HTTP Status Codes

HTTP status codes are used to communicate the success or failure of a request to a resource. The predominant status codes are:

CodeDescription
200Everything worked as expected
400Invalid user input
401Invalid or missing credentials
403Missing permissions
404Item not found

In general all codes that are defined by the HTTP/1.1 standard can occur.

If the status code is not 200, the request should be considered failed and throwing an exception is recommended. A JSON object will be returned that contains a detailed error message for debugging.

Error 401
{
  "code": 401,
  "message": "Credentials required."
}

Errors Header Information

To give the client more detailed information about the problem many error pages contain the HTTP header X-API-Error. The table below contains the possible values to be obtained through this header, with a brief description of the problem.

X-API-Error ValueDescription

INVALID_ACCESS_TOKEN

Provided access token is invalid

INVALID_CREDENTIALS

Provided credentials are invalid

NO_APPLICATION_ACCESS

Not authorized to access application

BLOCKED_CLOUD

Not available in the cloud

BLOCKED_LDAP

Access blocked while LDAP is enabled

BLOCKED_ROLE

A blocked user role is set

FORM_NOT_FOUND

Request must have the requested form, but it was not found

INACTIVE_APPLICATION

The application is not active and has to be reactivated

INVALID_IP

IP address is not whitelisted

INVALID_LICENSE

No valid license was found

INVALID_MFA

MFA token is not correct

INVALID_REGEX_PATTERN

Regular expression is not valid

NO_ISSUE_ACCESS

Not authorized to access issue

MISSING_APPLICATION

Application does not exist

MISSING_CLOUD

Only available in the cloud

MISSING_EMAIL_CONFIG

Only available with valid email configuration

MISSING_LDAP

Access blocked while LDAP is disabled

MISSING_ORGANIZATION

Organization does not exist

MISSING_ROLE

A required user role is missing

NO_ORGANIZATION_ACCESS

Not authorized to access organization

NO_QUOTA_ACCESS

Not authorized to access quota

NO_SCAN_ACCESS

Not authorized to access scan

TOO_MANY_REQUESTS

Too many requests made, resource is temporary blocked

TOO_MANY_USERS

Too many enabled users