This page applies to Apigee and Apigee hybrid.
View Apigee Edge documentation.
This topic provides HTTP status codes you may encounter when an OAuth policy throws errors in Apigee.
For guidance on handling errors, see Handling faults.
For policy-specific error codes, see OAuth v2 policy error reference.
Authorization Code
Invalid Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid redirection uri http://www.invalid_example.com"}
No Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Redirection URI is required"}
Invalid Key
HTTP/1.1 401 Unauthorized {"ErrorCode" : "invalid_request", "Error" :"Invalid client id : AVD7ztXReEYyjpLFkkPiZpLEjeF2aYAz. ClientId is Invalid"}
Missing Key
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : client_id"}
Invalid Response Type
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Response type must be code"}
Missing Response Type
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : response_type"}
Generate AccessToken
Invalid Auth Code
HTTP status: 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid Authorization Code"}
No Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Required param : redirect_uri"}
Invalid Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid redirect_uri : oob"}
Invalid Client ID when GenerateResponse is false
This error is returned when the <GenerateResponse>
property is set to
false and the client credentials are invalid.
{ "fault": { "faultstring": "Invalid client identifier {0}", "detail": { "errorcode": "oauth.v2.InvalidClientIdentifier" } } }
Invalid Client ID when GenerateResponse is true
This error is returned when the <GenerateResponse>
property is set to
true and the client credentials are invalid.
{"ErrorCode" : "invalid_client", "Error" :"ClientId is Invalid"}
Invalid GrantType
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Unsupported grant type : client_credentials_invalid"}
No Username
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Required param : username"}
No Password
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Required param : password"}
No GrantType (Custom Policy)
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}
No AuthCode
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Required param : code"}
Implicit
Invalid Client ID
HTTP/1.1 401 Unauthorized {"ErrorCode" : "invalid_request", "Error" :"Invalid client id : AVD7ztXReEYyjpLFkkPiZpLEjeF2aYAz. ClientId is Invalid"}
No Client ID
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : client_id"}
Invalid Response Type
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Response type must be token"}
No Response Type
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : response_type"}
Invalid Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid redirection uri http://www.invalid_example.com"}
No Redirect URI
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Redirection URI is required"}
Refresh Token
Invalid RefreshToken
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid Refresh Token"}
Expired RefreshToken
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Refresh Token expired"}
Invalid Scope
HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Invalid Scope"}
Invalid Client ID when GenerateResponse is false
This error is returned when the GenerateResponse property is set to false and the client credentials are invalid.
{ "fault": { "faultstring": "Invalid client identifier {0}", "detail": { "errorcode": "oauth.v2.InvalidClientIdentifier" } } }
Invalid Client ID when GenerateResponse is true
This error is returned when the GenerateResponse property is set to true and the client credentials are invalid.
{"ErrorCode" : "invalid_client", "Error" :"ClientId is Invalid"}
Verify AccessToken
Invalid AccessToken
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"Invalid Access Token","detail":{"errorcode":"keymanagement.service.invalid_access_token"}}}
Invalid Resource
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"APIResource \/facebook\/acer does not exist","detail":{"errorcode":"keymanagement.service.apiresource_doesnot_exist"}}}
Invalid Scope
HTTP/1.1 403 Forbidden {"fault":{"faultstring":"Required scope(s) : VerifyAccessToken.scopeSet","detail":{"errorcode":"steps.oauth.v2.InsufficientScope"}}}
No Auth Header
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}
No match for ApiProduct (With Env & Proxy Configured)
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"Invalid API call as no apiproduct match found","detail":{"errorcode":"keymanagement.service.InvalidAPICallAsNoApiProductMatchFound"}}}
Access token expired
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"Access Token expired","detail":{"errorcode":"keymanagement.service.access_token_expired"}}}
Access token revoked
HTTP/1.1 401 Unauthorized {"fault":{"faultstring":"Access Token not approved","detail":{"errorcode":"keymanagement.service.access_token_not_approved"}}}
Get OAuth V2 Info
Invalid Refresh Token
HTTP/1.1 404 Not Found {"fault::{"detail":{"errorcode":"keymanagement.service.invalid_refresh_token"},"faultstring":"Invalid Refresh Token"}}
Invalid Access Token
HTTP/1.1 404 Not Found { "fault": { "faultstring": "Invalid Access Token", "detail": { "errorcode": "keymanagement.service.invalid_access_token" } } }
Expired Access Token
HTTP/1.1 500 Not Found { "fault": { "faultstring": "Access Token expired", "detail": { "errorcode": "keymanagement.service.access_token_expired" } } }
Expired Refresh Token
HTTP/1.1 500 Not Found { "fault": { "faultstring": "Refresh Token expired", "detail": { "errorcode": "keymanagement.service.refresh_token_expired" } } }
Invalid Client ID
HTTP/1.1 404 Not Found { "fault": { "faultstring": "Invalid Client Id", "detail": { "errorcode": "keymanagement.service.invalid_client-invalid_client_id" } } }
Invalid Authorization Code
HTTP/1.1 404 Not Found { "fault": { "faultstring": "Invalid Authorization Code", "detail": { "errorcode": "keymanagement.service.invalid_request-authorization_code_invalid" } } }
Expired Authorization Code
HTTP/1.1 500 Not Found { "fault": { "faultstring": "Authorization Code expired", "detail": { "errorcode": "keymanagement.service.authorization_code_expired" } } }
Set OAuth V2 Info
Invalid Access Token
HTTP/1.1 404 Not Found { "fault": { "faultstring": "Invalid Access Token", "detail": { "errorcode": "keymanagement.service.invalid_access_token" } } }
Expired Access Token
HTTP/1.1 500 Not Found { "fault": { "faultstring": "Access Token expired", "detail": { "errorcode": "keymanagement.service.access_token_expired" } } }
Delete OAuth V2 Info
On success, the policy returns a 200 status.
On failure, the policy returns 404 and output similar to the following (depending on whether you are deleting an access token or an auth code):
HTTP/1.1 404 Not Found Content-Type: application/json Content-Length: 144 Connection: keep-alive {"fault":{"faultstring":"Invalid Authorization Code","detail":{"errorcode":"keymanagement.service.invalid_request-authorization_code_invalid"}}}