Error Handling

All API errors include an HTTP status code, a unique error code, and a descriptive message. This guide documents all possible errors that can occur when interacting with our APIs.

⚠️

Note: The Core API uses OAuth 2.0 compliant error responses, which have a different structure than the standard format. See the response format sections below for details.

Standard Error Response

All APIs except Core use the following error response structure:

{
    "timestamp": "2024-01-15T10:30:00.000Z",
    "moreInfo": "https://docs.neobits.no/",
    "errors": [
        {
            "name": "BadRequestError",
            "code": "400-001",
            "message": "Field 'ssn' is required"
        }
    ]
}
  • timestamp - ISO 8601 formatted date and time when the error occurred
  • moreInfo - URL to the documentation for more information
  • errors - Array of error objects containing:
  • name - The error type identifier
  • code - A unique error code in the format HTTP_STATUS-SEQUENCE
  • message - A human-readable description of the error

OAuth 2.0 Error Response (Core API)

The Core API follows the OAuth 2.0 specification for error responses:

{
    "error": "invalid_request",
    "error_code": "400-001",
    "error_uri": "https://docs.neobits.no/",
    "error_description": "Field 'client_id' is required",
    "error_timestamp": "2024-01-15T10:30:00.000Z"
}
  • error - OAuth 2.0 error code (e.g., invalid_request, unauthorized, access_denied)
  • error_code - A unique error code in the format HTTP_STATUS-SEQUENCE
  • error_uri - URL to the documentation for more information
  • error_description - A human-readable description of the error
  • error_timestamp - ISO 8601 formatted date and time when the error occurred

Error Types by HTTP Status Code

400
BadRequest
The request was invalid or malformed. This typically occurs due to validation errors, missing required fields, or invalid field values.
CodeCode NameDescriptionAPIs
400-000BadRequestGeneric bad request error
FuseCore
400-001FieldRequiredA required field is missing from the request
FuseCore
400-002FieldUnknownAn unknown or unexpected field was provided
FuseCore
400-003FieldValueInvalidThe field value is invalid or not allowed
FuseCore
400-004FieldTypeInvalidThe field type does not match the expected type
FuseCore
400-005FieldValueEmptyThe field value is empty when a value is required
FuseCore
400-006ResourceAlreadyExistsThe resource being created already exists
Fuse
400-007FeatureNotEnabledThe requested feature is not enabled for your account
Fuse
400-008UnknownAn unknown bad request error occurred
FuseCore
400-100PasswordWeakThe password does not meet security requirements
Core
400-101PasswordTooShortThe password is too short
Core
400-102InvalidEmailThe email address format is invalid
FuseCore
400-103InvalidUriThe URI format is invalid
FuseCore
400-104InvalidUuidThe UUID format is invalid
FuseCore
400-105InvalidLengthThe field length does not meet requirements
FuseCore
400-106InvalidPatternThe field does not match the required pattern
FuseCore
400-107InvalidFormatThe field format is invalid
FuseCore
400-108InvalidCodeChallengeThe PKCE code challenge is invalid
Core
400-109InvalidCodeChallengeMethodThe PKCE code challenge method is invalid
Core
400-110InvalidAuthorizationCodeThe authorization code is invalid
Core
400-111AuthorizationCodeExpiredThe authorization code has expired
Core
400-112AuthorizationCodeAlreadyUsedThe authorization code has already been used
Core

401
Unauthorized
Authentication is required but was not provided or is invalid. Verify your credentials and try again.
CodeCode NameDescriptionAPIs
401-000UnauthorizedGeneric unauthorized error - client is not authenticated
FuseCore
401-001InvalidCredentialsThe provided credentials are invalid
FuseCore
401-002InvalidTokenThe authentication token is invalid or expired
FuseCore
401-003AccountLockedThe account has been locked due to security reasons
Core
401-004AccountDisabledThe account has been disabled
Core
401-005EmailNotVerifiedThe email address has not been verified
Core
401-006ClientDisabledThe API client has been disabled
FuseCore
401-007InvalidAuthorizationFlowThe authorization flow is invalid or not supported
Core

403
Forbidden
The authenticated user does not have permission to access the requested resource.
CodeCode NameDescriptionAPIs
403-000ForbiddenGeneric forbidden error - access denied
FuseCore
403-001InsufficientPermissionsThe user lacks the required permissions for this action
FuseCore

404
NotFound
The requested resource could not be found. Verify the resource identifier and try again.
CodeCode NameDescriptionAPIs
404-000NotFoundGeneric not found error
FuseCore
404-001ResourceThe requested resource does not exist
FuseCore
404-002UpstreamThe resource was not found in an upstream service
Fuse

409
Conflict
The request conflicts with the current state of the resource.
CodeCode NameDescriptionAPIs
409-000ConflictGeneric conflict error
FuseCore
409-001ResourceAlreadyExistsA resource with the same identifier already exists
FuseCore
409-002StateMismatchThe resource state does not allow this operation
Fuse

422
UnprocessableContent
The request was well-formed but the content could not be processed.
CodeCode NameDescriptionAPIs
422-000UnprocessableContentGeneric unprocessable content error
Fuse
422-001UpstreamResponseUnsupportedThe response from an upstream service is not supported
Fuse

429
TooManyRequests
The rate limit has been exceeded. Wait before making additional requests.
CodeCode NameDescriptionAPIs
429-000TooManyRequestsRate limit exceeded - please try again later
FuseCore

500
InternalServerError
An unexpected error occurred on the server. If the problem persists, please contact support.
CodeCode NameDescriptionAPIs
500-000InternalServerAn unexpected internal error occurred
FuseCore
500-001ConfigurationA server configuration error occurred
FuseCore

502
BadGateway
An upstream service returned an error response. This is typically a temporary issue.
CodeCode NameDescriptionAPIs
502-000BadGatewayError while interacting with a third party service
Fuse
502-001ConnectionAbortedThe connection to an upstream service was aborted
Fuse

503
ServiceUnavailable
The service is temporarily unavailable. Retry after a short delay.
CodeCode NameDescriptionAPIs
503-000ServiceUnavailableThe service is temporarily unavailable. Retry after a short delay.
Fuse

504
GatewayTimeout
The request timed out while waiting for an upstream service.
CodeCode NameDescriptionAPIs
504-000GatewayTimeoutGateway timeout while waiting for an upstream service
Fuse


Best Practices for Error Handling

  1. Check the error code - Use the error code to programmatically handle specific error scenarios. The code is stable and will not change without prior notice.
  2. Log errors for debugging - Include the full error response in your logs, especially the timestamp and error code fields.
  3. Implement retry logic - For 5xx errors and 429 errors, implement exponential backoff retry logic.
  4. Display user-friendly messages - Use the error message field to display human-readable error messages to end users.
  5. Contact support if needed - If you encounter persistent 500 errors, contact our support team with the error details and timestamp.