Error code table

Last Updated: Jun 19, 2017

Public error codes

Scenarios

Error code

Error message

Status code

Suggestion

The domain is invalid (the product cannot be found based on the domain).

InvalidProduct.NotFound

Cannot find product according to your specified domain.

404

Check whether the called domain or the domain in product configurations is correct.

API is missing.
The API is the Private type, and the user is not in the list.

InvalidApi.NotFound

Specified api is not found,
please check your url and method.

404

Check whether the called API is correct. Pay attention to case sensitiveness, and check whether access control is enabled.

API must be based on HTTPS.

InvalidProtocol.NeedSsl

Your request is denied as lack of ssl protect.

400

Check whether API only supports HTTPS.

The required parameter is missing (enter the actual parameter name in {}).

Missing{ParameterName}

{ParameterName} is mandatory for this action.

400

Check whether you have entered the parameter during the call process.

AccessKeyID is missing.

InvalidAccessKeyId.NotFound

Specified access key is not found.

404

Check whether a correct AccessKeyID is used for the call.

AccessKeyID is disabled.

InvalidAccessKeyId.Inactive

Specified access key is disabled.

400

Check whether the AK is valid, or whether the AK matches the environment.

The time stamp is invalid (Date and Timestamp).

InvalidTimeStamp.Format

Specified time stamp or date value is not well formatted.

400

Check the time stamp.

The difference between the user time and server time exceeds 15 minutes.

InvalidTimeStamp.Expired

Specified time stamp or date value is expired.

400

Check the time stamp.

SignatureNonce is repeated.

SignatureNonceUsed

Specified signature nonce war used already.

400

MD5 verification fails (ROA).

ContentMD5NotMatched

Specified content md5 is not matched with your request body.

400

The format of the returned value is invalid (the format is not supported).

InvalidParameter.Format

Specified parameter format is not valid.

400

The XML or JSON format is supported. ROA supports application/json and application/xml.

The format of the returned value is invalid (Accept is not supported).

InvalidParameter.Accept

Specified parameter accept is not valid.

400

Parameter value validation fails.

Invalid{ParameterName}

Specified parameter {ParameterName} is not valid.

400

The HTTP request method is not supported (request method allowed in previous API configurations).

UnsupportedHTTPMethod

Specified signature is not matched with our calculation.

400

The signature method is not supported.

InvalidSignatureMethod

Specified signature method is not valid.

400

The server-side position is incorrect.

InternalError

The request processing has failed
due to some unknown error.

500

The service is unavailable temporarily (the underlying service is unavailable).

ServiceUnavailable

The request has failed due to a temporary failure of the server.

503

View the ISP protocol description in API configurations, and check whether the service provided by the connected party is normal.

Invalid signature

SignatureDoesNotMatch

Specified signature is not matched with our calculation.

400

For details about invalid signature, refer to Signature Verification.

Parameter values do not match (the parameters in URL and body do not match).

ValueMismatch.{ParameterName}

Multi-specified parameter {ParameterName} conflicts with each other.

400

The user’s traffic within the current period of time has exceeded the upper limit.

Throttling.User

Request was denied due to user flow control.

The API traffic within the current period of time has exceeded the upper limit.

Throttling.Api

Request was denied due to api flow control.

The specified content-length does not match the body length.

ContentLengthDoesNotMatch

Specified content-length is not matched with the length of body.

400

The specified parameter is repeated.

RepeatedParameter. {ParameterName}

Specified parameter is repeated.

400

The user’s traffic within the current period of time has exceeded the upper limit.

Throttling.User

Request was denied due to user flow control.

400

The API traffic within the current period of time has exceeded the upper limit.

Throttling.Api

Request was denied due to api flow control.

400

AccessKeyId is missing.

MissingSecurityToken

SecurityToken is mandatory for this action.

400

Token authentication logic is applied when AccessKeyId starts with “STS.”. The error is returned when AccessKeyId starts with “STS.” but the SecurityToken parameters, including RPC and ROA, are not input.

SecurityToken expires.

InvalidSecurityToken.Expired

Specified SecurityToken is expired.

400

Check the SecurityToken.

Client errors (activating an API)

Error code Description HTTP status code Meaning Solution
Repeated%s The specified %s is repeated. 400 A parameter is repeated. %s is a placeholder and a specific parameter name or prompts are provided when you call an API.) Follow the prompts to modify the repeated parameter and try again.
RepeatedCommit Resubmit request. 400 The request is repeated. Do not submit the request frequently.
Missing%s The %s is mandatory for this action. 400 The parameter %s is missing. Enter the missing parameter according to the error and try the request again.
MissingAppIdOrAppOwner AppId or AppOwner must have a valid value. 400 AppId or AppOwner is missing. AppId and AppOwner cannot both be empty.
Invalid%s The specified parameter %s value is not valid. 400 The parameter is invalid. Follow the prompts to enter the specific parameter, view restrictions on parameters, and try again.
NotFound%s Cannot find resource according to your specified %s. 400 The resource is not found. The resource cannot be found based on the specified parameter %s. Check whether %s is correct.
InvalidFormat%s The specified parameter %s value is not well formatted. 400 Parameter format is incorrect. Follow the prompts to check and modify the format of %s and try again.
Duplicate%s The specified parameter %s value is duplicate. 400 The parameter is repeated. Duplicate request parameters are not allowed. Check and modify the parameter and try again.
DependencyViolation%s The specified %s has %s definitions. 400 The parameter dependency is incorrect. The specified parameter that others are dependent on cannot be deleted. Remove the dependency and then delete the parameter.
Forbidden%s Not allowed to operate on the specified %s. 403 Operation is not permitted/the operation is prohibited. You are not permitted to perform the operation.
NoPermission User is not authorized to operate on the specified resource. 403 Operation is not permitted. RAM authentication fails.
ExceedLimit%s The specified %s count exceeds the limit. 400 The quota is exceeded. The number of APIs, API groups or APPs created in the user account exceeds the quota.
UserNotFound The specified user can not be found. 404 The specified user cannot be found. The user cannot be found based on the input user information.
DomainCertificateNotFound Cannot find the domain certificate. 400 The specified domain name certificate does not exist. Check the ID and name of the input certificate.
DomainNotResolved The specified domain has not been resolved. 400 The specified domain name is not resolved. You need to resolve the CNAME of the specified domain name to a second-level domain name of the group and then bind the specified domain name to the second-level domain name. The domain name should be resolved on the website from which you buy the domain name.
InvalidICPLicense The specified domain have not got ICP license, or the ICP license does not belong to Aliyun. 400 The domain name filing fails. The domain name to be bound should be firstly filed with Alibaba Cloud. Domain names filed with other systems should be filed for access to Alibaba Cloud. A filing number is needed for access filing. Each of ECS instances filed with Alibaba Cloud and having public IP addresses have five filing numbers.
Invalid%s.LengthLimit The parameter %s length exceeds the limit. 400 The parameter is too long. The parameter %s is too long. Modify the parameter and try again.
InvalidApiDefault The ApiDefault value exceeds limit. 400 The default API traffic control value exceeds the quota. The value cannot exceed 1,000,000,000, regardless of the unit. For a higher quota, you need to submit a ticket.
InvalidAppDefault The AppDefault value must smaller than the UserDefault and ApiDefault. 400 The AppDefault value does not comply with the rules. The value must be less than the API traffic control value and the user traffic control value.
InvalidUserDefault The UserDefault value must bigger than the AppDefault and smaller than the ApiDefault. 400 The UserDefault value does not comply with the rules. The value should be less than the API traffic control value but greater than the APP traffic control value.
InvalidParamMapping Parameters must be fully mapped. 400 Parameter mapping is invalid. API creation requires full mapping between front-end and backend parameters. That is, a backend parameter name needs to be configured for each input parameter.
InvalidOwnerAccount OwnerAccount is invalid. 400 The APP owner account is invalid. The Alibaba Cloud Mail account of the target user entered during operation authorization is invalid. Check and modify the account and try again.
ServiceForbidden Your Gateway service is forbidden by risk control. 400 The API Gateway service is forbidden by risk control policies (the user should be forbidden by risk control policies). Do not submit the request frequently. Try again later. If the problem persists after retry, submit a ticket for consultation.
ServiceUnOpen Your Gateway service has not been opened. 400 The service is not activated. Activate the API Gateway service at Alibaba Cloud website.
ServiceInDept Your API Gateway service is in dept. 400 (Your API Gateway) service is in arrears. The service can be used after account recharge or bill settlement.
EqualSignature The new signature is the same as the old. 400 The new signature key is the same as the old one. The modified backend signature key and secret cannot be the same as the old ones.
CertificateNotMatch The domain does not match the one in the certificate. 400 The domain name does not match that in the certificate. The specified domain name does not match that in the certificate.
CertificateKeyNotMatch The certificate private key does not match the public key. 400 The certificate keys do not match each other. The certificate public key does not match with the private key.
PrivateKeyEncrypted The certificate private key is encrypted, please upload the unencrypted version. 400 The private key cannot be encrypted. The certificate private key is encrypted, but the unencrypted version should be uploaded.
CertificateSecretKeyError The certificate private key is invalid. 400 The certificate private key is invalid. Check and upload the private key again.
InvalidApiServiceAddress The specified service address is not valid. 400 The API backend service address is invalid. The configured API backend service address is invalid.

Client errors (calling an API)

Error code HTTP status code Meaning Solution
Throttled by USER Flow Control 403 The operation is throttled by user flow control policies. Generally, the operation is throttled by the flow control policies due to the user flow control value set by the API service provider. You can contact the API service provider for a higher user flow control value.
Throttled by APP Flow Control 403 The operation is throttled by APP flow control policies. Generally, the operation is throttled by flow control policies due to the APP flow control value set by the API service provider. You can contact the API service provider for a higher APP flow control value.
Throttled by API Flow Control 403 The operation is throttled by API flow control policies. Generally, the operation is throttled by flow control policies due to the API flow control value set by the API service provider. You can contact the API service provider for a higher API flow control value.
Throttled by DOMAIN Flow Control 403 The operation is throttled by flow control on the second-level domain name. The second-level domain name used for API calls can be accessed up to 1,000 times each day.
TThrottled by GROUP Flow Control 403 The operation is throttled by group flow control policies. Each group has limited QPSs. Feed back the problem to the API service provider.
Quota Exhausted 403 The call quota is exhausted. The call quota you have bought is exhausted.
Quota Expired 403 The quota you have bought expires. The quota you have bought expires.
User Arrears 403 The account is in arrears. Recharge your account as soon as possible.
Empty Request Body 400 The body is empty. Check the content of the request body.
Invalid Request Body 400 The body is invalid. Check the request body.
Invalid Param Location 400 The parameter location is incorrect. The location of the request parameter is incorrect.
Unsupported Multipart 400 Upload is not supported. The file upload is not supported.
Invalid Url 400 URL is invalid. The requested method, path or environment is incorrect. For details, refer to [Invalid URLfor error description.
Invalid Domain 400 The domain name is invalid. The request’s domain name is invalid and API cannot be found based on the domain name. Contact the API service provider.
Invalid HttpMethod 400 The HTTPMethod is invalid. The HTTPMethod is entered incorrectly.
Invalid AppKey 400 AppKey is invalid or does not exist. Check the input AppKey and keep no spaces at either side of the parameter.
Invalid AppSecret 400 AppSecret is incorrect. Check the input AppSecret. keep no spaces at either side of the parameter.
Timestamp Expired 400 The timestamp expires. Check whether the request system time is a standard time.
Invalid Timestamp 400 The timestamp is invalid. For details, refer to Request signature description.
Empty Signature 404 The signature is empty. Refer to Request signature description for how to input the signature string.
Invalid Signature, Server StringToSign:%s 400 The signature is invalid. Refer to Invalid signature for signature invalidity errors.
Invalid Content-MD5 400 The Content-MD5 value is invalid. The request body is empty but the MD5 value is entered or the MD5 value calculation is incorrect. For details, refer to Request signature description.
Unauthorized 403 The operation is unauthorized. The APP is unauthorized for API calls. Refer to Unauthorized for error instructions.
Nonce Used 400 The SignatureNonce is used. The SignatureNonce cannot be used repeatedly. For details, refer to Signature Mechanism.
API Not Found 400 The API cannot be found. The input GroupId, Stage or other parameters are incorrect or the API is deprecated.

Server errors (opening an API)

Error code Description HTTP status code Meaning Solution
ServiceUnavailable The request has failed due to a temporary failure of the server. 503 Service is unavailable. Try again.
InternalError The request processing has failed due to some unknown error, exception or failure. 500 There is an internal error. Try again.

Server errors (calling an API)

Error code HTTP status code Meaning Solution
Internal Error 500 The API Gateway has an internal error. Try again.
Failed To Invoke Backend Service 500 The underlying service has an error. An error occurred in the underlying API service. Try again and contact the API service provider for a solution if the problem persists after several retries.
Service Unavailable 503 Service is unavailable. Try again later.
Thank you! We've received your feedback.