Toggle Menu


There are various errors which you may receive when attempting to authenticate to the the API. All errors will be returned with a 403 Forbidden status and a JSON hash containing an error code and, in some cases, further information about the issue.

In most cases, these errors should be caught and returned to the user as they can usually be resolved by the user.

Error Codes

  • InvalidApplicationToken - the X-Auth-Application token passed did not match a valid application token.
  • InvalidAPICredentials - the token & secret provided did not match any configured API tokens.
  • APITokenDisabled - the API token was valid but has been disabled.
  • UserApiAccessNotPermitted - the user which owns the token passed is not permitted to use the API.
  • ApplicationTokenInvalid - you have authenticated with a user token but the X-Auth-Application header has not been found.
  • TokenDoesNotMatchApplication - the token you have authenticated was not issued by the application in X-Auth-Application.
  • NoAccessToRequestedAction or AccessDenied - the token you have provided does not have access to the requested action.
  • NotPermittedFromIPAddress - the token you have provided does not have access to the IP from the source address.

Example JSON

  "error": "InvalidAPICredentials"
  "error": "InvalidApplicationToken",
  "application": "c70b8c82-88dc-fe1f-e01c-4e38fd6f5936"
  "error": "AccessDenied",
  "message": "User are not permitted to access Customer methods using the API"
  "error": "UserApiAccessNotPermitted",
  "user": "adam"
  "error": "NotPermittedFromIPAddress",
  "ip": ""