Error code table

Last Updated: Nov 08, 2017

When you call an API that you or another person activates through API Gateway, such as weather query, IP query or image recognition API, the following error codes may be returned.

Server error code table. When the error code of HttpCode is 5xx, it indicates that the service is unavailable. In this case, you must try again or contact the API service provider on the product page.

Error code HTTP status code Meaning Solution
Internal Error 500 API Gateway has an internal error. Try again.
Failed To Call Backend Service 500 The underlying service has an error. An error occurred in the underlying API service. Try again and contact the API service provider for a solution if the problem persists after several retries.
Service Unavailable 503 Service is unavailable. Try again later.
Async Service 504 The backend service times out. Try again later.

Client error code table. When the error code of HttpCode is 4xx, it indicates that the service has an error. It is generally because the parameter, signature, or request method is incorrect or the service is under throttling. You must check the error code carefully and solve the problem accordingly.

Error code HTTP status code Meaning Solution
Throttled by USER Throttling 403 The operation is throttled by user throttling policies. Generally, the operation is throttled by the throttling policies due to the user throttling value set by the API service provider. You can contact the API service provider for a higher user throttling value.
Throttled by App Throttling 403 The operation is throttled by application throttling policies. Generally, the operation is throttled by the throttling policies due to the application throttling value set by the API service provider. You can contact the API service provider for a higher user throttling value.
Throttled by API Throttling 403 The operation is throttled by API throttling policies. Generally, the operation is throttled by the throttling policies due to the API throttling value set by the API service provider. You can contact the API service provider for a higher user throttling value.
Throttled by DOMAIN Throttling 403 The operation is throttled by throttling on the second-level domain name.Or, the operation is throttled by group throttling policies. The second-level domain name used for API calls can be accessed up to 1,000 times each day.Each group has limited 500 QPSs.
Quota Exhausted 403 The call quota is exhausted. The call quota you have bought is exhausted.
Quota Expired 403 The quota you have bought expires. The quota you have bought expires.
Outstanding Payment 403 The account is in outstanding payment. Recharge your account as soon as possible.
Empty Request Body 400 The body is empty. Check the content of the request body.
Invalid Request Body 400 The body is invalid. Check the content of the request body.
Invalid Param Location 400 The parameter location is incorrect. The location of the request parameter is incorrect.
Unsupported Multipart 400 Upload is not supported. The file upload is not supported.
Invalid URL 400 URL is invalid. The requested method, path, or environment is incorrect. For more information, see Invalid URL for error description.
Invalid Domain 400 The domain name is invalid. The request’s domain name is invalid and API cannot be found based on the domain name. Contact the API service provider.
Invalid HttpMethod 400 The HTTPMethod is invalid. The HTTPMethod is entered incorrectly.
Invalid AppKey 400 AppKey is invalid or does not exist. Check the input AppKey and keep no spaces at either side of the parameter.
Invalid AppSecret 400 AppSecret is incorrect. Check the input AppSecret and keep no spaces at either side of the parameter.
Timestamp Expired 400 The timestamp expires. Check whether the request system time is a standard time.
Invalid Timestamp 400 The timestamp is invalid. For more information, see Request signature instructions.
Empty Signature 404 The signature is empty. See Request signature instructions for how to input the signature string.
Invalid Signature, Server StringToSign:%s 400 The signature is invalid. See Invalid signature for signature invalidity errors.
Invalid Content-MD5 400 The Content-MD5 value is invalid. The request body is empty but its MD5 value is input or is calculated incorrectly. For more information, see Request signature instructions.
Unauthorized 403 The operation is unauthorized. The application has no permission to call the API. See Unauthorized for error instructions.
Nonce Used 400 The SignatureNonce is used. The SignatureNonce cannot be reused.
API Not Found 400 API is not found. The input GroupID, Stage, or other parameters are incorrect or the API is deprecated.

When you call a control OpenAPI, such as CreateAPI, ModifyAPI, or DeleteAPI, that is opened through the API Gateway, the following error codes may be returned.

Server error code table. When the error code of HttpCode is 5xx, it indicates that the service is unavailable. Try again.

Error code Description HTTP status code Meaning Solution
ServiceUnavailable The request has failed due to a temporary failure of the server. 503 Service is unavailable. Try again.
InternalError The request processing has failed due to some unknown error, exception, or failure. 500 An internal error occurs. Try again.

Client error code table. When the error code of HttpCode is 4xx, it indicates that the service has an error. Generally, it is caused by incorrect parameter or service logic or permission restriction. Check the error code carefully and solve the problem accordingly.

Error code Description HTTP status code Meaning Solution
Repeated%s The specified %s is repeated. 400 A parameter is repeated. %s is a placeholder and a specific parameter name or prompts are provided when you call an API. Follow the prompts to modify the repeated parameter and try again.
RepeatedCommit Resubmit request. 400 The request is repeated. Do not submit the request frequently.
Missing%s The %s is required for this action. 400 The parameter %s is missing. Enter the missing parameter according to the error and try the request again.
MissingAppIdOrAppOwner AppId or AppOwner must have a valid value. 400 AppID or AppOwner is missing. AppID and AppOwner cannot both be empty.
Invalid%s The specified parameter %s value is not valid. 400 The parameter is invalid. Follow the prompts to enter the specific parameter, view restrictions on parameters, and try again.
NotFound%s Cannot find resource according to your specified %s. 400 The resource is not found. The resource cannot be found based on the specified parameter %s. Check whether %s is correct.
InvalidFormat%s The specified parameter %s value is not well formatted. 400 Parameter format is incorrect. Follow the prompts to check and modify the format of %s and try again.
Duplicate%s The specified parameter %s value is duplicate. 400 The parameter is repeated. Duplicate request parameters are not allowed. Check and modify the parameter and try again.
DependencyViolation%s The specified %s has %s definitions. 400 The parameter dependency is incorrect. The specified parameter that others are dependent on cannot be deleted. Remove the dependency and then delete the parameter.
Forbidden%s Not allowed to operate on the specified %s. 403 Operation is not permitted/the operation is prohibited. You are not permitted to perform the operation.
NoPermission User is not authorized to operate on the specified resource. 403 Operation is not permitted. RAM authentication fails.
ExceedLimit%s The specified %s count exceeds the limit. 400 The quota is exceeded. The number of APIs, API groups or applications created in the user account exceeds the quota.
UserNotFound The specified user cannot be found. 404 The specified user cannot be found. The user cannot be found based on the input user information.
DomainCertificateNotFound Cannot find the domain certificate. 400 The specified domain name certificate does not exist. Check the ID and name of the input certificate.
DomainNotResolved The specified domain has not been resolved. 400 The specified domain name is not resolved. You must resolve the CNAME of the specified domain name to a second-level domain name of the group and then bind the specified domain name to the second-level domain name. The domain name must be resolved on the website from which you buy the domain name.
InvalidICPLicense The specified domain have not got ICP license, or the ICP license does not belong to Alibaba Cloud. 400 The domain name filing fails. The domain name to be bound must be firstly filed with Alibaba Cloud. Domain names filed with other systems must be filed for access to Alibaba Cloud. A filing number is needed for access filing. Each of ECS instances filed with Alibaba Cloud and having public IP addresses have five filing numbers.
Invalid%s.LengthLimit The parameter %s length exceeds the limit. 400 The parameter is too long. The parameter %s is too long. Modify the parameter and try again.
InvalidApiDefault The ApiDefault value exceeds limit. 400 The default API throttling value exceeds the quota. The value cannot exceed 100,000,000, regardless of the unit. For a higher quota, you must submit a ticket.
InvalidAppDefault The AppDefault value must smaller than the UserDefault and ApiDefault. 400 The AppDefault value does not comply with the rules. The value must be less than the API throttling value and the user throttling value.
InvalidUserDefault The UserDefault value must bigger than the AppDefault and smaller than the ApiDefault. 400 The UserDefault value does not comply with the rules. The value must be less than the API throttling value and greater than the application throttling value.
InvalidParamMapping Parameters must be fully mapped. 400 Parameter mapping is invalid. API creation requires full mapping between front-end and backend parameters. That is, a backend parameter name needs to be configured for each input parameter.
InvalidOwnerAccount OwnerAccount is invalid. 400 The application owner account is invalid. The Alibaba Cloud Mail account of the target user entered during operation authorization is invalid. Check and modify the account and try again.
ServiceForbidden Your Gateway service is forbidden by risk control. 400 The API Gateway service is forbidden by risk control policies (the user must be forbidden by risk control policies). Do not submit the request frequently. Try again later. If the problem persists after retry, submit a ticket for consultation.
ServiceUnOpen Your Gateway service has not been opened. 400 The service is not activated. Activate the API Gateway service at Alibaba Cloud website.
ServiceInDept Your API Gateway service is in dept. 400 (Your API Gateway) service is in outstanding payment. The service can be used after account recharge or bill settlement.
EqualSignature The new signature is the same as the old. 400 The new signature key is the same as the old one. The modified backend signature key and secret cannot be the same as the old ones.
CertificateNotMatch The domain does not match the one in the certificate. 400 The domain name does not match that in the certificate. The specified domain name does not match that in the certificate.
CertificateKeyNotMatch The certificate private key does not match the public key. 400 The certificate keys do not match each other. The certificate public key does not match with the private key.
PrivateKeyEncrypted The certificate private key is encrypted, please upload the unencrypted version. 400 The private key cannot be encrypted. The certificate private key is encrypted, but the unencrypted version must be uploaded.
CertificateSecretKeyError The certificate private key is invalid. 400 The certificate private key is invalid. Check and upload the private key again.
InvalidApiServiceAddress The specified service address is not valid. 400 The API backend service address is invalid. The configured API backend service address is invalid.

Client public error code. If the error code of HttpCode is 4xx, the error code returns when you call Open APIs of Alibaba Cloud Products. The error code indicates that the service has an error. Generally, it is caused by incorrect request format or method, parameter format or signature, or missing of required parameter, or throttling restriction. You must check the error code carefully and solve the problem accordingly.

Scenarios Error code Error message Status code Suggestion

API is not found.

InvalidApi.NotFound

Specified api is not found,
please check your URL and method.

404

Check whether the specified action interface name is correct. Pay attention to the case-sensitive problem.

Required parameters are missing from the request.

Missing{ParameterName}

{ParameterName} is required for this action.

400

The specified parameter is required. Input the parameter.

AccessKeyID cannot be found.

InvalidAccessKeyId.NotFound

Specified AccessKey is not found.

404

Check whether a correct AccessKeyID is used for the call.

AccessKeyID is disabled.

InvalidAccessKeyId.Inactive

Specified AccessKey is disabled.

400

Check whether the AccessKey can be used.

The time stamp is invalid (Date and Timestamp).

InvalidTimeStamp.Format

Specified time stamp or date value is not well formatted.

400

Check the time stamp.

The difference between the user time and server time exceeds 15 minutes.

InvalidTimeStamp.Expired

Specified time stamp or date value is expired.

400

Check the time stamp.

The SignatureNonce is repeated.

SignatureNonceUsed

Specified signature nonce war used already.

400

The format of the returned value is invalid.

InvalidParameter.Format

Specified parameter format is not valid.

400

Only values in XML/JSON format are supported.

Parameter value verification fails.

Invalid{ParameterName}

Specified parameter {ParameterName} is not valid.

400

Check whether the value of the specified parameter is correct.

HTTP request method is not supported.

UnsupportedHTTPMethod

Specified signature is not matched with our calculation.

400

Check the request method.

The signature method is not supported.

InvalidSignatureMethod

Specified signature method is not valid.

400

This parameter can be left empty by default.

The signature verification fails.

SignatureDoesNotMatch

Specified signature is not matched with our calculation.

400

The signature verification fails.

The call frequency exceeds the threshold.

Throttling.User

Request was denied due to user throttling.

400

Access the API later or reduce the access frequency.

The API access frequency exceeds the threshold.

Throttling.API

Request was denied due to api throttling.

400

Access the API later or reduce the access frequency.

AccessKeyID is missing.

MissingSecurityToken

SecurityToken is required for this action.

400

Check whether a correct AccessKeyID is used for the call.

Thank you! We've received your feedback.