API reference

Error code catalogue

This is the master list of error.code values. Each links to a dedicated page with the exact cause, an example response and the fix. Branch your integration on code — it is stable — rather than on the human message.

2 min read

error.codeStable identifier
Per-code pageCause + fix
Never messageDo not parse text

All error codes

Follow any code for its dedicated reference.

CodeStatusMeaning
invalid_json400The request body was not valid JSON.
missing_content_type400The request was missing a JSON content type.
unknown_field400The body contained a field the endpoint does not accept.
form_required422The required form key was absent.
consent_required422The consent gate was not satisfied.
invalid_email422A supplied email address was not valid.
payload_too_large422The fields object exceeded the size limit.
invalid_dept422The routing department was not recognised.
invalid_value_type422A field value was the wrong type.
idempotency_key_reused409An idempotency key was reused with a different body.
resource_not_found404The referenced resource does not exist.
route_not_found404No endpoint matches the path.
rate_limited429You exceeded the request rate.
missing_api_key401A partner-plane call had no API key.
invalid_api_key401The supplied credential was not valid.
insufficient_scope403The token lacks the required scope.
signature_invalid400A request-signed call failed signature verification.
server_error500An unexpected server-side error occurred.
temporarily_unavailable503The service is briefly unavailable.

Webhook, partner-plane and endpoint-specific codes

These codes occur on specific surfaces — webhooks, the partner plane, MCP, CMS and support.

CodeStatusMeaning
webhook_signature_missing400A webhook arrived without a signature header.
webhook_signature_invalid400A webhook signature failed verification.
webhook_endpoint_url_invalid422A webhook endpoint URL was rejected.
webhook_endpoint_limit422The endpoint limit was reached.
webhook_event_unknown422An unknown event type was subscribed to.
idempotency_key_malformed400The idempotency key was not a valid format.
idempotency_key_in_progress409A request with this key is still being processed.
token_expired401The OAuth access token has expired.
token_revoked401The credential was revoked.
audience_mismatch401The token audience did not match this API.
scope_not_granted403The token is missing a specific required scope.
account_suspended403The partner account is suspended.
mcp_method_not_found404An MCP JSON-RPC method was not recognised.
mcp_tool_not_found404An MCP tool name was not recognised.
mcp_invalid_params422MCP tool parameters failed validation.
cms_page_not_found404The requested CMS page key does not exist.
support_message_too_long422A support chat message exceeded the length limit.
support_session_closed409The support chat session is already closed.
request_body_too_large422The whole request body exceeded the size cap.
unsupported_media_type415The content type is not supported.
method_not_allowed405The HTTP method is not allowed on this route.

Frequently asked questions

Are new error codes added over time?

Yes, additively. Handle unknown codes by falling back to the HTTP status class — a code you do not recognise under a 429 is still rate limiting, under a 5xx is still a server error.

Is the code the same across every endpoint?

A given code always means the same thing wherever it appears. Some codes are endpoint-specific (they can only occur on one route), but their meaning never varies.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.