Errors
This is completely vanilla as per the OAuth 2.0 standard specification. This overview is available for informational purpose and to highlight difference between the Sell API standard errors response format and the OAuth authorization error response format.
Header
An error response will specify the Content-Language
of the response and have the Content-Type
parameter set to application/json; charset=utf-8
. In addition, the Authorization Server includes the Cache-Control: no-store
and Pragma: no-cache
headers in order to prevent any intermediate cache servers from storing responses with any sensitive information.
Body
The basic structure of an error response is a JSON object that holds error information at the highest object level. Error fields are described the table below.
Name | Description |
---|---|
error | The error code. One of Error Codes |
error_description | An optional human readable error description in a language specified by the Content-Language header. |
error_uri | An optional link to resources that can be helpful for problem solving. |
Example
Content-Type: application/json; charset=utf-8
Content-Language: en
Cache-Control: no-store
Pragma: no-cache
Vary: Content-Language
{
"error": "access_denied",
"error_description": "Access denied.",
"error_uri": "https://developers.getbase.com/docs/rest/articles/oauth2/errors"
}
HTTP status codes summary
OAuth authorization requests can produce responses with the following HTTP status codes.
HTTP Status Code | HTTP Status Message | Meaning |
---|---|---|
200 | OK | Everything worked as expected. The response includes a non empty body. |
400 | Bad Request | Returned with every error except for those specified below. |
401 | Unauthorized | Returned only with either invalid_client or invalid_token errors. |
403 | Forbidden | Returned only with insufficient_scope error. |
Error Codes
Below you will find a summary of error codes and corresponding HTTP status codes for every OAuth flow Sell supports.
Requesting an Authorization via /oauth2/authorize
Error Code | HTTP Status Code | Meaning |
---|---|---|
invalid_request | 400 | The request is malformed, a required parameter is missing or a parameter has an invalid value. |
unauthorized_client | 400 | The client is not authorized. |
access_denied | 400 | The resource owner denied the request for authorization. |
unsupported_response_type | 400 | Unsupported response type. |
invalid_scope | 400 | The scope is malformed or invalid. |
server_error | 400 | Unexpected error. |
temporarily_unavailable | 400 | The authorization server is not able to handle the request. |
Requesting an Access Token via /oauth2/token
Error Code | HTTP Status Code | Meaning |
---|---|---|
invalid_request | 400 | The request is malformed, a required parameter is missing or a parameter has an invalid value. |
invalid_client | 401 | Client authentication failed. |
invalid_grant | 400 | Invalid authorization grant, grant invalid, grant expired, or grant revoked. |
unauthorized_client | 400 | Client is not authorized to use the grant. |
unsupported_grant_type | 400 | Authorization grant is not supported by the Authorization Server. |
invalid_scope | 400 | The scope is malformed or invalid. |
Revoking a Token via /oauth2/token/revoke
Error Code | HTTP Status Code | Meaning |
---|---|---|
invalid_request | 400 | The request is malformed, a required parameter is missing or a parameter has an invalid value. |
invalid_client | 401 | Client authentication failed. |
invalid_grant | 400 | Invalid authorization grant, grant invalid, grant expired, or grant revoked. |
unauthorized_client | 400 | Client is not authorized to use the grant. |
unsupported_grant_type | 400 | Authorization grant is not supported by the Authorization Server. |
invalid_scope | 400 | The scope is malformed or invalid. |
unsupported_token_type | 400 | The Authorization Server does not support revocation of the presented token type. |