2 min read
All error codes
Follow any code for its dedicated reference.
| Code | Status | Meaning |
|---|---|---|
invalid_json | 400 | The request body was not valid JSON. |
missing_content_type | 400 | The request was missing a JSON content type. |
unknown_field | 400 | The body contained a field the endpoint does not accept. |
form_required | 422 | The required form key was absent. |
consent_required | 422 | The consent gate was not satisfied. |
invalid_email | 422 | A supplied email address was not valid. |
payload_too_large | 422 | The fields object exceeded the size limit. |
invalid_dept | 422 | The routing department was not recognised. |
invalid_value_type | 422 | A field value was the wrong type. |
idempotency_key_reused | 409 | An idempotency key was reused with a different body. |
resource_not_found | 404 | The referenced resource does not exist. |
route_not_found | 404 | No endpoint matches the path. |
rate_limited | 429 | You exceeded the request rate. |
missing_api_key | 401 | A partner-plane call had no API key. |
invalid_api_key | 401 | The supplied credential was not valid. |
insufficient_scope | 403 | The token lacks the required scope. |
signature_invalid | 400 | A request-signed call failed signature verification. |
server_error | 500 | An unexpected server-side error occurred. |
temporarily_unavailable | 503 | The service is briefly unavailable. |
Webhook, partner-plane and endpoint-specific codes
These codes occur on specific surfaces — webhooks, the partner plane, MCP, CMS and support.
| Code | Status | Meaning |
|---|---|---|
webhook_signature_missing | 400 | A webhook arrived without a signature header. |
webhook_signature_invalid | 400 | A webhook signature failed verification. |
webhook_endpoint_url_invalid | 422 | A webhook endpoint URL was rejected. |
webhook_endpoint_limit | 422 | The endpoint limit was reached. |
webhook_event_unknown | 422 | An unknown event type was subscribed to. |
idempotency_key_malformed | 400 | The idempotency key was not a valid format. |
idempotency_key_in_progress | 409 | A request with this key is still being processed. |
token_expired | 401 | The OAuth access token has expired. |
token_revoked | 401 | The credential was revoked. |
audience_mismatch | 401 | The token audience did not match this API. |
scope_not_granted | 403 | The token is missing a specific required scope. |
account_suspended | 403 | The partner account is suspended. |
mcp_method_not_found | 404 | An MCP JSON-RPC method was not recognised. |
mcp_tool_not_found | 404 | An MCP tool name was not recognised. |
mcp_invalid_params | 422 | MCP tool parameters failed validation. |
cms_page_not_found | 404 | The requested CMS page key does not exist. |
support_message_too_long | 422 | A support chat message exceeded the length limit. |
support_session_closed | 409 | The support chat session is already closed. |
request_body_too_large | 422 | The whole request body exceeded the size cap. |
unsupported_media_type | 415 | The content type is not supported. |
method_not_allowed | 405 | The HTTP method is not allowed on this route. |
Frequently asked questions
Are new error codes added over time?
Yes, additively. Handle unknown codes by falling back to the HTTP status class — a code you do not recognise under a 429 is still rate limiting, under a 5xx is still a server error.
Is the code the same across every endpoint?
A given code always means the same thing wherever it appears. Some codes are endpoint-specific (they can only occur on one route), but their meaning never varies.
Related reading
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
