ### InvitationsNotSupportedInOrganization filename: Status Code: 403 ```json { "shortMessage": "email invitations not supported", "longMessage": "This organization doesn't support email invitations. Please contact support to enable this feature.", "code": "invitations_not_supported_in_organization" } ``` ### MissingOrganizationPermission filename: Status Code: 403 ```json { "shortMessage": "missing permission", "longMessage": "Current user is missing an organization permission.", "code": "missing_organization_permission", "meta": { "permissions": "permissions" } } ``` ### NotAMemberInOrganization 403 - Only for organization members Deprecated: This error reveals the existence of an organization to an unauthorized user. Use OrganizationNotFoundOrUnauthorized instead, and ensure other pathways that error when the organization isn't found also use OrganizationNotFoundOrUnauthorized filename: Status Code: 403 ```json { "shortMessage": "not a member", "longMessage": "Current user is not a member of the organization. Only organization members can perform this action.", "code": "not_a_member_in_organization" } ``` ### OrganizationAdminDeleteNotEnabled filename: Status Code: 403 ```json { "shortMessage": "admin delete not enabled", "longMessage": "Deletion by admin is not enabled for this organization.", "code": "organization_admin_delete_not_enabled" } ``` ### OrganizationAlreadyHasSSOConnection filename: Status Code: 422 ```json { "shortMessage": "this organization already has an SSO connection", "longMessage": "This organization already has an SSO connection.", "code": "organization_already_has_sso_connection", "meta": { "name": "organization_id" } } ``` ### OrganizationDomainAlreadyExists filename: Status Code: 422 ```json { "shortMessage": "organizaton domain already exists", "longMessage": "This domain is already used by another organization.", "code": "organization_domain_already_exists", "meta": { "name": "param" } } ``` ### OrganizationDomainBlocked filename: Status Code: 422 ```json { "shortMessage": "blocked email domain", "longMessage": "This is a blocked email provider domain. Please use a different one.", "code": "organization_domain_blocked", "meta": { "name": "param" } } ``` ### OrganizationDomainCommon filename: Status Code: 422 ```json { "shortMessage": "common email domain", "longMessage": "This is a common email provider domain. Please use a different one.", "code": "organization_domain_common", "meta": { "name": "param" } } ``` ### OrganizationDomainEnrollmentModeNotEnabled filename: Status Code: 403 ```json { "shortMessage": "organization enrollment mode not enabled", "longMessage": "Enrollment mode is not enabled for this instances's organizations.", "code": "organization_domain_enrollment_mode_not_enabled" } ``` ### OrganizationDomainMismatch filename: Status Code: 422 ```json { "shortMessage": "Organization domain mismatch", "longMessage": "The provided email address doesn't match the organization domain name.", "code": "organization_domain_mismatch", "meta": { "name": "param" } } ``` ### OrganizationDomainQuotaExceeded filename: Status Code: 403 ```json { "shortMessage": "organization domains quota exceeded", "longMessage": "You have reached your limit of %d domains per organization.", "code": "organization_domain_quota_exceeded" } ``` ### OrganizationInvitationAlreadyAccepted filename: Status Code: 400 ```json { "shortMessage": "invitation has already been accepted", "longMessage": "This invitation has already been accepted. Sign in instead.", "code": "organization_invitation_already_accepted" } ``` ### OrganizationInvitationIdentificationAlreadyExists filename: Status Code: 400 ```json { "shortMessage": "email address already exists", "longMessage": "The email address in this invitation already exists. If it belongs to you, try signing in instead.", "code": "organization_invitation_identification_already_exists" } ``` ### OrganizationInvitationIdentificationNotExist filename: Status Code: 400 ```json { "shortMessage": "identification not found", "longMessage": "User not found. If you don't have an account, sign up first to accept this invitation.", "code": "organization_invitation_identification_not_exist" } ``` ### OrganizationInvitationNotFound 404 - Invitation not found. filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "No invitation found with id .", "code": "organization_invitation_not_found" } ``` ### OrganizationInvitationNotPending 404 - Invitation is not pending. filename: Status Code: 404 ```json { "shortMessage": "not pending", "longMessage": "The organization invitation is not in the 'pending' status.", "code": "organization_invitation_not_pending" } ``` ### OrganizationInvitationNotUnique filename: Status Code: 400 ```json { "shortMessage": "organization invitation not unique", "longMessage": "Organizations cannot have duplicate pending invitations for an email address.", "code": "organization_invitation_not_unique" } ``` ### OrganizationInvitationRevoked filename: Status Code: 400 ```json { "shortMessage": "invitation has been revoked", "longMessage": "This invitation has been revoked and cannot be used anymore.", "code": "organization_invitation_revoked_code" } ``` ### OrganizationInvitationToDeletedOrganization filename: Status Code: 400 ```json { "shortMessage": "organization invitation to deleted organization", "longMessage": "This invitation refers to an organization that has been deleted.", "code": "organization_invitation_to_deleted_organization" } ``` ### OrganizationManagedRoleOperationFAPIDisallowed filename: Status Code: 422 ```json { "shortMessage": "organization managed role operation disallowed", "longMessage": "Managed roles cannot be set through the frontend API. Use the dashboard or backend API instead.", "code": "form_param_value_invalid", "meta": { "name": "paramname" } } ``` ### OrganizationMembershipEnterpriseConnectionCannotRemove filename: Status Code: 403 ```json { "shortMessage": "cannot remove enterprise connection organization membership", "longMessage": "Cannot remove an organization membership that is tied to an enterprise connection.", "code": "organization_membership_enterprise_connection_cannot_remove" } ``` ### OrganizationMembershipSCIMManaged filename: Status Code: 409 ```json { "shortMessage": "membership role managed by SCIM", "longMessage": "This membership is managed by a SCIM directory and cannot be changed manually.", "code": "organization_membership_managed_by_scim" } ``` ### OrganizationMinimumPermissionsNeeded filename: Status Code: 400 ```json { "shortMessage": "minimum organization permissions needed", "longMessage": "There has to be at least one organization member with the minimum required permissions", "code": "organization_minimum_permissions_needed" } ``` ### OrganizationNameInvalid filename: Status Code: 422 ```json { "shortMessage": "invalid organization name", "longMessage": "The organization name %q is invalid: ", "code": "form_param_value_invalid", "meta": { "name": "name" } } ``` ### OrganizationNotEnabledInInstance filename: Status Code: 403 ```json { "shortMessage": "access denied", "longMessage": "The organizations feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.", "code": "organization_not_enabled_in_instance" } ``` ### OrganizationNotFound 404 - Organization not found WARNING: This is safe to use for endpoints where the caller is authorized to be aware of every organization. But if the endpoint errors if the caller is not authorized on the organization, do not use this, because it leaks the existence of the organization! Use `OrganizationNotFound`OrUnauthorized instead. filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "Given organization not found.", "code": "resource_not_found" } ``` ### OrganizationNotFoundOrUnauthorized 404 - Used for any case filename: Status Code: 404 ```json { "shortMessage": "not found or unauthorized", "longMessage": "Given organization not found, or you don't have permission to access the organization", "code": "organization_not_found_or_unauthorized" } ``` ### OrganizationRoleNotFound filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "Organization role not found", "code": "resource_not_found", "meta": { "name": "paramname" } } ``` ### OrganizationSuggestionAlreadyAccepted filename: Status Code: 400 ```json { "shortMessage": "suggestion has already been accepted", "longMessage": "This organization suggestion has already been accepted.", "code": "organization_suggestion_already_accepted" } ``` ### OrganizationUnlimitedMembershipsRequired filename: Status Code: 403 ```json { "shortMessage": "organization has limited memberships", "longMessage": "This feature is not supported because organization membership is limited. You can remove the limit by enabling unlimited memberships.", "code": "organization_unlimited_membership_required" } ``` ### OrganizationUnlimitedMembershipsUpgradeRequired filename: Status Code: 403 ```json { "shortMessage": "organization has limited memberships", "longMessage": "This feature is not supported because organization membership is limited. You can remove the limit by upgrading your subscription plan.", "code": "organization_unlimited_membership_required" } ``` ## Passkeys ### PasskeyAuthenticationFailure filename: Status Code: 400 ```json { "shortMessage": "authentication failed", "longMessage": "Passkey authentication failed", "code": "passkey_authentication_failure" } ``` ### PasskeyIdentificationNotVerified filename: Status Code: 422 ```json { "shortMessage": "passkey identification not verified", "longMessage": "Passkey identification not verified. Registration is incomplete.", "code": "passkey_identification_not_verified" } ``` ### PasskeyInvalidPublicKeyCredential filename: Status Code: 422 ```json { "shortMessage": "is invalid", "longMessage": "Invalid passkey public key credential", "code": "passkey_invalid_public_key_credential", "meta": { "name": "param" } } ``` ### PasskeyInvalidVerification filename: Status Code: 400 ```json { "shortMessage": "invalid verification", "longMessage": "Passkey verification contains invalid nonce", "code": "passkey_invalid_verification" } ``` ### PasskeyNotRegistered filename: Status Code: 404 ```json { "shortMessage": "not registered", "longMessage": "Passkey is not registered.", "code": "passkey_not_registered" } ``` ## Pricing ### UnsupportedSubscriptionPlanFeatures filename: Status Code: 402 ```json { "shortMessage": "Unsupported plan features", "longMessage": "Some features are not supported in your current plan. Upgrade your subscription to unlock them.", "code": "unsupported_subscription_plan_features", "meta": { "unsupportedfeatures": "unsupportedfeatures" } } ``` ## Redirect Urls ### InvalidRedirectURL `InvalidRedirectURL` signifies an error when a RedirectURL is in invalid format filename: Status Code: 422 ```json { "shortMessage": "Redirect url invalid", "longMessage": "The provided redirect url is not in a valid format", "code": "invalid_redirect_url" } ``` ### ProhibitedRedirectURLScheme ProhibitedRedirectURL signifies that the redirect url scheme is prohibited filename: Status Code: 422 ```json { "shortMessage": "Invalid URL scheme", "longMessage": "The provided redirect url has a prohibited URL scheme", "code": "prohibited_redirect_url" } ``` ### RedirectURLDomainMismatch filename: Status Code: 422 ```json { "shortMessage": "Redirect url does not belong to your domain", "longMessage": "The provided redirect URL must belong to your instance's domain", "code": "redirect_url_domain_mismatch" } ``` ### RedirectURLMismatch `RedirectURLMismatch` signifies an error when the RedirectURL that was passed during an OAuth flow is not included in the redirect\_urls whitelist for that instance. filename: Status Code: 400 ```json { "shortMessage": "Redirect url mismatch", "longMessage": "The current redirect url passed in the sign in or sign up request does not match an authorized redirect URI for this instance. Review authorized redirect urls for your instance. ", "code": "resource_missmatch" } ``` ## Requests ### InvalidQueryParameterValue filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": " does not match one of the allowed values for parameter ", "code": "invalid_query_parameter_value" } ``` ### InvalidRequestBody `InvalidRequestBody` signifies an error when the body of the request does not conform to the expected format filename: Status Code: 400 ```json { "shortMessage": "Request body invalid", "longMessage": "The request body is invalid. Please consult the API documentation for more information.", "code": "request_body_invalid" } ``` ### MalformedRequestParameters `MalformedRequestParameters` signifies an error when the request parameters are malformed and result in parsing errors filename: Status Code: 400 ```json { "shortMessage": "Malformed request parameters", "longMessage": "The request parameters are malformed and could not be parsed", "code": "malformed_request_parameters" } ``` ### MissingQueryParameter `MissingQueryParameter` denotes that the required query parameter, param, was not provided by the request. filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "The query parameter '' is missing from the request. Please consult the API documentation for more information.", "code": "missing_query_parameter" } ``` ### OriginHeaderMissing `OriginHeaderMissing` filename: Status Code: 400 ```json { "shortMessage": "Origin header missing", "longMessage": "This request requires an Origin header to be set, but it is missing", "code": "origin_missing" } ``` ### ProxyRequestInvalidSecretKey filename: Status Code: 401 ```json { "shortMessage": "invalid secret key", "longMessage": "The secret key given with this proxy request is invalid.", "code": "proxy_request_invalid_secret_key" } ``` ### ProxyRequestMissingSecretKey filename: Status Code: 400 ```json { "shortMessage": "missing secret key", "longMessage": "When using a proxy, it's required to also pass the instance secret key in the Clerk-Secret-Key header.", "code": "proxy_request_missing_secret_key" } ``` ### UnsupportedContentType `UnsupportedContentType` signifies an error when provided content type is unsupported filename: Status Code: 415 ```json { "shortMessage": "Content-Type is unsupported", "longMessage": "Content-Type is unsupported. You should use instead.", "code": "unsupported_content_type" } ``` ## Saml ### SAMLConnectionActiveNotFound filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "No active SAML Connection found with id .", "code": "saml_connection_active_not_found" } ``` ### SAMLEmailAddressDomainMismatch filename: Status Code: 400 ```json { "shortMessage": "Email address domain mismatch", "longMessage": "The email address domain of the provider's account does not match the domain of the connection.", "code": "saml_email_address_domain_mismatch", "meta": { "expecteddomain": "expecteddomain", "receiveddomain": "receiveddomain" } } ``` ### SAMLEmailAddressDomainReserved filename: Status Code: 422 ```json { "shortMessage": "email address domain is used for SAML SSO", "longMessage": "You can't use this email address, as SAML SSO is enabled for the specific domain.", "code": "saml_email_address_domain_reserved" } ``` ### SAMLEmailAddressMismatchWithEmail filename: Status Code: 400 ```json { "shortMessage": "Email address mismatch", "longMessage": "The provided email address differs from the one in the SAML response (IdP email: ).", "code": "saml_email_address_domain_mismatch" } ``` ### SAMLNotEnabled filename: Status Code: 422 ```json { "shortMessage": "SAML SSO not enabled", "longMessage": "SAML SSO is not enabled for this email address.", "code": "saml_connection_not_found", "meta": { "name": "param" } } ``` ### SAMLResponseInvalid filename: Status Code: 401 ```json { "shortMessage": "Invalid SAML response", "longMessage": "The SAML response is invalid.", "code": "saml_response_invalid" } ``` ### SAMLResponseRelayStateMissing filename: Status Code: 400 ```json { "shortMessage": "RelayState parameter is missing from the SAML Response", "longMessage": "The RelayState parameter is missing from the SAML Response. Note that RelayState is not required if you are using the IdP-initiated flow. See https://clerk.com/docs/guides/configure/auth-strategies/enterprise-connections/authentication-flows#saml", "code": "saml_response_relaystate_missing" } ``` ### SAMLUserAttributeMissing filename: Status Code: 400 ```json { "shortMessage": "", "longMessage": "This account does not have an associated '' attribute. Contact the IdP administrator for resolution.", "code": "saml_user_attribute_missing", "meta": { "missingattribute": "attrname" } } ``` ## Scim ### SCIMAttributeManagedByDirectory `SCIMAttributeManagedByDirectory` returns a 409 Conflict error when attempting to update an attribute that is managed by a SCIM directory. filename: Status Code: 409 ```json { "shortMessage": "attribute managed by SCIM", "longMessage": "attribute managed by SCIM", "code": "attribute_managed_by_scim", "meta": { "name": "paramname" } } ``` ## Sessions ### Deprovisioned filename: Status Code: 401 ```json { "shortMessage": "account deprovisioned", "longMessage": "Your account is deprovisioned", "code": "deprovisioned" } ``` ### InvalidActionForSession `InvalidActionForSession` signifies an error occurred when user tries to perform invalid action on a session filename: Status Code: 400 ```json { "shortMessage": "Invalid action for user session", "longMessage": "Unable to session ", "code": "invalid_action_for_session" } ``` ### InvalidActionForSessionReverification filename: Status Code: 400 ```json { "shortMessage": "Invalid action for session reverification", "longMessage": "We were unable to for this session, as it's not ready for .", "code": "invalid_action_for_session_reverification" } ``` ### SessionNotFound `SessionNotFound` signifies an error when no session with given sessionID was found filename: Status Code: 404 ```json { "shortMessage": "Session not found", "longMessage": "No session was found with id ", "code": "resource_not_found" } ``` ### SessionReverificationMissing filename: Status Code: 400 ```json { "shortMessage": "is missing", "longMessage": "You need to start a new session verification flow first", "code": "session_reverification_missing" } ``` ### SessionReverificationRequired filename: Status Code: 403 ```json { "shortMessage": "Reverification required", "longMessage": "You need to provide additional verification to perform this operation", "code": "session_reverification_required" } ``` ### UnauthorizedActionForSession `UnauthorizedActionForSession` signifies an error occurred when the requestor is not authorized to perform the requested action to the respective session. filename: Status Code: 401 ```json { "shortMessage": "Unauthorized action for session", "longMessage": "Not authorized to perform requested action on session ", "code": "action_for_session_not_authorized" } ``` ## Sign In ### AccountLockoutWarning `AccountLockoutWarning` returns an error that warns the user about remaining attempts before their account gets locked. This should be used when a user has 2, 1, or 0 attempts remaining. filename: Status Code: 422 ```json { "shortMessage": "", "code": "account_lockout_warning" } ``` ### AccountTransferInvalid `AccountTransferInvalid` signifies an error when no account was found to transfer filename: Status Code: 400 ```json { "shortMessage": "Invalid account transfer", "longMessage": "There is no account to transfer", "code": "account_transfer_invalid" } ``` ### AlreadySignedIn `AlreadySignedIn` signifies an error when given session ID is already signed in filename: Status Code: 400 ```json { "shortMessage": "You're already signed in", "longMessage": "You're already signed in", "code": "identifier_already_signed_in", "meta": "session" } ``` ### IdentificationBelongsToDifferentUser `IdentificationBelongsToDifferentUser` indicates an error when a user is trying to perform an operation (e.g. sign in prepare) with an identification that doesn't belong to him. filename: Status Code: 403 ```json { "shortMessage": "belongs to different user", "longMessage": "The given identification belongs to a different user.", "code": "resource_forbidden" } ``` ### IdentificationClaimed `IdentificationClaimed` signifies an error when the requested identification is already claimed by another user filename: Status Code: 400 ```json { "shortMessage": "Identification claimed by another user", "longMessage": "One or more identifiers on this sign up have since been connected to a different User. Please sign up again.", "code": "identification_claimed" } ``` ### InvalidClientStateForAction `InvalidClientStateForAction` signifies an error when trying to perform an invalid action for the current client state filename: Status Code: 400 ```json { "shortMessage": "Invalid action", "longMessage": "We were unable to complete for this Client. ", "code": "client_state_invalid" } ``` ### InvalidStrategyForUser `InvalidStrategyForUser` signifies an error when the supplied verification strategy is not valid for the account filename: Status Code: 400 ```json { "shortMessage": "Invalid verification strategy", "longMessage": "The verification strategy is not valid for this account", "code": "strategy_for_user_invalid" } ``` ### MutationOnOlderSignInNotAllowed `MutationOnOlderSignInNotAllowed` signifies an error when trying to mutate an older sign in filename: Status Code: 403 ```json { "shortMessage": "Update operations are not allowed on older sign ins", "longMessage": "Update operations are not allowed on older sign ins", "code": "resource_forbidden" } ``` ### NoSecondFactorsForStrategy filename: Status Code: 400 ```json { "shortMessage": "no second factors", "longMessage": "No second factors were found for strategy .", "code": "no_second_factors" } ``` ### SignInEmailLinkNotSameClient filename: Status Code: 403 ```json { "shortMessage": "email link sign in cannot be completed", "longMessage": "Email link sign in cannot be completed because it originates from a different client", "code": "sign_in_email_link_not_same_client" } ``` ### SignInIdentificationOrUserDeleted filename: Status Code: 400 ```json { "shortMessage": "identification or user deleted", "longMessage": "Either the user or the selected identification were deleted. Please start over.", "code": "sign_in_identification_or_user_deleted" } ``` ### SignInNoIdentificationForUser filename: Status Code: 404 ```json { "shortMessage": "no identification for user", "longMessage": "The given token doesn't have an associated identification for the user who created it.", "code": "sign_in_no_identification_for_user" } ``` ### SignInNotFound UserNotFound signifies an error when no user is found with userID filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "No sign in was found with id ", "code": "resource_not_found" } ``` ### SignUpIfMissingIdentifierNotSupported `SignUpIfMissingIdentifierNotSupported` signifies that the identifier attribute cannot be used with sign\_up\_if\_missing filename: Status Code: 422 ```json { "shortMessage": "identifier not supported with sign_up_if_missing", "longMessage": "The identifier cannot be used with sign_up_if_missing, because verification is required.", "code": "sign_up_if_missing_not_allowed" } ``` ### SignUpIfMissingNotAllowed `SignUpIfMissingNotAllowed` signifies an error when sign\_up\_if\_missing cannot be used due to instance configuration (restricted mode, captcha, etc.) filename: Status Code: 422 ```json { "shortMessage": "sign_up_if_missing not allowed", "longMessage": "The sign_up_if_missing option cannot be used: ", "code": "sign_up_if_missing_not_allowed" } ``` ### SignUpIfMissingStrategyMismatch `SignUpIfMissingStrategyMismatch` signifies that the prepare strategy doesn't match the initial identification type filename: Status Code: 422 ```json { "shortMessage": "strategy mismatch with sign_up_if_missing", "longMessage": "When using sign_up_if_missing, you must use a strategy that matches your initial identification type (), but was provided.", "code": "sign_up_if_missing_strategy_not_supported" } ``` ### SignUpIfMissingStrategyNotSupported `SignUpIfMissingStrategyNotSupported` signifies that the strategy cannot be used with sign\_up\_if\_missing filename: Status Code: 422 ```json { "shortMessage": "strategy not supported with sign_up_if_missing", "longMessage": "The strategy cannot be used with the sign_up_if_missing option because it cannot be used to sign up a new user.", "code": "sign_up_if_missing_strategy_not_supported" } ``` ### SignUpIfMissingTransfer filename: Status Code: 404 ```json { "shortMessage": "user not found, transfer to sign up", "longMessage": "The sign in failed because there is no matching user. Please perform a transfer to sign up.", "code": "sign_up_if_missing_transfer" } ``` ### SingleModeSessionExists `SingleModeSessionExists` signifies an error when session already exists but we are in single session mode filename: Status Code: 400 ```json { "shortMessage": "Session already exists", "longMessage": "You're already signed in.", "code": "session_exists" } ``` ## Sign In Tokens ### SignInTokenAlreadyUsed filename: Status Code: 400 ```json { "shortMessage": "sign in token has already been used", "longMessage": "This sign in token has already been used. Each token can only be used once.", "code": "sign_in_token_already_used_code" } ``` ### SignInTokenCanBeUsedOnlyInSignIn filename: Status Code: 400 ```json { "shortMessage": "not in sign in", "longMessage": "Sign in tokens can only be used during sign in.", "code": "sign_in_token_not_in_sign_in_code" } ``` ### SignInTokenCannotBeUsed filename: Status Code: 400 ```json { "shortMessage": "sign in token cannot be used", "longMessage": "This sign in token cannot be used anymore. Please request a new one.", "code": "sign_in_token_cannot_be_used_code" } ``` ### SignInTokenRevoked filename: Status Code: 400 ```json { "shortMessage": "sign in token has been revoked", "longMessage": "This sign in token has been revoked and cannot be used anymore.", "code": "sign_in_token_revoked_code" } ``` ## Sign Up ### CaptchaClientSideError filename: Status Code: 400 ```json { "shortMessage": "Error loading CAPTCHA", "longMessage": "The CAPTCHA failed to load. This may be due to an unsupported browser or a browser extension. Please try a different browser or disabling extensions. If this issue persists, please contact support.", "code": "captcha_invalid" } ``` ### CaptchaInvalid filename: Status Code: 400 ```json { "shortMessage": "Authentication unsuccessful due to failed security validations.", "longMessage": "Authentication unsuccessful due to failed security validations. Please try using a different browser or disabling browser extensions. If issues persist, contact support for assistance.", "code": "captcha_invalid" } ``` ### CaptchaMissingToken filename: Status Code: 400 ```json { "shortMessage": "Authentication unsuccessful due to failed security validations.", "longMessage": "Authentication unsuccessful due to failed security validations. Please refresh the page to try again or reach out to support for more assistance.", "code": "captcha_missing_token" } ``` ### CaptchaNotEnabled filename: Status Code: 400 ```json { "shortMessage": "CAPTCHA not enabled", "longMessage": "You attempted to complete a CAPTCHA, but they are not enabled. If this issue persists, please contact support.", "code": "captcha_not_enabled" } ``` ### SignUpEmailLinkNotSameClient filename: Status Code: 403 ```json { "shortMessage": "email link sign up cannot be completed", "longMessage": "Email link sign up cannot be completed because it originates from a different client", "code": "sign_up_email_link_not_same_client" } ``` ### SignUpForbiddenAccess filename: Status Code: 403 ```json { "shortMessage": "Sign up forbidden", "longMessage": "Access to this sign up is forbidden", "code": "resource_forbidden" } ``` ### SignUpModeRestricted filename: Status Code: 403 ```json { "shortMessage": "Sign-ups restricted", "longMessage": "New sign-ups are currently restricted.", "code": "sign_up_mode_restricted" } ``` ### SignUpModeRestrictedWaitlist filename: Status Code: 403 ```json { "shortMessage": "Sign-ups restricted with waitlist", "longMessage": "Sign-ups are currently unavailable. Join the waitlist, and you will be notified when access becomes available.", "code": "sign_up_restricted_waitlist" } ``` ### SignUpNotFound `SignUpNotFound` returns an API error where no sign up could be found with the requested ID. filename: Status Code: 404 ```json { "shortMessage": "Sign up not found", "longMessage": "No sign up was found with id ", "code": "resource_not_found" } ``` ## Sms ### DevMonthlySMSLimitExceeded `DevMonthlySMSLimitExceeded` signifies an error when an SMS sending attempt is made while the development limit has already been reached filename: Status Code: 400 ```json { "shortMessage": "Development monthly SMS limit exceeded", "longMessage": "Operation cannot be completed because the monthly limit for SMS messages in development (%d) has been reached.", "code": "dev_monthly_sms_limit_exceeded", "meta": "{\"limit\"}" } ``` ### SMSSendError filename: Status Code: 400 ```json { "shortMessage": "Sending SMS failed", "longMessage": "Sending SMS failed. Please contact support or try again later.", "code": "sms_send_error" } ``` ## Ticket ### TicketExpired filename: Status Code: 400 ```json { "shortMessage": "ticket has expired", "longMessage": "This ticket has expired and cannot be used anymore.", "code": "ticket_expired_code" } ``` ### TicketInvalid filename: Status Code: 400 ```json { "shortMessage": "ticket is invalid", "longMessage": "This ticket is invalid. Make sure you're using a valid ticket generated by Clerk.", "code": "ticket_invalid_code" } ``` ## Totp ### InvalidTOTPSecret filename: Status Code: 422 ```json { "shortMessage": "invalid TOTP secret", "longMessage": "The TOTP secret is invalid, please provide a valid one base32 encoded", "code": "invalid_totp_secret_code" } ``` ### TOTPAlreadyEnabled `TOTPAlreadyEnabled` signifies an error when a user attempts to enable TOTP, but it's already enabled. filename: Status Code: 400 ```json { "shortMessage": "TOTP already enabled", "longMessage": "TOTP is already enabled on your account", "code": "totp_already_enabled" } ``` ## Urls ### InsecureURL filename: Status Code: 422 ```json { "shortMessage": "Insecure URL", "longMessage": "Please provide a secure URL (https)", "code": "insecure_url", "meta": { "name": "paramname" } } ``` ### InvalidURLScheme filename: Status Code: 422 ```json { "shortMessage": "Invalid URL scheme", "longMessage": "Please provide a URL with one of the following schemes: ", "code": "invalid_url_scheme", "meta": { "name": "paramname" } } ``` ## User Lockout ### UserLocked filename: Status Code: 403 ```json { "shortMessage": "Account locked", "longMessage": "Your account is locked. You will be able to try again in . For more information, please contact .", "code": "user_locked" } ``` ### UserLockedIndefinitely filename: Status Code: 403 ```json { "shortMessage": "Account locked", "longMessage": "Your account is locked. For more information, please contact .", "code": "user_locked" } ``` ## User Settings ### ResourceForbidden filename: Status Code: 403 ```json { "shortMessage": "forbidden", "longMessage": "Resource forbidden", "code": "resource_forbidden" } ``` ### ResourceNotFound filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "Resource not found", "code": "resource_not_found" } ``` ## Users ### NoPasswordSet filename: Status Code: 400 ```json { "shortMessage": "no password set", "longMessage": "This user does not have a password set for their account", "code": "no_password_set" } ``` ### PasswordRequired filename: Status Code: 400 ```json { "shortMessage": "password required", "longMessage": "Settings for this instance require a password to be set. Cannot remove the user's password.", "code": "password_required" } ``` ### PasswordTooLongNeedsReset filename: Status Code: 422 ```json { "shortMessage": "imported password too long and needs reset", "longMessage": "The existing imported password is too long and cannot be used, please reset your password.", "code": "password_too_long_needs_reset" } ``` ### UpdatingUserPasswordDeprecated filename: Status Code: 403 ```json { "shortMessage": "deprecated feature", "longMessage": "Password is not a valid parameter and can only be updated via /v1/me/change_password", "code": "updating_user_password_deprecated" } ``` ### UserBanned `UserBanned` signifies an error when a user is banned filename: Status Code: 403 ```json { "shortMessage": "User banned", "longMessage": "You have been banned. If you think this was by mistake, please contact support.", "code": "user_banned" } ``` ### UserCreateOrgNotEnabled filename: Status Code: 403 ```json { "shortMessage": "create organization not enabled", "longMessage": "Organization creation is not enabled for this user", "code": "user_create_organization_not_enabled" } ``` ### UserDeactivated filename: Status Code: 403 ```json { "shortMessage": "User deactivated", "longMessage": "You have been deactivated. Please contact support.", "code": "user_deactivated" } ``` ### UserDeleteSelfNotEnabled filename: Status Code: 403 ```json { "shortMessage": "delete self not enabled", "longMessage": "Self deletion is not enabled for this user", "code": "user_delete_self_not_enabled" } ``` ### UserNotFound `UserNotFound` signifies an error when no user is found with userID filename: Status Code: 404 ```json { "shortMessage": "not found", "longMessage": "No user was found with id ", "code": "resource_not_found" } ``` ### UserQuotaExceeded filename: Status Code: 403 ```json { "shortMessage": "user quota exceeded", "longMessage": "You have reached your limit of %d users. ", "code": "user_quota_exceeded" } ``` ### UserSCIMManaged filename: Status Code: 409 ```json { "shortMessage": "user managed by SCIM", "longMessage": "This user is managed by a SCIM directory and cannot be deleted manually.", "code": "user_managed_by_scim" } ``` ## Verification ### VerificationAlreadyVerified `VerificationAlreadyVerified` signifies an error when verification has already been verified filename: Status Code: 400 ```json { "shortMessage": "already verified", "longMessage": "This verification has already been verified.", "code": "verification_already_verified" } ``` ### VerificationCodeTooManyRequests filename: Status Code: 429 ```json { "shortMessage": "Too many verification code requests", "longMessage": "Too many verification code requests. Please wait at least 30 seconds to receive your code before trying again.", "code": "verification_code_too_many_requests" } ``` ### VerificationExpired `VerificationExpired` signifies an error when verification has expired filename: Status Code: 400 ```json { "shortMessage": "expired", "longMessage": "This verification has expired. You must create a new one.", "code": "verification_expired" } ``` ### VerificationFailed `VerificationFailed` signifies an error when verification fails filename: Status Code: 400 ```json { "shortMessage": "failed", "longMessage": "Too many failed attempts. You have to try again with the same or another method.", "code": "verification_failed" } ``` ### VerificationInvalidLinkToken `VerificationInvalidLinkToken` means that the provided JWT token from the link cannot be parsed. filename: Status Code: 400 ```json { "shortMessage": "invalid link token", "longMessage": "Verification link token is invalid", "code": "verification_link_token_invalid" } ``` ### VerificationInvalidLinkTokenSource `VerificationInvalidLinkTokenSource` means that the provided JWT token from the link has an invalid source type. filename: Status Code: 400 ```json { "shortMessage": "invalid link token source", "longMessage": "Verification link token source is invalid", "code": "verification_link_token_source_invalid" } ``` ### VerificationInvalidStrategy `VerificationInvalidStrategy` signifies an error when the given strategy is not valid for current verification filename: Status Code: 400 ```json { "shortMessage": "has invalid strategy", "longMessage": "The strategy is not valid for the current verification.", "code": "verification_strategy_invalid" } ``` ### VerificationLinkTokenExpired `VerificationLinkTokenExpired` means that the provided JWT token from the link has expired. filename: Status Code: 400 ```json { "shortMessage": "expired link token", "longMessage": "Verification link token has expired", "code": "verification_link_token_expired" } ``` ### VerificationLinkTokenStale `VerificationLinkTokenStale` means that the verification link token references a verification that is no longer current (e.g. the user requested a new verification after this link was sent). filename: Status Code: 400 ```json { "shortMessage": "stale link token", "longMessage": "Verification link token is no longer valid. Please request a new one.", "code": "verification_link_token_stale" } ``` ### VerificationMissing `VerificationMissing` signifies an error when the verification is missing filename: Status Code: 400 ```json { "shortMessage": "is missing", "longMessage": "This strategy requires verification preparation before attempting to validate it.", "code": "verification_missing" } ``` ### VerificationNotSent `VerificationNotSent` signifies an error when verification email was not sent filename: Status Code: 400 ```json { "shortMessage": "not sent", "longMessage": "You need to send a verification code before attempting to verify.", "code": "verification_not_sent" } ``` ### VerificationUnknownStatus `VerificationUnknownStatus` signifies an unexpected error when unknown verification status is found filename: Status Code: 500 ```json { "shortMessage": "Unknown verification status", "longMessage": "Found unknown verification status ", "code": "verification_status_unknown" } ``` ## Waitlist ### WaitlistNotAcceptingEntries filename: Status Code: 403 ```json { "shortMessage": "Waitlist not accepting entries", "longMessage": "The waitlist is not accepting new entries at this time. Please try again later.", "code": "waitlist_not_accepting_entries" } ``` --- ## Sitemap [Overview of all docs pages](https://clerk.com/docs/llms.txt)