AuthN API Reference
AuthN API Endpoints
Status Codes
| Status | Status Code | Description |
|---|---|---|
| AgreementExists | 200 | An attempt was made to create an agreement that already exists. |
| AgreementPublished | 200 | An attempt was made to edit or delete an agreement that was previously published. |
| AuthMethodNotAllowed | 200 | Auth method not enabled for the user or domain. |
| AuthenticationFailure | 200 | Authentication failed because an incorrect password, social ID, or OTP code was provided. |
| CantDeleteFirstName | 200 | An attempt was made to delete the first_name field of a user's profile. |
| CantDeleteLastName | 200 | An attempt was made to delete the first_name field of a user's profile. |
| CantDeletePhone | 200 | An attempt was made to delete the phone field of a user's profile when SMS OTP was enabled. |
| CantRefreshToken | 200 | An attempt was made to refresh a token that is not refreshable or has already been refreshed. |
| CantSetPassword | 200 | An attempt was made to set a password for a user that does not support passwords. |
| CheckEmail | 200 | User successfully signuped up by needs to verify their email |
| ClientAuthenticationFailure | 200 | Authentication failed because an incorrect secret was provided. |
| ConfigExists | 200 | An attempt was made to create a Config that already exists. |
| DisabledToken | 200 | An attempt was made to use a token that has been disabled. |
| DisabledUser | 200 | An attempt was made to access a disabled user. |
| DomainExists | 200 | An attempt was made to register domain that already exists. |
| DomainVerificationFailure | 200 | CNAME lookup did not match the login domain. |
| DuplicateOTPCode | 200 | A previously used OTP code was used. Please enter the next OTP code. |
| EmailRequired | 200 | An operation was performed that requires that the user has an email configured. |
| ExpiredToken | 200 | An attempt was made to access a token that has expired. |
| IncorrectAuthenticationProvider | 200 | An attempt was made to authenticate a user with a different authentication provider than the user was provisioned with. |
| InvalidAgreement | 200 | An attempt was made to access a non-existent agreement. |
| InvalidAuthenticationProvider | 200 | An attempt was made to configure a user account with an authentication provider that is not enabled. |
| InvalidAuthenticator | 200 | An attempt was made to access a non-existent authenticator. |
| InvalidCallback | 200 | An attempt was made to use a callback URI that was not configured for this service. |
| InvalidDomain | 200 | An attempt was made to access a non-existent domain. |
| InvalidExtProvisionSetting | 200 | An attempt was made to access a non-existent external provider provision settings. |
| InvalidFlow | 200 | An attempt was made to use a flow ID that does not exist or has expired. |
| InvalidFlowState | 200 | An attempt was made to perform a flow operation in a state when it was not allowed. |
| InvalidMfaProvider | 200 | An attempt was made to use an invalid MFA provider. |
| InvalidSAMLServiceProvider | 200 | An attempt was made to access a non-existent SAML Service Provider. |
| InvalidServiceAccount | 200 | An attempt was made to access a non-existent service account. |
| InvalidTicket | 200 | An attempt was made to access a non-existent ticket. |
| InvalidTicketType | 200 | An invalid ticket type was used. |
| InvalidToken | 200 | An attempt was made to access a non-existent token. |
| InvalidUser | 200 | An attempt was made to access a non-existent user. |
| InvalidUserImport | 200 | An attempt was made to access a non-existent user import. |
| InvalidWebauthnSession | 200 | An attempt was made to access a non-existent webauthn session. |
| JwtSigningNotConfigured | 200 | An attempt was made to JWT token but it is not configured or enabled. |
| MfaCodeExpired | 200 | An attempt was made to use an MFA code that has expired. |
| MfaEnrolled | 200 | An attempt was made to enroll an MFA provider that is already enrolled. |
| MfaNotEnrolled | 200 | An attempt was made to use an MFA provider that is not enrolled. |
| MfaResendTooSoon | 200 | An attempt was made to send an new MFA code too soon after the previous code was sent. |
| NoSocialProviderConfigured | 200 | An attempt to start a flow on a user without a social oauth provider was created. |
| NoWebauthnProviderConfigured | 200 | An attempt to start a flow on a user without a webauthn provider was created. |
| OrgExists | 200 | An attempt was made to enable an Org that is already enabled. |
| PasskeyRegistrationFailure | 200 | An attempt was made to register a passkey. |
| PasswordHashGenerationFailed | 200 | An attempt was made to match password and password generated hash |
| PasswordHashMatchFailed | 200 | An attempt was made to match password and password generated hash |
| PasswordPolicyFailure | 200 | The password did not satisfy password complexity requirements. |
| PhoneNumberRequired | 200 | An operation was performed that requires that the user has a phone number configured. |
| SAMLGenericError | 200 | An unexpected SAML-related issue has occurred. |
| SAMLSPExists | 200 | An attempt was made to create a SAML Service Provider of an existing Service Provider. |
| SMSSendFailure | 200 | An attempt to send an SMS message failed. |
| SignupForbidden | 200 | An attempt was made to sign up a new user when signups are disabled. |
| UserExists | 200 | An attempt was made to create a user with an email address of an existing user. |
| UserImportErr | 200 | Failed to import user. |
| UserImportExists | 200 | An attempt was made to create an user import from the given source that already in-progress. |
| BadSession | 400 | An invalid session was attempted to be accessed |
| CaptchaFailed | 400 | User sent up a bad captcha |
| ConflictGroup | 400 | An attempt was made to create a group which conflicts with another group. |
| DuplicateEmail | 400 | An attempt was made to signup with an email that is in use by another account. |
| ExtSettingValidationErr | 400 | Failed to verify provision setting payload, could be un-supported auth_mode or auth_settings. |
| InvalidClient | 400 | An attempt was made to access a non-existent client. |
| InvalidFieldMapping | 400 | An attempt was made to import or validate user import but field mapping did not match |
| InvalidFileFormat | 400 | An attempt was made to upload bad file's format or structure. |
| InvalidFileType | 400 | An attempt was made to upload file type which is not supported or not allowed |
| InvalidGroup | 400 | An attempt was made to access a non-existent group. |
| InvalidOAuthClaim | 400 | An attempt was made to access a non-existent oauth claim. |
| InvalidOAuthClaimValue | 400 | An attempt was made to assign a claim value which doest not exist. |
| InvalidOAuthClientGrantType | 400 | An attempt was made to use invalid grant type. |
| InvalidOAuthClientRedirectURL | 400 | An attempt was made to use invalid redirect url. |
| InvalidOAuthClientResponseType | 400 | An attempt was made to use invalid response type. |
| InvalidOAuthScope | 400 | An attempt was made to access a non-existent oauth custom scope. |
| InvalidOAuthSecretId | 400 | An attempt was made to access a non-existent OAuth secret id. |
| InvalidOAuthTokenAuthMethod | 400 | An attempt was made to use invalid token auth method. |
| InvalidPasswordHashParam | 400 | An attempt was made to match password and password generated hash |
| InvalidUserImportSource | 400 | An attempt was made to update/delete user import source which is not exist |
| InvalidUserImportSourceType | 400 | An attempt was made to define user import source type which is not supported or not allowed |
| MissingAuthZConfigId | 400 | AuthZ must be configuerd to use groups. |
| NotMatchExpectedEmail | 400 | User tried to sign up using an email when a forced email was set |
| OAuthConflictClaim | 400 | An attempt was made to create a claim which conflict with other claim. |
| OAuthConflictScope | 400 | An attempt was made to create a scope which conflict with other scope. |
| OAuthReservedScope | 400 | An attempt was made to access a reserved OAuth scope name. |
| OAuthScopeCheckFailed | 400 | An attempt was made to use a scope that is either not configured or failed to be verified with the authorization server. |
| OperationNotSupported | 400 | An attempt was made for an operation that is not supported by the service |
| RequiredOAuthScope | 400 | An attempt was made to access with empty scope |
| SAMLAttributeError | 400 | Expected attribute(s) missing in the SAML assertion or attributes not matching expectation. |
| SAMLConfigMismatchError | 400 | Mismatched Entity ID, endpoint URL, or NameID format between SP and IdP. |
| SubscriptionExists | 400 | An attempt was made to create a Subscription that already exists. |
| WebauthnVerificationError | 400 | Failed to verify webauthn payload, could be attestation, challenge, mismatch, etc. |
| AccountLockedOut | 403 | The account has been locked out due to too many failed login attempts |
| DomainNotAllowed | 403 | An attempt was made to signup or user creation from a disallowed domain |
| IPNotAllowed | 403 | An attempt was made to login or signup from a disallowed IP address. |
| SAMLCertAndSignatureError | 403 | Problem with certificates for signing/encryption or misconfiguration in signing assertions. |
| ThreatCheckDomainBlocked | 403 | An attempt was made to signup or log in from a blocked domain |
| ThreatCheckIPBlocked | 403 | An attempt was made to signup or log ins from a blocked IP |
| TravelDistanceExceeded | 403 | An attempt was made to login from location that exceeds the allowed travel distance since the last login. |
| CreateUserFailed | 500 | Failed to create user for some reason |
Was this article helpful?