API reference

Error code: signature_invalid

signature_invalid returns HTTP 400 with type: invalid_request_error. A request-signed call failed signature verification. Branch on this code — it is stable — and apply the fix below.

2 min read

400HTTP status
signature_invaliderror.code
FixHandling

What triggers it

A request-signed call failed signature verification. A wrong signing key, a modified body, or a clock skew beyond tolerance.

Example response

{
  "error": {
    "type": "invalid_request_error",
    "code": "signature_invalid",
    "message": "A request-signed call failed signature verification."
  }
}

How to fix it

Recompute the signature over the raw body with the correct key; check the timestamp.

This is deterministic: the same request will fail again until fixed. See the HTTP 400 page for the class.

In practice

In a well-built client, signature_invalid is handled by branching on error.code rather than on the human error.message, which may be reworded over time. The HTTP status (400) gives the broad invalid_request_error class; the code gives the specifics; and, on field errors, error.param pinpoints the input to fix.

This code is deterministic — retrying the identical request reproduces it — so keep it out of your retry path and instead map it to a clear, actionable message. See Map errors to user-facing messages and Read the error envelope for the pattern.

Frequently asked questions

Is signature_invalid safe to retry?

No. It is deterministic; retrying the identical request produces the identical error. Fix the cause first.

Will this code ever change?

No. Error codes are stable contract. The human message may be reworded, but the code you branch on will not change.

Do I branch on the code or the HTTP status?

Both — the status for the retry-or-not decision, the code for the specific behaviour. See the error envelope.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.