HTTP Status Codes

HTTP status codes break down into the following categories:

  • 100-199: Informational messages
  • 200-200: The message was successful
  • 300-399: Redirection
  • 400-415: Error on the client side
  • 500-599: Error on the server side

Recognizing the general numeric category could be helpful in tracking down the source of an error.

The table below provides information on some of the more common HTTP error codes you might encounter when working with the Akana OAuth API. For a full list of HTTP error code numbers and meanings, refer to the HTTP spec.

HTTP Code Body Cause/explanation/examples
Success codes:
200 OK The request completed successfully.
201 Created Successful create (add) request.
204 No Content The server successfully processed the request, but is not returning any content.
Redirect codes:
302 Redirect Redirect found. The client should use the URL given in the Location header.
Client error codes:
400 Bad Request Returned if the client sends invalid parameters or body content. For example, you might get this response if there is a typo in the request URL, or if you send malformed XML in your request (if applicable).
401 Unauthorized Authentication (login) is required for this operation. For example, perhaps a required cookie was not included.
403 Forbidden Authentication is required.
404 Resource not found The information in the path, parameters, or message header/body didn't match up to any available resource at the specified URL. For example, the message has the wrong content-type, a typo in the URL, or a wrong accept-header; or you might get this error if a specified resource, such as an app, API, or rating, does not exist. You would also get this if you were using the wrong HTTP verb.
405 Method Not Allowed The request is attempting to do something not allowed by this operation. For example, an Accept header that's not valid for the operation might cause this error, or an HTTP verb that's not supported for the operation.
406 Unacceptable/Not Acceptable

Returned if the response format, as specified in the accept header, does not match the content type specified in the request.

For example, you might get this response if you set the Accept header to text/xml for an operation that only returns an application/json response.

409 Invalid action for current resource state The action attempted was not valid for the current state. For example, the message is attempting to cancel an API contract that doesn't currently have a status of Approved.
415 Unsupported Media Type Returned if the request is using a media type not supported by the method.
Server error codes:
500 Internal Server Error An error occurred while processing the call. This error is generally returned for any business logic failure that doesn't fit into any of the defined categories above.
OAuth/auz/authorize error codes:
400 Invalid Request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
Unauthorized Client The client is not authorized to request an authorization code.
Unsupported Grant Type The authorization grant type is not supported by the authorization server.
Invalid Scope The requested scope is invalid, unknown, or missing.
Unsupported Response Type The authorization server does not support obtaining an authorization code using the response type parameter used in an authorization request.
500 Server Error

The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

Note: This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)

OAuth/oauth20/token error codes:
400 Invalid Request The request is missing a required parameter or includes an invalid parameter value.
Unsupported Grant Type The authorization grant type is not supported by the authorization server.
Invalid Client Client authentication failed. For example, client authentication failed due to an unknown client, no client authentication included, or an unsupported authentication method.
Invalid Grant The authorization grant code is invalid, expired, or does not match the redirection URI used in the authorization request.
Invalid Scope The requested scope is missing, invalid, or unknown.
500 Server Error The authorization server encountered an unexpected condition that prevented it from fulfilling the request.