The following document provides reference information about the error messages and status codes
that are used in the Cloud Storage XML API. For error messages and status codes used by the
Cloud Storage JSON API, see this page.
Cloud Storage uses the standard HTTP error reporting format. Successful requests return
HTTP status codes in the 2xx range. Failed requests return status codes in the 4xx and 5xx ranges.
Requests that require a redirect returns status codes in the 3xx range. Error responses usually
include an XML document in the response body, which contains information about the error.
The following is an example of an error response.
The following are descriptions of the HTTP status and error codes that Cloud Storage uses.
Error Name |
Description |
AmbiguousGrantByEmailAddress |
The e-mail address you provided is associated with more than one account. |
BadDigest |
The Content-MD5 or x-goog-hash you specified
did not match what we received. |
CloudKmsBadKey |
Bad Cloud KMS key. |
CloudKmsCannotChangeKeyName |
Cloud KMS key name cannot be changed. |
CloudKmsDecryptionKeyNotFound |
Resource's Cloud KMS decryption key not found. |
CloudKmsDisabledKey |
Cloud KMS key is disabled, destroyed, or scheduled to be destroyed. |
CloudKmsEncryptionKeyNotFound |
Cloud KMS encryption key not found. |
CloudKmsKeyLocationNotAllowed |
Cloud KMS key location not allowed. |
CredentialsNotSupported |
This request does not support credentials. |
CrcMismatch |
The CRC32C you specified did not match what we computed. |
CustomerEncryptionAlgorithmIsInvalid |
Missing an encryption algorithm, or the provided algorithm is not "AE256." |
CustomerEncryptionKeyFormatIsInvalid |
Missing an encryption key, or it is not Base64 encoded, or it does not meet the required
length of the encryption algorithm. |
CustomerEncryptionKeyIsIncorrect |
The provided encryption key is incorrect. |
CustomerEncryptionKeySha256IsInvalid |
Missing a SHA256 hash of the encryption key, or it is not Base64 encoded, or it does not
match the encryption key. |
DotfulBucketNameNotUnderTld |
The specified bucket contains a '.' but is not under a currently recognized top-level domain. |
EntityTooSmall |
Your proposed upload is smaller than the minimum allowed object size. |
EntityTooLarge |
Your proposed upload exceeds the maximum allowed object size. |
ExcessHeaderValues |
Multiple HTTP header values where one was expected. |
ExpiredToken |
The provided token has expired. |
IncompleteBody |
You did not provide the number of bytes specified by the Content-Length HTTP header. |
IncorrectNumberOfFilesInPostRequest |
POST requires exactly one file upload per request. |
IllegalEndpoint |
Upload-only and download-only endpoints may only be used for uploading or downloading
object, respectively. |
InlineDataTooLarge |
Inline data exceeds the maximum allowed size. |
InvalidArgument |
Invalid argument. |
InvalidAuthentication |
The authentication header provided in the request is not supported
or is invalid. |
InvalidBucketName |
The specified bucket is not valid. |
InvalidComponentCount |
Composite attempted with too many or too few components in the request. |
InvalidCrc |
The CRC32c you specified was invalid. |
InvalidDigest |
The Content-MD5 you specified was invalid. |
InvalidDotfulBucketName |
The specified bucket contains a '.' but is not syntactically valid. |
InvalidHash |
The x-goog-hash header you specified
was invalid. |
InvalidLocationConstraint |
The specified location constraint is not valid. You cannot specify locations with the
Cloud Storage API. |
InvalidPart |
One or more of the specified parts could not be found. The part might
not have been uploaded, or the specified entity tag might not match the
part's entity tag. |
InvalidPartOrder |
The parts list given in the request to complete a multipart upload is
invalid. The parts list must be in ascending order by part number. |
InvalidPolicyDocument |
The content of the form does not meet the conditions specified in the policy document. |
InvalidStorageClass |
The storage class you specified is not valid. |
InvalidLocationConstraintStorageClassCombination |
The combination of location and
storage class specified is
not supported. For example, buckets in regions cannot use the
MULTI_REGIONAL storage class, and buckets in multi-regions
cannot use the REGIONAL storage class. |
InvalidObjectName |
The specified object name is not valid. |
InvalidTargetBucketForLogging |
The target bucket for logging does not exist, or does not grant write permission to the
group "cloud-storage-analytics@google.com". See
setting up log delivery. |
InvalidToken |
The provided token is malformed or otherwise invalid. |
InvalidURI |
Couldn't parse the specified URI. |
KeyTooLong |
Your object name is too long. |
MalformedACLError |
The XML you provided was not well-formed or did not validate against our published schema. |
MalformedHeaderValue |
An HTTP header value was malformed. |
MalformedPOSTRequest |
The body of your POST request is not well-formed multipart/form-data. |
MalformedXML |
This happens when the user sends a malformed XML (XML that doesn't conform to the
published XSD) for the configuration. |
MaxMessageLengthExceeded |
Your request was too big. |
MaxPostPreDataLengthExceededError |
Your POST request fields preceding the upload file were too large. |
MetadataTooLarge |
Your metadata headers exceed the maximum allowed metadata size. |
MissingRequestBodyError |
This happens when the user sends an empty XML document as a request. |
MissingSecurityHeader |
Your request was missing a required header. |
NoLoggingStatusForKey |
There is no such thing as a logging status sub-resource for a key. |
NotImplemented |
A header or query you provided requested a function that is not implemented. |
NoMd5Provided |
MD5 is required for the requested operation but was not provided. |
RequestIsNotMultiPartContent |
Bucket POST must be of the enclosure-type multipart/form-data. |
RequestTimeout |
Your socket connection to the server was not read from or written to within the timeout
period. |
ResourceIsEncryptedWithCustomerEncryptionKey |
The resource is encrypted with a customer-supplied encryption key, but the request did not
provide one. |
ResourceNotEncryptedWithCustomerEncryptionKey |
The resource is not encrypted with a customer-supplied encryption key, but the request
provided one. |
SecureConnectionRequired |
A secure connection is required to process this request. |
TokenRefreshRequired |
The provided token must be refreshed. |
UnexpectedContent |
This request does not support content. |
UnresolvableGrantByEmailAddress |
The e-mail address you provided does not match any account on record. |
UnsupportedAcl |
The ACL you specified is not supported. For more information about the ACLs that
Cloud Storage supports, see Access Control. |
UserKeyMustBeSpecified |
The bucket POST must contain the specified field name. If it is specified, please check
the order of the fields. |
UserProjectInvalid |
The user project specified in the request is invalid, either because it is a malformed
project id or because it refers to a non-existent project. |
UserProjectMissing |
The requested bucket has Requester Pays enabled, the requester is not an owner of the
bucket, and no user project was present in the request. |
Error Name |
Description |
AccessDenied |
Access denied. This applies to any object you don't have access to, regardless of
whether or not the object actually exists. |
AccountProblem |
There is a problem with your user account that prevents the operation from completing
successfully. One issue could be billing. Check
the billing page to see if you
have a past due balance or if the credit card (or other payment mechanism) on your account
is expired. |
AnotherUserOwnsDomain |
The bucket you tried to create is a domain name owned by another user. |
BucketAlreadyExists |
The requested bucket name is not available. The bucket namespace is shared by all users
of the system. Please select a different name and try again. |
CrossLocationLoggingProhibited |
Cross location logging not allowed. A bucket in one location cannot log information
to a bucket in another location. |
DomainVerificationRequired |
The bucket you tried to create requires
domain ownership
verification. |
InsufficientQuota |
The user does not have enough quota to complete this operation. |
InvalidAccessKeyId |
The User Id you provided does not exist in our records. |
InvalidPayer |
All access to this object has been disabled. |
InvalidSecurity |
The provided security credentials are not valid. |
ObjectUnderActiveHold |
Object replacement or deletion is not allowed due to an
active hold on the object. |
RequestTimeTooSkewed |
The difference between the request time and the server's time is too
large. For a request that uses a signature in its
Authorization header, the maximum difference in time allowed
between the request and the backend system time is 15 minutes. |
RetentionPolicyNotMet |
Object replacement or deletion is not allowed until the object meets the retention period set
by the retention policy on the
bucket. |
SignatureDoesNotMatch |
The request signature we calculated does not match the signature you provided. Check
your Google secret and signing method. |
The requester is not authorized to use the project specified in the
x-goog-user-project header of their request. The requester
must have the serviceusage.services.use permission for the
specified project. |
UserProjectAccountProblem |
There is a problem with the project used in the request that prevents
the operation from completing successfully. One issue could be billing.
Check the billing page to see if you
have a past due balance or if the credit card (or other payment mechanism)
on your account is expired. For project creation,
see the Projects page in the
Google Cloud console. |