Identity Cloud Registration provides access to advanced features through an API that requires only the ability to POST HTTP requests and parse JSON responses. You can use these requests to retrieve contact data, map an identity to multiple accounts, gain access to analytics, and more. The consistent format allows you to communicate with your application and relay the results to your own site.
The error response always contains at least the following fields:
- code: an integer error code.
- error: a machine-readable string code.
- error_description: a text description of the error.
There is a 1-to-1 relationship between the integer codes and the string codes. We provide both for your convenience.
Whenever an API call fails (user error or unexpected error), the response includes a field called request_token, which is a generated string of 16 characters. The token is included in our internal API logs. When you submit a support ticket, you should include the request_token so that we can check our logs and find the exact API call and error.
Some errors may contain additional fields. The error codes and their extra fields are enumerated below.
The error codes are grouped into the following categories:
- 100: missing argument.
- 200-399: errors in this range occur when an argument is invalid in some way.
- 300-399: errors in this range occur when creating, updating or querying records.
- 340-369: errors in this range occur when a record value violates the schema. 340-359 are for data type errors and 360-379 are for constraint errors.
- 400-499: authentication and permission errors, including expired tokens or codes and OAuth errors.
- 500: unexpected internal error.
Any code that is a multiple of 100 or 10 is a catch-all for the codes below it, and may be split off into more specific codes in the future. The error codes that are most likely to change are 200, 320, and 330.
A required argument was not supplied.
The argument was malformed, or its value was invalid for some other reason.
Two or more supplied arguments may not have been included in the same call. For example, both id and uuid in entity.update.
The request used an http auth method other than Basic or OAuth.
The username/password combination supplied was incorrect.
An email/password combination was supplied, but the account is Social Sign-in only.
An email/password combination was supplied, but the email address doesn’t exist.
An email/password combination was supplied, and the email is valid, but the password is wrong.
Occurs if password history has been enabled and you use the /oauth/update_profile_native endpoint to try and reuse a previously-used password.
The application ID does not exist.
The entity type does not exist.
An attribute does not exist. This can occur when trying to create or update a record, or when modifying an attribute.
No application exists on this domain.
The flow is misconfigured and needs to be updated.
Attempted to create an entity type that already exists.
Attempted to create an attribute that already exists.
Attempted to modify a reserved attribute. This can occur if you try to delete, rename, or write to a reserved attribute.
There was an error while creating a new record.
Referred to an entity or plural element that does not exist.
Attempted to specify a record ID in a new entity or plural element.
The created or lastUpdated value does not match the supplied argument.
A JSON value was not formatted correctly according to the attribute type in the schema.
A value did not match the expected JSON type according to the schema.
A date or dateTime value was not valid, for example if it was not formatted correctly or was out of range.
Occurs if password history has been enabled and you use the entity.update endpoint to try and reuse a previously-used password.
A constraint was violated.
A unique or locally-unique constraint was violated.
An attribute with the required constraint was either missing or set to null.
A string value violated an attribute’s length constraint.
You are attempting to register a new user, but a user already exists with that email address. Typically the next step when receiving this error is to merge accounts.
The data you submitted did not pass form validation. For example, an invalid email address.
This error is also generated if you exceed the allowed number of login attempts. In that case, you'll get the error message "Too many attempts. Please try again later."
The client ID does not exist or the client secret is wrong.
The client does not have permission to perform the action (that is, it needs a feature).
The supplied authorization_code is not valid because the user’s access grant has been deleted.
The supplied access_token has expired.
The supplied authorization_code has expired.
The supplied verification_code has expired.
The supplied creation_token has expired.
The redirectUri did not match. Occurs in the oauth/token API call with the authorization_code grant type.
The API call was temporarily disabled for maintenance, and will be available again shortly.
An unexpected internal error.
This error is generated any time your request rate limits (such as the allowed number of registration requests) are exceeded.
An error was triggered in the flow.