This is completely vanilla as per the OAuth 2.0 standard specification. This overview is available for informational purpose and to highlight difference between the Sell API standard errors response format and the OAuth authorization error response format.


An error response will specify the Content-Language of the response and have the Content-Type parameter set to application/json; charset=utf-8. In addition, the Authorization Server includes the Cache-Control: no-store and Pragma: no-cache headers in order to prevent any intermediate cache servers from storing responses with any sensitive information.


Body

The basic structure of an error response is a JSON object that holds error information at the highest object level. Error fields are described the table below.

NameDescription
errorThe error code. One of Error Codes
error_descriptionAn optional human readable error description in a language specified by the Content-Language header.
error_uriAn optional link to resources that can be helpful for problem solving.

Example

Content-Type: application/json; charset=utf-8Content-Language: enCache-Control: no-storePragma: no-cacheVary: Content-Language
{  "error": "access_denied",  "error_description": "Access denied.",  "error_uri": "https://developers.getbase.com/docs/rest/articles/oauth2/errors"}

HTTP status codes summary

OAuth authorization requests can produce responses with the following HTTP status codes.

HTTP Status CodeHTTP Status MessageMeaning
200OKEverything worked as expected. The response includes a non empty body.
400Bad RequestReturned with every error except for those specified below.
401UnauthorizedReturned only with either invalid_client or invalid_token errors.
403ForbiddenReturned only with insufficient_scope error.

Error Codes

Below you will find a summary of error codes and corresponding HTTP status codes for every OAuth flow Sell supports.


Requesting an Authorization via /oauth2/authorize

Error CodeHTTP Status CodeMeaning
invalid_request400The request is malformed, a required parameter is missing or a parameter has an invalid value.
unauthorized_client400The client is not authorized.
access_denied400The resource owner denied the request for authorization.
unsupported_response_type400Unsupported response type.
invalid_scope400The scope is malformed or invalid.
server_error400Unexpected error.
temporarily_unavailable400The authorization server is not able to handle the request.

Requesting an Access Token via /oauth2/token

Error CodeHTTP Status CodeMeaning
invalid_request400The request is malformed, a required parameter is missing or a parameter has an invalid value.
invalid_client401Client authentication failed.
invalid_grant400Invalid authorization grant, grant invalid, grant expired, or grant revoked.
unauthorized_client400Client is not authorized to use the grant.
unsupported_grant_type400Authorization grant is not supported by the Authorization Server.
invalid_scope400The scope is malformed or invalid.

Revoking a Token via /oauth2/token/revoke

Error CodeHTTP Status CodeMeaning
invalid_request400The request is malformed, a required parameter is missing or a parameter has an invalid value.
invalid_client401Client authentication failed.
invalid_grant400Invalid authorization grant, grant invalid, grant expired, or grant revoked.
unauthorized_client400Client is not authorized to use the grant.
unsupported_grant_type400Authorization grant is not supported by the Authorization Server.
invalid_scope400The scope is malformed or invalid.
unsupported_token_type400The Authorization Server does not support revocation of the presented token type.