Skip to main content

Error Response Format

All errors follow RFC 7807 Problem Details for HTTP APIs:

Response Fields

Error Code Structure

Error codes follow a string-based, domain-prefixed structure:
  • Format: CATEGORY_ERROR_NAME
  • Categories:
    • AUTH_* - Authentication errors
    • VALIDATION_* - Validation errors
    • SESSION_* - Session management errors
    • PROVIDER_* - Provider-specific errors
    • SYSTEM_* - System errors
    • RESOURCE_* - Resource errors

Authentication Errors

Invalid Credentials
error
Code: AUTH_INVALID_CREDENTIALS HTTP Status: 401Invalid client credentials (Client ID or Client Secret incorrect)Common Causes:
  • Wrong Client ID or Client Secret
  • Using sandbox credentials in production or vice versa
  • Credentials have been rotated
Invalid Grant
error
Code: AUTH_INVALID_GRANT HTTP Status: 400Invalid grant provided (OAuth2 standard error)Common Causes:
  • Authorization code has expired
  • Authorization code has been used already
Invalid Client
error
Code: AUTH_INVALID_CLIENT HTTP Status: 401Client authentication failed (OAuth2 standard error)Common Causes:
  • Client doesn’t exist
  • Client is disabled
  • Authentication method not allowed for client
Forbidden
error
Code: AUTH_FORBIDDEN HTTP Status: 403Access denied. The authenticated user does not have permission to access the requested resource.Common Causes:
  • Unauthorized origin attempting access
  • Insufficient permissions for the resource
  • Action not allowed for the authenticated client
Example Response:

Validation Errors

Missing Parameter
error
Code: VALIDATION_MISSING_PARAMETER HTTP Status: 400Required parameter is missing from the requestCommon Causes:
  • Missing required query parameters
  • Missing required body fields
  • Empty request body
Invalid Parameter
error
Code: VALIDATION_INVALID_PARAMETER HTTP Status: 400Parameter value is invalidCommon Causes:
  • Invalid format (e.g., email, URL)
  • Value out of allowed range
  • Unsupported parameter value
Missing User Data
error
Code: VALIDATION_MISSING_USER_DATA HTTP Status: 400Required user data is missingCommon Causes:
  • Provider didn’t return required attributes
  • User didn’t consent to required scopes
Invalid User Data
error
Code: VALIDATION_INVALID_USER_DATA HTTP Status: 400User data format is invalidCommon Causes:
  • Malformed data from provider
  • Data validation failed
Redirect URI Required
error
Code: VALIDATION_REDIRECT_URI_REQUIRED HTTP Status: 400Redirect URI is required but not providedCommon Causes:
  • No default redirect URI configured
  • Public client without redirect URI

Session Management Errors

Session Not Found
error
Code: SESSION_NOT_FOUND HTTP Status: 404Session does not existCommon Causes:
  • Invalid session ID
  • Session has expired
  • Session was deleted
Verification Not Found
error
Code: SESSION_VERIFICATION_NOT_FOUND HTTP Status: 404Verification session not foundCommon Causes:
  • Invalid verification ID
  • Verification has expired
  • Wrong environment (sandbox vs production)
Invalid Status Transition
error
Code: SESSION_INVALID_STATUS_TRANSITION HTTP Status: 409Invalid session status transitionCommon Causes:
  • Session already completed
  • Session was cancelled
  • Attempting invalid state change
Invalid Flow
error
Code: SESSION_INVALID_FLOW HTTP Status: 400Invalid verification flowCommon Causes:
  • Unsupported flow type for provider
  • Flow parameters are invalid
  • Flow not enabled for application

Provider Errors

Provider Not Found
error
Code: PROVIDER_NOT_FOUND HTTP Status: 404Provider not foundCommon Causes:
  • Invalid provider ID
  • Provider not available in region
  • Typo in provider identifier
Provider Not Enabled
error
Code: PROVIDER_NOT_ENABLED HTTP Status: 403Provider is not enabled for this applicationCommon Causes:
  • Provider not configured in Console
  • Provider disabled for maintenance
  • Account doesn’t have access to provider
Initialization Failed
error
Code: PROVIDER_INITIALIZATION_FAILED HTTP Status: 502Provider initialization failedCommon Causes:
  • Provider service is down
  • Network connectivity issues
  • Invalid provider configuration
Provider Error
error
Code: PROVIDER_ERROR HTTP Status: 502Generic provider errorCommon Causes:
  • Provider returned an error
  • Provider timeout
  • Unexpected provider response
Provider Unavailable
error
Code: PROVIDER_UNAVAILABLE HTTP Status: 503Provider service is unavailableCommon Causes:
  • Provider maintenance
  • Provider service outage
  • Rate limited by provider
Provider Configuration Error
error
Code: PROVIDER_CONFIGURATION_ERROR HTTP Status: 400The provider configuration is invalid or incomplete.Common Causes:
  • Missing required configuration values
  • Invalid configuration format
  • Incomplete provider setup
Example Response:
Provider Authentication Failed
error
Code: PROVIDER_AUTHENTICATION_FAILED HTTP Status: 401Authentication with the eID provider failed.Common Causes:
  • Invalid provider credentials
  • Provider API key expired
  • Authentication token invalid
Example Response:
Provider Unexpected Response
error
Code: PROVIDER_UNEXPECTED_RESPONSE HTTP Status: 502The provider returned an unexpected or invalid response.Common Causes:
  • Empty response from provider
  • Malformed response data
  • Unexpected response format
Example Response:

System Errors

Internal Error
error
Code: SYSTEM_INTERNAL_ERROR HTTP Status: 500Internal server errorCommon Causes:
  • Unexpected system error
  • Database connection issues
  • Configuration errors
Action: Contact support if persists
Unsupported Mode
error
Code: SYSTEM_UNSUPPORTED_MODE HTTP Status: 501Requested mode or feature is not supportedCommon Causes:
  • Feature not implemented
  • Deprecated functionality
  • Invalid operation mode

Resource Errors

Generic resource errors for CRUD operations.
Resource Not Found
error
Code: RESOURCE_NOT_FOUND HTTP Status: 404The requested resource was not found.Common Causes:
  • Invalid resource identifier
  • Resource has been deleted
  • Resource does not exist
Example Response:
Resource Conflict
error
Code: RESOURCE_CONFLICT HTTP Status: 409A conflict occurred with the current state of the resource (e.g., duplicate entry).Common Causes:
  • Resource already exists with the same identifier
  • Duplicate entry attempt
  • Concurrent modification conflict
Example Response:

Error Categories

Errors are categorized for proper handling:

Error Handling Best Practices

Retry Strategy

User Communication

Error Context

Always include relevant context when logging errors:

Support

For persistent errors or issues not covered here:

Developer Support

Email: dev@hopae.comInclude in your report:
  • Error code
  • Timestamp
  • Verification ID (if available)
  • Environment (Sandbox/Production)
  • Request ID from headers