This is a beta release of documentation for Magento 2.4, published for previewing soon-to-be-released functionality. Content in this version is subject to change. Links to the v2.4 code base may not properly resolve until the code is officially released.

OAuth error codes

When the third-party application makes an invalid request to Magento, the following OAuth-related errors can occur:

HTTP code Error code Text representation Description
400 1 version_rejected The oauth_version parameter does not correspond to the “1.0” value.
400 2 parameter_absent A required parameter is missing in the request. The name of the missing parameter is specified additionally in the response.
400 3 parameter_rejected The type of the parameter or its value do not meet the protocol requirements (for example, array is passed instead of the string).
400 4 timestamp_refused The timestamp value in the oauth_timestamp parameter is incorrect.
401 5 nonce_used The nonce-timestamp combination has already been used.
400 6 signature_method_rejected The signature method is not supported. The following methods are supported: HMAC-SHA1.
401 7 signature_invalid The signature is invalid.
401 8 consumer_key_rejected The Consumer Key has incorrect length or does not exist.
401 9 token_used An attempt of authorization of an already authorized token or an attempt to exchange a not temporary token for a permanent one.
401 10 token_expired The temporary token has expired. At the moment, the mechanism of expiration of temporary tokens is not implemented and the current error is not used.
401 11 token_revoke The token is revoked by the user who authorized it.
401 12 token_rejected The token is not valid, or does not exist, or is not valid for using in the current type of request.
401 13 verifier_invalid The confirmation string does not correspond to the token.
403 14 permission_unknown The consumer permission is unknown.
403 15 permission_denied The consumer does not authorized to access the resource.
405 16 method_not_allowed The method is not supported or not allowed.
403 17 consumer_key_invalid The Consumer Key is invalid.

OAuth-based authentication