Status codes

Overview

All API calls, be it REST or Python ones, return status codes that may be additionally broken down into sub-statuses.

HTTP-level status codes are used only to signal 200 OK, 400 Bad request and 403 Forbidden - other HTTP status codes are not used because SSO functionality, through its Python API, can be exposed via protocols that may not have an intrinsic notion of status codes, e.g. AMQP or WebSockets.

Note that in certain cases the publicly returned sub-status may be followed by more specific information in server logs. For instance, a generic E005001 'You are not allowed to access this resource' may be accompanied by E001001 'Invalid username' yet this message is not returned to the caller so as not to reveal too much information to potential adversaries.

Each sub-status starts with a prefix, 'E' indicates an error and 'W' stands for a warning.

In Python, all of status codes can be access through 'from zato.sso import status_code'.

Status codes

NameNotes
okOperation completed successfully, there is no error nor warning to report
warningOperation may have completed successfully but there was an issue to report, check sub-status for details
errorOperation failed, check sub-status for details

Sub-status codes

CodeLabelNotes
E001001username.invalidSuch a username does not exist in database
E001002username.existsThis username already exists - for instance, during user creation
E001003username.too_longUsername is longer than configuration allows it
E001004username.has_whitespaceUsername contains whitespace
E001100user_id.invalidSuch a user ID does not exist in database
E002001email.invalidSuch an email does not exist in database
E002002email.existsThis email already exists - for instance, during user creation if emails are required to be unique
E002003email.too_longEmail address is longer than configuration allows it
E002004email.has_whitespaceEmail address contains whitespace
E002005email.missingThere was no email given on input yet one is required
E003001password.invalidPassword is invalid per rules defined in configuration
E003002password.too_shortPassword is too short
E003003password.too_longPassword is too long
E003004password.expiredA call was issued using an account whose password has expired (e.g. in between login and this call)
W003005password.w_about_to_expA warning to indicate that the password is about to expire
E003006password.e_about_to_expExactly as W003005 but returned as an error, per configuration
E003007password.must_send_newRequest was rejected, user must send a new password to set in place of current one
E004001app_list.invalidApplication name given on input was not found in configuration
E004002app_list.no_signupApplication name on input exists but it is not possible to log in from it, i.e. user must use another application to log in
E005001auth.not_allowedA generic 'You are not allowed to access this resource' message, may be supplemented by details in server log
E005002auth.lockedAccount is locked, cannot be used until unlocked
E005003auth.invalid_signup_statusAccount cannot be used to log into because the signup process is not complete yet, e.g. the user has not confirmed it yet
E005004auth.not_approvedAccount waits for approval from a super-admin, it is not possible to log in until it is approved
E005005auth.super_user_requiredSuper-user's privileges are required to carry out a given action but current user is not one
E005006auth.no_such_sign_up_tokenSignup token given on input does not exist
E005007auth.sign_up_confirmedAn attempt to confirm a signup process was made using a token that has been already used once
E006001metadata.not_allowedCurrent application that the user is logging in from is not allowed to send login metadata, such as remote_addr and user_agent
E007001session.no_such_sessionInput user session token UST was invalid - either does not exist or the session expired
E007002session.expiredThe session pointed to by input UST exists but has already expired
E008001common.invalid_operationThe requested operation is invalid, e.g. a user attempts to delete his or her own account
E008002common.invalid_inputAt least one of values given on input was not valid
E008003common.missing_inputA value was expected on input but it was not provided by the caller
E008004common.internal_errorAn internal error has occurred, check server logs for details
E009001attr.already_existsAn attempt was made to create an attribute of a name that already exists
E009002attr.no_such_attrAn attempt was made to access an attribute of a name that does not exist (applies to all of .get, .update and .delete)
E010010password_reset.could_not_accessInput password reset token or reset key could not be accessed for any reason, e.g. they never existed or they already expired or the one-time use reset token was already accessed earlier