Backend API errors
{
  "shortMessage": "cannot revoke",
  "longMessage": "Actor token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
  "code": "actor_token_cannot_be_revoked_code"
}{
  "shortMessage": "Identifier not found",
  "longMessage": "No identifier was found with id <identifierID>",
  "code": "resource_not_found"
}{
  "shortMessage": "duplicate allowlist identifier",
  "longMessage": "the identifier <identifier> already exists",
  "code": "duplicate_record"
}Applications
AccountlessApplicationNotFound signifies an error when no application with the given claim token could be found
{
  "shortMessage": "Application not found",
  "longMessage": "No application was found with the given claim token.",
  "code": "resource_not_found"
}{
  "shortMessage": "Could not authenticate request.",
  "longMessage": "Could not authenticate request.",
  "code": "could_not_authenticate_request"
}{
  "shortMessage": "Failed to verify internal migration JWT.",
  "longMessage": "Failed to verify internal migration JWT.",
  "code": "failed_to_verify_internal_migration_jwt"
}
IdentificationExists signifies an error when the identifier already exists
{
  "shortMessage": "already exists",
  "longMessage": "This <identifier> already exists.",
  "code": ""
}{
  "shortMessage": "The provided internal migration JWT is missing the instance ID.",
  "longMessage": "The provided internal migration JWT is missing the instance ID.",
  "code": "internal_migration_jwt_missing_instance_id"
}
InvalidAuthentication signifies an error when the request is not authenticated
{
  "shortMessage": "Invalid authentication",
  "longMessage": "Unable to authenticate the request, you need to supply an active session",
  "code": "authentication_invalid"
}
InvalidAuthorization signifies an error when the request is not authorized to perform the given operation
{
  "shortMessage": "Unauthorized request",
  "longMessage": "You are not authorized to perform this request",
  "code": "authorization_invalid"
}
InvalidAuthorizationHeaderFormat signifies an error when the Authorization header has no proper format.
{
  "shortMessage": "Invalid Authorization header format",
  "longMessage": "Invalid Authorization header format. Must be 'Bearer <YOUR_API_KEY>'",
  "code": "authorization_header_format_invalid"
}
InvalidClerkSecretKey signifies an error when the supplied client key is invalid
{
  "shortMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
  "longMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
  "code": "clerk_key_invalid"
}
InvalidRequestForEnvironment signifies an error when the incoming request is invalid for given environment(s)
{
  "shortMessage": "Invalid request for environment",
  "longMessage": "Request only valid for <envTypes> instances.",
  "code": "request_invalid_for_environment"
}
RequestInvalidForInstance signifies an error when the incoming request is invalid for the given instance, due to the auth_config
{
  "shortMessage": "Invalid request for instance",
  "longMessage": "This request is not valid for your instance. Modify your instance settings to use this request.",
  "code": "request_invalid_for_instance"
}{
  "shortMessage": "Unsupported country code",
  "longMessage": "Phone numbers from this country (<countryName>) are currently not supported. For more information, please contact <support>.",
  "code": "unsupported_country_code",
  "meta": "{\"formParameter\": {\"Name\": \"param\"}, \"Alpha2\": alpha2, \"CountryCode\": countryCode}"
}{
  "shortMessage": "Unsupported plan features",
  "longMessage": "Some features are not supported in your current plan. Upgrade your subscription to unlock them.",
  "code": "unsupported_subscription_plan_features",
  "meta": {
    "unsupportedfeatures": "unsupportedfeatures"
  }
}{
  "shortMessage": "Identifier not found",
  "longMessage": "No identifier was found with id <identifierID>",
  "code": "resource_not_found"
}{
  "shortMessage": "duplicate blocklist identifier",
  "longMessage": "the identifier <identifier> already exists",
  "code": "duplicate_record"
}{
  "shortMessage": "Client not found",
  "longMessage": "No client was found with id <clientID>",
  "code": "resource_not_found"
}
ClientNotFoundInRequest signifies an error when no client is found in an incoming request
{
  "shortMessage": "No client found",
  "longMessage": "This request is expecting a client and did not find one",
  "code": "client_not_found"
}{
  "shortMessage": "",
  "code": "cookie_invalid"
}
InvalidRotatingToken signifies an error when rotating token does not match the client's rotating token
{
  "shortMessage": "",
  "longMessage": "The client's rotating key does not match the given one <token>",
  "code": "cookie_invalid"
}
MissingClaims signifies an error when token is missing claim
{
  "shortMessage": "",
  "longMessage": "The token is missing the following claims: <claims>",
  "code": "cookie_invalid"
}{
  "shortMessage": "endpoint is deprecated and pending removal",
  "longMessage": "endpoint is deprecated and pending removal",
  "code": "operation_deprecated"
}Domains
DomainUpdateForbidden signifies an error when trying to update an non production instance domain
{
  "shortMessage": "Domain update was forbidden",
  "longMessage": "Domain can be only updated for production instances",
  "code": "domain_update_forbidden"
}{
  "shortMessage": "",
  "longMessage": "Clerk Frontend API cannot be accessed through the proxy URL. Make sure your proxy is configured correctly.",
  "code": "invalid_proxy_configuration",
  "meta": {
    "name": "proxy_url"
  }
}{
  "shortMessage": "operation not allowed",
  "longMessage": "This operation is not allowed on a primary domain. Try again with a satellite domain of the instance.",
  "code": "operation_not_allowed_on_primary_domain"
}
PrimaryDomainAlreadyExists signifies an error when a new domain is added as
primary when there is already once in the instance.
Currently, we only support a single primary domain per instance.
{
  "shortMessage": "primary domain already exists",
  "longMessage": "Currently, only a single primary domain is supported and the current instance already has one. All new domains need to be set a satellites.",
  "code": "primary_domain_already_exists",
  "meta": {
    "name": "is_satellite"
  }
}{
  "shortMessage": "not enabled",
  "longMessage": "This feature is not enabled on this instance",
  "code": "feature_not_enabled"
}{
  "shortMessage": "not an OIDC provider",
  "longMessage": "You are using the legacy OAuth 2.0 provider. Please migrate to the new OIDC compatible provider to use this feature",
  "code": "feature_requires_oidc_provider"
}{
  "shortMessage": "not a Progressive Sign Up instance",
  "longMessage": "<feature> can only be used in instances that migrated to Progressive Sign Up (https://clerk.com/docs/upgrade-guides/progressive-sign-up)",
  "code": "feature_requires_progressive_sign_up"
}{
  "shortMessage": "",
  "code": "form_already_exists",
  "meta": {
    "name": "param"
  }
}
FormAtLeastOneOptionalParameterMissing signifies an error when at least one optional parameter must be provided
{
  "shortMessage": "at least one parameter must be provided",
  "longMessage": "at least one of `<parameters>` must be provided",
  "code": "form_param_missing",
  "meta": {
    "names": "paramnames"
  }
}{
  "shortMessage": "Date values must not be in the future.",
  "longMessage": "Date values must not be in the future.",
  "code": "form_disallow_future_date",
  "meta": {
    "name": "param"
  }
}
FormDuplicateParameter signifies an error when a duplicate parameter is found in a form
{
  "shortMessage": "is duplicate",
  "longMessage": "<param> included multiple times. There should only be one.",
  "code": "form_param_duplicate",
  "meta": {
    "name": "param"
  }
}
FormIdentifierExists signifies an error when given identifier already exists
{
  "shortMessage": "",
  "code": "form_identifier_exists",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Date values must be given in Unix millisecond timestamp format.",
  "longMessage": "Date values must be given in Unix millisecond timestamp format.",
  "code": "form_param_invalid_date",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be a valid email address.",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be a valid email address local part.",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidEncodingParameterValue signifies an error when the given parameter has an invalid encoding
{
  "shortMessage": "invalid character encoding",
  "longMessage": "<param> contains invalid UTF-8 characters",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be either a valid email address, a valid phone number according to E.164 international standard or a valid web3 wallet.",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidOrigin signifies an error when the given origin is http/https
{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be a valid origin such as my-app://localhost, chrome-extension://mnhbilbfebpbokpjjamapdecdgieldho, or capacitor://localhost:3000",
  "code": "form_invalid_origin",
  "meta": {
    "name": "param"
  }
}
FormInvalidParameterFormat signifies an error when the given parameter has an invalid format
{
  "shortMessage": "",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "is invalid",
  "longMessage": "<param> is invalid. Only one of the following parameter values is allowed: <allowedValues>",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidParameterValue signifies an error when the given parameter has an invalid value
{
  "shortMessage": "is invalid",
  "longMessage": "<value> does not match one of the allowed values for parameter <param>",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidParameterValueWithAllowed signifies an error when the given parameter has an invalid value.
The difference with FormInvalidParameterValue is that this error also includes the allowed values
{
  "shortMessage": "is invalid",
  "longMessage": "<value> does not match the allowed values for parameter <param>. Allowed values: <allowedValues>",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidPasswordLengthTooLong signifies an error when the password is invalid because of its length
{
  "shortMessage": "",
  "code": "form_password_length_too_long",
  "meta": {
    "name": "param"
  }
}
FormInvalidPasswordLengthTooShort signifies an error when the password is invalid because of its length
{
  "shortMessage": "",
  "code": "form_password_length_too_short",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Passwords must contain at least one lowercase character.",
  "longMessage": "Passwords must contain at least one lowercase character.",
  "code": "form_password_no_lowercase",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Passwords must contain at least one number.",
  "longMessage": "Passwords must contain at least one number.",
  "code": "form_password_no_number",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "",
  "code": "form_password_no_special_char",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Given password is not strong enough.",
  "longMessage": "Given password is not strong enough.",
  "code": "form_password_not_strong_enough"
}{
  "shortMessage": "Passwords must contain at least one uppercase character.",
  "longMessage": "Passwords must contain at least one uppercase character.",
  "code": "form_password_no_uppercase",
  "meta": {
    "name": "param"
  }
}
FormInvalidPasswordSizeInBytesExceeded signifies that the size in bytes was exceeded.
Note that the maximum character length constraint may fail to detect this case,
if multi-byte characters are included in the password.
For example, bcrypt limit https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.8.0:bcrypt/bcrypt.go;l=87
{
  "shortMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
  "longMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
  "code": "form_password_size_in_bytes_exceeded",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be a valid phone number according to E.164 international standard.",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "invalid format",
  "longMessage": "<param> must contain a datetime specified in RFC3339 format (e.g. `2022-10-20T10:00:27.645Z`).",
  "code": "form_param_invalid_time",
  "meta": {
    "name": "param"
  }
}
FormInvalidTypeParameter signifies an error when a form parameter has the wrong type
{
  "shortMessage": "is invalid",
  "longMessage": "`<param>` must be a `<paramType>`.",
  "code": "form_param_type_invalid",
  "meta": {
    "name": "param"
  }
}
FormInvalidUsernameCharacter signifies an error when the given username does not match username regex
{
  "shortMessage": "",
  "code": "form_username_invalid_character",
  "meta": {
    "name": "param"
  }
}
FormInvalidUsernameLength signifies an error when the given username does not have required length
{
  "shortMessage": "",
  "code": "form_username_invalid_length",
  "meta": {
    "name": "param"
  }
}
FormInvalidUsernameNeedsNonNumberCharCode signifies an error when the given username does not match username regex
{
  "shortMessage": "",
  "code": "form_username_needs_non_number_char",
  "meta": {
    "name": "param"
  }
}
FormInvalidWeb3Wallet signifies an error when the given web3 wallet address is invalid
{
  "shortMessage": "is invalid",
  "longMessage": "<param> must be a valid web3 wallet address that starts with 0x and contains 40 hexadecimal characters.",
  "code": "form_param_format_invalid",
  "meta": {
    "name": "param"
  }
}
FormMetadataInvalidType signifies an error when the given metadata is not a valid key-value object
{
  "shortMessage": "",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "param"
  }
}
FormMissingConditionalParameter signifies an error when required parameter based on conditions is missing
{
  "shortMessage": "is missing",
  "longMessage": "`<param>` is required when `<leftCondition>` is `<rightCondition>`.",
  "code": "form_conditional_param_missing"
}
FormMissingConditionalParameterOnExistence signifies an error when parameter is required because of the existence of another
{
  "shortMessage": "is missing",
  "longMessage": "`<missingParam>` is required when `<conditionalParam>` is present.",
  "code": "form_conditional_param_missing",
  "meta": {
    "name": "missingparam"
  }
}
FormMissingParameter signifies an error when an expected form parameter is missing
{
  "shortMessage": "is missing",
  "longMessage": "<param> must be included.",
  "code": "form_param_missing",
  "meta": {
    "name": "param"
  }
}
FormMissingResource signifies an error when the form parameter is referring to a missing resource
{
  "shortMessage": "is missing",
  "longMessage": "The resource associated with the supplied <param> was not found.",
  "code": "form_resource_not_found",
  "meta": {
    "name": "param"
  }
}
FormNilParameter signifies an error when a nil parameter is found in a form
{
  "shortMessage": "",
  "code": "form_param_nil",
  "meta": {
    "name": "param"
  }
}
FormNotAllowedToDisableDefaultSecondFactor signifies an error when trying to disable the default flag from a second-factor
{
  "shortMessage": "The default second factor method can only be changed by assigning another method as the default.",
  "longMessage": "The default second factor method can only be changed by assigning another method as the default.",
  "code": "form_disable_default_second_factor_not_allowed",
  "meta": {
    "name": "param"
  }
}
FormParameterArraySizeExceeded signifies an error when the given array exceeds the maximum allowed size
{
  "shortMessage": "exceeds maximum size",
  "longMessage": "<parameter> should not exceed %d items.",
  "code": "form_param_array_size_exceeded",
  "meta": {
    "name": "param"
  }
}
FormParameterMaxLengthExceeded signifies an error when the given param value exceeds the maximum allowed length
{
  "shortMessage": "exceeds maximum length",
  "longMessage": "<parameter> should not exceed %d characters.",
  "code": "form_param_max_length_exceeded",
  "meta": {
    "name": "param"
  }
}
FormParameterMinLengthExceeded signifies an error when the given param value is less than the minimum allowed length
{
  "shortMessage": "does not reach minimum length",
  "longMessage": "<parameter> must be at least %d characters long.",
  "code": "form_param_min_length_exceeded",
  "meta": {
    "name": "param"
  }
}
FormParameterNotAllowedConditionally signifies an error when parameter is not allowed based on condition
{
  "shortMessage": "is not allowed",
  "longMessage": "`<param>` isn't allowed when `<leftCondition>` is <rightCondition>.",
  "code": "form_conditional_param_disallowed",
  "meta": {
    "name": "param"
  }
}
FormParameterNotAllowedIfAnotherParameterIsPresent signifies an error when a parameter is present but
is not allowed because another parameter is also present
{
  "shortMessage": "is not allowed",
  "longMessage": "`<notAllowedParam>` isn't allowed when `<existingParam>` is present.",
  "code": "form_conditional_param_disallowed",
  "meta": {
    "name": "notallowedparam"
  }
}
FormParameterSizeTooLarge signifies an error when a parameter exceeds the max allowed size
{
  "shortMessage": "",
  "code": "form_param_exceeds_allowed_size",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Value too large",
  "longMessage": "The value of <param> can't be greater than %d",
  "code": "form_param_value_too_large",
  "meta": {
    "name": "param"
  }
}
FormPasswordDigestInvalid signifies an error when the provided password_digest is not valid for the provided password_hasher
{
  "shortMessage": "",
  "code": "form_password_digest_invalid_code",
  "meta": {
    "name": "param"
  }
}
FormPasswordValidationFailed signifies a generic error when the password validation failed
{
  "shortMessage": "Incorrect password. Please try again.",
  "longMessage": "Incorrect password. Please try again.",
  "code": "form_password_validation_failed",
  "meta": {
    "name": "param"
  }
}
FormPwnedPassword signifies an error when the chosen password has been found in the pwned list
{
  "shortMessage": "",
  "code": "form_password_pwned",
  "meta": {
    "name": "param"
  }
}
FormUnknownParameter signifies an error when an unexpected parameter is found in a form
{
  "shortMessage": "is unknown",
  "longMessage": "<param> is not a valid parameter for this request.",
  "code": "form_param_unknown",
  "meta": {
    "name": "param"
  }
}
FormValidationFailed converts validator.ValidationErrors to Error.
{
  "shortMessage": "is invalid",
  "longMessage": "<sanitizedField> is invalid",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "sanitizedfield"
  }
}Home Url
HomeURLTaken signifies an error when the root domain of the provided home_url already in use by another application
{
  "shortMessage": "Domain already in use",
  "longMessage": "The <homeURL> root domain is already in use by another application.",
  "code": "home_url_taken",
  "meta": {
    "name": "paramname"
  }
}
KnownHostingDomain signifies an error when the domain extracted from the provided home_url belongs to a
known hosting service and cannot be used to deploy production apps
{
  "shortMessage": "Known hosting domain",
  "longMessage": "The <domain> domain cannot be used to deploy production apps.",
  "code": "known_hosting_domain",
  "meta": {
    "name": "paramname"
  }
}
ReservedDomain signifies an error when the domain extracted from the provided home_url is reserved by Clerk
{
  "shortMessage": "Domain reserved by Clerk",
  "longMessage": "The <domain> domain is reserved by Clerk.",
  "code": "reserved_domain",
  "meta": {
    "name": "paramname"
  }
}
ReservedSubdomain signifies an error when the subdomain extracted from the provided home_url is reserved by Clerk
{
  "shortMessage": "Reserved subdomain",
  "longMessage": "The <subdomain> subdomain is reserved by Clerk.",
  "code": "reserved_subdomain",
  "meta": {
    "name": "paramname"
  }
}{
  "shortMessage": "Create failed",
  "longMessage": "Unverified identifications cannot be a second factor",
  "code": "identification_create_second_factor_unverified"
}
IdentificationNotFound signifies an error when comm is not found
{
  "shortMessage": "Resource not found",
  "longMessage": "Resource not found",
  "code": "resource_not_found"
}{
  "shortMessage": "Update failed",
  "longMessage": "You cannot set your last identification as second factor.",
  "code": "identification_update_failed"
}{
  "shortMessage": "Update failed",
  "longMessage": "Cannot update second factor attributes for unverified identification",
  "code": "identification_update_second_factor_unverified"
}{
  "shortMessage": "Image not found",
  "longMessage": "Image not found",
  "code": "image_not_found"
}
RequestWithoutImage signifies an error when no image was present in the request.
{
  "shortMessage": "Image file missing",
  "longMessage": "There was no image file present in the request",
  "code": "form_param_missing"
}{
  "shortMessage": "Enhanced email deliverability mode is only compatible with email codes (OTP)",
  "longMessage": "Ensure that either enhanced email deliverability is disabled or you only have email codes (OTP) enabled.",
  "code": "enhanced_email_deliverability_prohibited"
}{
  "shortMessage": "Breaks instance invariant",
  "longMessage": "%v - This invariant is determined by your user settings",
  "code": "breaks_instance_invariant"
}
InstanceNotFound signifies an error when no instance with given instanceID was found
{
  "shortMessage": "Instance not found",
  "longMessage": "No instance was found with id <instanceID>",
  "code": "resource_not_found"
}{
  "shortMessage": "Bad request",
  "longMessage": "Bad request",
  "code": "bad_request"
}
403 - quota exceeded
{
  "shortMessage": "Quota exceeded",
  "longMessage": "Quota exceeded, you have reached your limit.",
  "code": "quota_exceeded"
}
Unexpected is used for all unexpected errors
{
  "shortMessage": "Oops, an unexpected error occurred",
  "longMessage": "There was an internal error on our servers. We've been notified and are working on fixing it.",
  "code": "internal_clerk_error"
}Invitations
DuplicateInvitations denotes an error when there are already invitations
for the given email addresses
{
  "shortMessage": "",
  "longMessage": "There are already pending invitations for the following email addresses: <emails>",
  "code": "duplicate_record",
  "meta": {
    "emailaddresses": "emailaddresses"
  }
}
InvitationAlreadyAccepted denotes an error when someone tries to use
an invitation which is already accepted.
{
  "shortMessage": "Invitation is already accepted, try signing in instead.",
  "longMessage": "Invitation is already accepted, try signing in instead.",
  "code": "invitation_already_accepted"
}
InvitationAlreadyRevoked denotes an error when someone tries to revoke
an invitation which is already revoked.
{
  "shortMessage": "Invitation is already revoked.",
  "longMessage": "Invitation is already revoked.",
  "code": "invitation_already_revoked"
}
InvitationNotFound denotes an error when there is no invitation with
the given id
{
  "shortMessage": "not found",
  "longMessage": "No invitation was found with id <invitationID>.",
  "code": "resource_not_found"
}
InvitationsNotSupportedInInstance denotes an error when user is
trying to create an invitation on an instance that doesn't support it
{
  "shortMessage": "Invitations are only supported on instances that accept email addresses.",
  "longMessage": "Invitations are only supported on instances that accept email addresses.",
  "code": "invitations_not_supported"
}Jwt Templates
JWTTemplateNotFound signifies an error when a JWT template was not found by the provided attribute
{
  "shortMessage": "JWT template not found",
  "longMessage": "No JWT template exists with <attribute>: <val>",
  "code": "resource_not_found"
}
JWTTemplateReservedClaim denotes an error when the provided template contains a reserved claim.
{
  "shortMessage": "reserved claim used",
  "longMessage": "You can't use the reserved claim: '<claim>'",
  "code": "jwt_template_reserved_claim",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "session token template cannot be deleted",
  "longMessage": "This template cannot be deleted because it's a session token template",
  "code": "session_token_jwt_template"
}Machine Token
MachineTokenReservedClaim denotes an error when the provided machine token claims object contains a reserved claim.
{
  "shortMessage": "reserved claim used",
  "longMessage": "You can't use the reserved claim: '<claim>'",
  "code": "machine_token_reserved_claim",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "System under maintenance",
  "longMessage": "We are currently undergoing maintenance and only essential operations are permitted. We will be back shortly.",
  "code": "maintenance_mode"
}{
  "shortMessage": "duplicate list items not allowed",
  "longMessage": "duplicate list items not allowed: <param>",
  "code": "duplicate_list_items_not_allowed"
}{
  "shortMessage": "invalid environment type",
  "longMessage": "invalid environment types: <envTypes>",
  "code": "invalid_environment_type"
}{
  "shortMessage": "Missing OAuth access token",
  "longMessage": "OAuth access token is missing",
  "code": "oauth_missing_access_token"
}{
  "shortMessage": "Cannot refresh OAuth access token",
  "longMessage": "The current access token has expired and we cannot refresh it, because the authorization server hasn't provided us with a refresh token",
  "code": "oauth_missing_refresh_token"
}{
  "shortMessage": "OAuth provider not enabled",
  "longMessage": "Single-sign on for this OAuth provider is not enabled in the instance settings.",
  "code": "oauth_token_provider_not_enabled"
}{
  "shortMessage": "Token retrieval failed",
  "longMessage": "Failed to retrieve a new access token from the OAuth provider",
  "code": "oauth_token_retrieval_error"
}
UnsupportedOauthProvider signifies an error when an instance tries to enable
an OAuth external provider which is not supported.
{
  "shortMessage": "",
  "longMessage": "%v OAuth is not supported. Please contact us if you think this error should not appear.",
  "code": "oauth_unsupported_provider"
}{
  "shortMessage": "duplicate redirect URI",
  "longMessage": "the redirect URI already exists",
  "code": "duplicate_record"
}{
  "shortMessage": "consent screen cannot be disabled",
  "longMessage": "Consent screen cannot be disabled for a dynamically registered OAuth Application",
  "code": "oauth_application_consent_screen_cannot_be_disabled"
}{
  "shortMessage": "missing permission",
  "longMessage": "Current user is missing an organization permission.",
  "code": "missing_organization_permission",
  "meta": {
    "permissions": "permissions"
  }
}
403 - Only for organization members Deprecated: This error reveals the existence of an organization to an unauthorized user. Use OrganizationNotFoundOrUnauthorized instead, and ensure other pathways that error when the organization isn't found also use OrganizationNotFoundOrUnauthorized
{
  "shortMessage": "not a member",
  "longMessage": "Current user is not a member of the organization. Only organization members can perform this action.",
  "code": "not_a_member_in_organization"
}{
  "shortMessage": "this organization already has an SSO connection",
  "longMessage": "This organization already has an SSO connection.",
  "code": "organization_already_has_sso_connection",
  "meta": {
    "name": "organization_id"
  }
}
400 - Creator doesn't exist
{
  "shortMessage": "creator not found",
  "longMessage": "No users found with id <userID>.",
  "code": "organization_creator_not_found"
}{
  "shortMessage": "organizaton domain already exists",
  "longMessage": "This domain is already used by another organization.",
  "code": "organization_domain_already_exists",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "blocked email domain",
  "longMessage": "This is a blocked email provider domain. Please use a different one.",
  "code": "organization_domain_blocked",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "common email domain",
  "longMessage": "This is a common email provider domain. Please use a different one.",
  "code": "organization_domain_common",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "organization enrollment mode not enabled",
  "longMessage": "Enrollment mode <enrollmentMode> is not enabled for this instances's organizations.",
  "code": "organization_domain_enrollment_mode_not_enabled"
}{
  "shortMessage": "organization domains quota exceeded",
  "longMessage": "You have reached your limit of %d domains per organization.",
  "code": "organization_domain_quota_exceeded"
}{
  "shortMessage": "organization invitation not unique",
  "longMessage": "Organizations cannot have duplicate pending invitations for an email address.",
  "code": "organization_invitation_not_unique"
}{
  "shortMessage": "missing permissions for creator role",
  "longMessage": "The creator role must contain the following permissions: <permissionKeys>",
  "code": "organization_missing_creator_role_permissions"
}{
  "shortMessage": "invalid organization name",
  "longMessage": "The organization name %q is invalid: <name>",
  "code": "form_param_value_invalid",
  "meta": {
    "name": "name"
  }
}{
  "shortMessage": "access denied",
  "longMessage": "The organizations feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
  "code": "organization_not_enabled_in_instance"
}
404 - Organization not found
WARNING: This is safe to use for endpoints where the caller is authorized to be
aware of every organization. But if the endpoint errors if the caller is not
authorized on the organization, do not use this, because it leaks the existence
of the organization! Use OrganizationNotFoundOrUnauthorized instead.
{
  "shortMessage": "not found",
  "longMessage": "Given organization not found.",
  "code": "resource_not_found"
}
404 - Used for any case
{
  "shortMessage": "not found or unauthorized",
  "longMessage": "Given organization not found, or you don't have permission to access the organization",
  "code": "organization_not_found_or_unauthorized"
}{
  "shortMessage": "not found",
  "longMessage": "Organization role not found",
  "code": "resource_not_found",
  "meta": {
    "name": "paramname"
  }
}{
  "shortMessage": "cannot disable organizations",
  "longMessage": "Cannot disable organizations because <reason>.",
  "code": "organizations_disable_not_allowed"
}Redirect Urls
RedirectURLNotFound signifies an error when a RedirectURL was not found by the provided attribute
{
  "shortMessage": "Redirect url not found",
  "longMessage": "No RedirectURL exists with <attribute>: <val>",
  "code": "resource_not_found"
}{
  "shortMessage": "bulk size exceeded",
  "longMessage": "Parameters exceed the maximum allowed bulk processing size of %d.",
  "code": "bulk_size_exceeded"
}{
  "shortMessage": "",
  "longMessage": "<value> does not match one of the allowed values for parameter <param>",
  "code": "invalid_query_parameter_value"
}
InvalidRequestBody signifies an error when the body of the request does not conform to the expected format
{
  "shortMessage": "Request body invalid",
  "longMessage": "The request body is invalid. Please consult the API documentation for more information.",
  "code": "request_body_invalid"
}{
  "shortMessage": "Malformed publishable key",
  "longMessage": "Ensure the provided publishable key (<key>) is the one displayed in Dashboard",
  "code": "malformed_publishable_key"
}
MalformedRequestParameters signifies an error when the request parameters are malformed and result in parsing errors
{
  "shortMessage": "Malformed request parameters",
  "longMessage": "The request parameters are malformed and could not be parsed",
  "code": "malformed_request_parameters"
}{
  "shortMessage": "Missing query parameter",
  "longMessage": "Either of the following query parameters must be provided: <parameters>.",
  "code": "missing_query_parameter"
}
MissingQueryParameter denotes that the required query parameter, param, was
not provided by the request.
{
  "shortMessage": "",
  "longMessage": "The query parameter '<param>' is missing from the request. Please consult the API documentation for more information.",
  "code": "missing_query_parameter"
}
UnsupportedContentType signifies an error when provided content type is unsupported
{
  "shortMessage": "Content-Type is unsupported",
  "longMessage": "Content-Type <actual> is unsupported. You should use <expected> instead.",
  "code": "unsupported_content_type"
}{
  "shortMessage": "SAML Connection can't be activated",
  "longMessage": "You have to provide the <fields> before you are able to activate this connection.",
  "code": "saml_connection_cant_be_activated"
}{
  "shortMessage": "Failed to fetch IdP metadata",
  "longMessage": "We failed to fetch the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
  "code": "saml_failed_to_fetch_idp_metadata"
}{
  "shortMessage": "Failed to parse IdP metadata",
  "longMessage": "We failed to parse the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
  "code": "saml_failed_to_parse_idp_metadata"
}{
  "shortMessage": "expired session token consumed",
  "longMessage": "The provided expired session token was already consumed in a previous refresh request",
  "code": "session_refresh_expired_session_token_consumed"
}{
  "shortMessage": "Invalid expired_token param",
  "longMessage": "The session token provided could not be successfully verified",
  "code": "expired_session_token_invalid"
}{
  "shortMessage": "session token too old",
  "longMessage": "The provided expired session token is too old",
  "code": "session_refresh_expired_session_token_too_old"
}{
  "shortMessage": "session inactive",
  "longMessage": "The provided session is not active",
  "code": "session_refresh_inactive_session"
}{
  "shortMessage": "expired session token ineligible",
  "longMessage": "The provided expired session token is not eligible for refresh",
  "code": "session_refresh_session_token_ineligible"
}{
  "shortMessage": "Request origin is invalid",
  "longMessage": "The request_origin parameter could not be parsed",
  "code": "refresh_request_origin_invalid"
}{
  "shortMessage": "missing 'azp' claim",
  "longMessage": "No 'azp' claim present in the provided expired session token",
  "code": "expired_session_token_missing_azp"
}{
  "shortMessage": "missing 'iat' claim",
  "longMessage": "No 'iat' claim present in the provided expired session token",
  "code": "session_refresh_expired_session_token_missing_iat"
}{
  "shortMessage": "missing 'sid' claim",
  "longMessage": "No 'sid' claim present in the provided expired session token",
  "code": "expired_session_token_missing_sid"
}{
  "shortMessage": "not enabled",
  "longMessage": "This feature is not enabled in your instance",
  "code": "feature_not_enabled"
}{
  "shortMessage": "Request origin does not match azp claim",
  "longMessage": "The request_origin parameter does not match the 'azp' claim of expired_token",
  "code": "refresh_request_origin_azp_mismatch"
}{
  "shortMessage": "Session not found",
  "longMessage": "No session was found with id <sessionID>",
  "code": "session_refresh_session_not_found"
}{
  "shortMessage": "Session ID does not match the 'sid' claim",
  "longMessage": "The 'sid' claim of the provided expired session token does not match the session ID provided in the request path",
  "code": "refresh_sid_mismatch"
}{
  "shortMessage": "Refresh token not found",
  "longMessage": "The provided refresh token was not found",
  "code": "refresh_token_not_found"
}{
  "shortMessage": "user not found",
  "longMessage": "The provided user was not found",
  "code": "session_refresh_user_not_found"
}{
  "shortMessage": "account deprovisioned",
  "longMessage": "Your account is deprovisioned",
  "code": "deprovisioned"
}{
  "shortMessage": "account deprovisioned",
  "longMessage": "The target user's account has been deprovisioned according to their external identity provider",
  "code": "deprovisioned"
}{
  "shortMessage": "Invalid session token",
  "longMessage": "The token provided could not be successfully verified",
  "code": "invalid_session_token"
}
SessionNotFound signifies an error when no session with given sessionID was found
{
  "shortMessage": "Session not found",
  "longMessage": "No session was found with id <sessionID>",
  "code": "resource_not_found"
}Sign In
IdentificationClaimed signifies an error when the requested identification is already claimed by another user
{
  "shortMessage": "Identification claimed by another user",
  "longMessage": "One or more identifiers on this sign up have since been connected to a different User. Please sign up again.",
  "code": "identification_claimed"
}{
  "shortMessage": "cannot revoke",
  "longMessage": "Sign in token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
  "code": "sign_in_token_cannot_be_revoked_code"
}{
  "shortMessage": "is not allowed",
  "longMessage": "`<param>` isn't allowed to be `%v` when sign-up mode is set to <value>",
  "code": "sign_up_mode_restricted_invalid_value",
  "meta": {
    "name": "param"
  }
}{
  "shortMessage": "Sign up cannot be updated",
  "longMessage": "This sign up has reached a terminal state and cannot be updated",
  "code": "sign_up_cannot_be_updated"
}Signing Keys
SigningKeyNotFound signifies an error when no signing key with a given signingKeyID was found
{
  "shortMessage": "Signing key not found",
  "longMessage": "No signing key was found with id <signingKeyID>",
  "code": "resource_not_found"
}{
  "shortMessage": "Product not supported by subscription plan",
  "longMessage": "The product <productID> is not compatible with the current subscription plan",
  "code": "product_not_supported_by_subscription_plan"
}{
  "shortMessage": "Invalid template body",
  "longMessage": "This template body is invalid and cannot be rendered successfully, please check for syntax errors",
  "code": "invalid_template_body",
  "meta": {
    "name": "body"
  }
}{
  "shortMessage": "",
  "longMessage": "Body should contain the {{<requiredVariable>}} variable",
  "code": "required_variable_missing",
  "meta": {
    "name": "body"
  }
}{
  "shortMessage": "Template body cannot be modified",
  "longMessage": "The body of template with slug <slug> can't be modified",
  "code": "template_body_modification_restricted"
}
TemplateDeletionRestricted signifies an error when a deletion is attempted for a built-in (non-custom) template
{
  "shortMessage": "Template deletion restricted",
  "longMessage": "Template with slug <slug> can't be deleted",
  "code": "template_deletion_restricted"
}
TemplateNotFound signifies an error when no template with given slug was found
{
  "shortMessage": "Template not found",
  "longMessage": "No template was found with slug <slug>",
  "code": "resource_not_found"
}
TemplateRevertRestricted signifies an error when a custom template is attempted to be reverted
{
  "shortMessage": "Template revert restricted",
  "longMessage": "Template with slug <slug> can't be reverted",
  "code": "template_revert_error"
}
TemplateTypeUnsupported signifies an error when an invalid template type is provided
{
  "shortMessage": "Template type not supported",
  "longMessage": "Template type <templateType> is not supported",
  "code": "template_type_unsupported"
}{
  "shortMessage": "invalid TOTP secret",
  "longMessage": "The TOTP secret is invalid, please provide a valid one base32 encoded",
  "code": "invalid_totp_secret_code"
}{
  "shortMessage": "URL not found",
  "longMessage": "The URL was not found",
  "code": "resource_not_found"
}{
  "shortMessage": "forbidden",
  "longMessage": "Resource forbidden",
  "code": "resource_forbidden"
}{
  "shortMessage": "not found",
  "longMessage": "Resource not found",
  "code": "resource_not_found"
}{
  "shortMessage": "incorrect password",
  "longMessage": "The provided password is not the one the user has set",
  "code": "incorrect_password"
}{
  "shortMessage": "incorrect TOTP",
  "longMessage": "The provided TOTP code is incorrect",
  "code": "totp_incorrect_code"
}{
  "shortMessage": "invalid length",
  "longMessage": "The provided TOTP code must be 6 characters long.",
  "code": "totp_invalid_length"
}{
  "shortMessage": "no password set",
  "longMessage": "This user does not have a password set for their account",
  "code": "no_password_set"
}{
  "shortMessage": "TOTP is disabled",
  "longMessage": "This user does not have TOTP enabled in their account",
  "code": "totp_disabled"
}
UserBanned signifies an error when a user is banned
{
  "shortMessage": "User banned",
  "longMessage": "You have been banned. If you think this was by mistake, please contact support.",
  "code": "user_banned"
}{
  "shortMessage": "missing data",
  "longMessage": "%q data doesn't match user requirements set for this instance",
  "code": "form_data_missing",
  "meta": {
    "names": "missingparams"
  }
}
UserNotFound signifies an error when no user is found with userID
{
  "shortMessage": "not found",
  "longMessage": "No user was found with id <userID>",
  "code": "resource_not_found"
}{
  "shortMessage": "user quota exceeded",
  "longMessage": "You have reached your limit of %d users. <maxAllowed>",
  "code": "user_quota_exceeded"
}{
  "shortMessage": "No Svix apps are associated with the current instance.",
  "longMessage": "No Svix apps are associated with the current instance.",
  "code": "svix_app_missing"
}Feedback
Last updated on