List of Authorization Errors

If an error occurs, the API will notify you using one of the following methods:

  • If the error occurs during the Authorization flow, you'll receive a 302 redirect
  • If the error occurs while you're using the Token or Revoke Connection endpoints, you'll receive a JSON response

The JSON error response will be in the following format:

{
  "error": "error",
  "error_description": "error_description"
} 
https://www.example.com/callback?
error=error
&error_description=error_description
&state=state

Supported Errors

We recommend that you set up your configuration to expect and handle the following errors.

ErrorStatus Code
access_denied400
invalid_request400
invalid_client400
invalid_grant400
invalid_scope400
unauthorized_client400
unsupported_grant_type400
unsupported_response_type400
server_error500
temporarily_unavailable503
unsupported_token_type400

Common Error Scenarios

Consent Errors

This type of error is caused by an issue with the end-user's consent.

If the end-user denies consent during authorization, you'll receive a 302 redirect with an error, error_description and the original state.

Non Transient Failures

This type of error is caused by a specific issue that must be addressed. You will continue to see this error until the issue is corrected.

ScenarioErrorStatus CodeAction
Invalid client or client credentialsinvalid_client400Confirm the client_id and client_secret are correct.
Authorization header is not includedinvalid_scope/ invalid_request400Include the authorization header in the request.
Refresh token is expired or invalidinvalid_grant400A new refresh_token is generated each time a user logs in, making all previous tokens unusable. Discard the refresh_token after each use to avoid receiving this error.