Error Response Format
All errors follow RFC 7807 Problem Details for HTTP APIs:Response Fields
Error Code Structure
Error codes follow a string-based, domain-prefixed structure:- Format:
CATEGORY_ERROR_NAME - Categories:
AUTH_*- Authentication errorsVALIDATION_*- Validation errorsSESSION_*- Session management errorsPROVIDER_*- Provider-specific errorsSYSTEM_*- System errorsRESOURCE_*- Resource errors
Authentication Errors
Code:
AUTH_INVALID_CREDENTIALS
HTTP Status: 401Invalid client credentials (Client ID or Client Secret incorrect)Common Causes:- Wrong Client ID or Client Secret
- Using sandbox credentials in production or vice versa
- Credentials have been rotated
Code:
AUTH_INVALID_GRANT
HTTP Status: 400Invalid grant provided (OAuth2 standard error)Common Causes:- Authorization code has expired
- Authorization code has been used already
Code:
AUTH_INVALID_CLIENT
HTTP Status: 401Client authentication failed (OAuth2 standard error)Common Causes:- Client doesn’t exist
- Client is disabled
- Authentication method not allowed for client
Code:
AUTH_FORBIDDEN
HTTP Status: 403Access denied. The authenticated user does not have permission to access the requested resource.Common Causes:- Unauthorized origin attempting access
- Insufficient permissions for the resource
- Action not allowed for the authenticated client
Validation Errors
Code:
VALIDATION_MISSING_PARAMETER
HTTP Status: 400Required parameter is missing from the requestCommon Causes:- Missing required query parameters
- Missing required body fields
- Empty request body
Code:
VALIDATION_INVALID_PARAMETER
HTTP Status: 400Parameter value is invalidCommon Causes:- Invalid format (e.g., email, URL)
- Value out of allowed range
- Unsupported parameter value
Code:
VALIDATION_MISSING_USER_DATA
HTTP Status: 400Required user data is missingCommon Causes:- Provider didn’t return required attributes
- User didn’t consent to required scopes
Code:
VALIDATION_INVALID_USER_DATA
HTTP Status: 400User data format is invalidCommon Causes:- Malformed data from provider
- Data validation failed
Code:
VALIDATION_REDIRECT_URI_REQUIRED
HTTP Status: 400Redirect URI is required but not providedCommon Causes:- No default redirect URI configured
- Public client without redirect URI
Session Management Errors
Code:
SESSION_NOT_FOUND
HTTP Status: 404Session does not existCommon Causes:- Invalid session ID
- Session has expired
- Session was deleted
Code:
SESSION_VERIFICATION_NOT_FOUND
HTTP Status: 404Verification session not foundCommon Causes:- Invalid verification ID
- Verification has expired
- Wrong environment (sandbox vs production)
Code:
SESSION_INVALID_STATUS_TRANSITION
HTTP Status: 409Invalid session status transitionCommon Causes:- Session already completed
- Session was cancelled
- Attempting invalid state change
Code:
SESSION_INVALID_FLOW
HTTP Status: 400Invalid verification flowCommon Causes:- Unsupported flow type for provider
- Flow parameters are invalid
- Flow not enabled for application
Provider Errors
Code:
PROVIDER_NOT_FOUND
HTTP Status: 404Provider not foundCommon Causes:- Invalid provider ID
- Provider not available in region
- Typo in provider identifier
Code:
PROVIDER_NOT_ENABLED
HTTP Status: 403Provider is not enabled for this applicationCommon Causes:- Provider not configured in Console
- Provider disabled for maintenance
- Account doesn’t have access to provider
Code:
PROVIDER_INITIALIZATION_FAILED
HTTP Status: 502Provider initialization failedCommon Causes:- Provider service is down
- Network connectivity issues
- Invalid provider configuration
Code:
PROVIDER_ERROR
HTTP Status: 502Generic provider errorCommon Causes:- Provider returned an error
- Provider timeout
- Unexpected provider response
Code:
PROVIDER_UNAVAILABLE
HTTP Status: 503Provider service is unavailableCommon Causes:- Provider maintenance
- Provider service outage
- Rate limited by provider
Code:
PROVIDER_CONFIGURATION_ERROR
HTTP Status: 400The provider configuration is invalid or incomplete.Common Causes:- Missing required configuration values
- Invalid configuration format
- Incomplete provider setup
Code:
PROVIDER_AUTHENTICATION_FAILED
HTTP Status: 401Authentication with the eID provider failed.Common Causes:- Invalid provider credentials
- Provider API key expired
- Authentication token invalid
Code:
PROVIDER_UNEXPECTED_RESPONSE
HTTP Status: 502The provider returned an unexpected or invalid response.Common Causes:- Empty response from provider
- Malformed response data
- Unexpected response format
System Errors
Code:
SYSTEM_INTERNAL_ERROR
HTTP Status: 500Internal server errorCommon Causes:- Unexpected system error
- Database connection issues
- Configuration errors
Code:
SYSTEM_UNSUPPORTED_MODE
HTTP Status: 501Requested mode or feature is not supportedCommon Causes:- Feature not implemented
- Deprecated functionality
- Invalid operation mode
Resource Errors
Generic resource errors for CRUD operations.Code:
RESOURCE_NOT_FOUND
HTTP Status: 404The requested resource was not found.Common Causes:- Invalid resource identifier
- Resource has been deleted
- Resource does not exist
Code:
RESOURCE_CONFLICT
HTTP Status: 409A conflict occurred with the current state of the resource (e.g., duplicate entry).Common Causes:- Resource already exists with the same identifier
- Duplicate entry attempt
- Concurrent modification conflict
Error Categories
Errors are categorized for proper handling:Error Handling Best Practices
Retry Strategy
- Retryable Errors
- Non-Retryable Errors
User Communication
Error Context
Always include relevant context when logging errors:Support
For persistent errors or issues not covered here:Developer Support
Email: dev@hopae.comInclude in your report:
- Error code
- Timestamp
- Verification ID (if available)
- Environment (Sandbox/Production)
- Request ID from headers

