If an error occurs, the API will notify you using one of the following methods:
- If the error occurs during the Authorization flow, you'll receive a 302 redirect
- If the error occurs while you're using the Token or Revoke Connection endpoints, you'll receive a JSON response
The JSON error response will be in the following format:
{
"error": "error",
"error_description": "error_description"
}
https://www.example.com/callback?
error=error
&error_description=error_description
&state=state
Supported Errors
We recommend that you set up your configuration to expect and handle the following errors.
| Error | Status Code |
|---|---|
| access_denied | 400 |
| invalid_request | 400 |
| invalid_client | 400 |
| invalid_grant | 400 |
| invalid_scope | 400 |
| unauthorized_client | 400 |
| unsupported_grant_type | 400 |
| unsupported_response_type | 400 |
| server_error | 500 |
| temporarily_unavailable | 503 |
| unsupported_token_type | 400 |
Common Error Scenarios
Consent Errors
This type of error is caused by an issue with the end-user's consent.
If the end-user denies consent during authorization, you'll receive a 302 redirect with an error, error_description and the original state.
Non Transient Failures
This type of error is caused by a specific issue that must be addressed. You will continue to see this error until the issue is corrected.
| Scenario | Error | Status Code | Action |
|---|---|---|---|
| Invalid client or client credentials | invalid_client | 400 | Confirm the client_id and client_secret are correct. |
| Authorization header is not included | invalid_scope/ invalid_request | 400 | Include the authorization header in the request. |
| Refresh token is expired or invalid | invalid_grant | 400 | A new refresh_token is generated each time a user logs in, making all previous tokens unusable. Discard the refresh_token after each use to avoid receiving this error. |