Gigya Job Openings

Response Codes and Errors

Skip to end of metadata
Go to start of metadata



Following is the full list of Gigya response codes and error codes.

0 indicates success while 20000x codes indicate a response; all other codes indicate an error.

A validation error is returned whenever there is a data validation error regarding one of the following required fields:

  • username
  • password
  • secretQuestion
  • secretAnswer
  • email


Error Code Definitions Table

0 Success.
100001Data pendingData is still being processed. Please query again for the response.
200001Operation canceledUser canceled during the login process.
200008OK with errorsFor reports purposes, when OK is returned but there were acceptable errors in the process.
200009Accounts linkedThe accounts have been linked successfully.
200010OK with error login identifier existsWhen a new account is created and the login identifier already exists, the server handles the conflict according to the conflictHandling parameter. If saveProfileAndFail is passed, the profile data is saved, a registration token is returned for account linking, and this error is returned.
206001Account pending registrationA method has been called that performs social login, but the registration process has not been finalized, or a required field is missing from the user profile or data. See Accounts API Error Codes and Messages for more information.
206002Account pending verificationAn account has already been verified and a user tries to log in with a loginID (usually an email address) whose connection to the user has not been verified. See Accounts API Error Codes and Messages for more information.
206003Account missing loginIDThe registration policy requires a loginID when a user uses Social Login to register to the site, but there are no login identifiers or a password associated with the account. See Accounts API Error Codes and Messages for more information.
206004Identities were conflictedAn identity conflict has occurred during account import. This means that a providerUID being imported matches one that is already in the system.
206005Pending Autologin FinalizationWhen auto-login from email verification link policy is activated, this response code is passed as the user is redirected to the nextURL specified in the policy. It is not indicative of an error.
301001Invalid data centerThe API key is served by another data center. The error occurs when an API request is received at the wrong data center. 
400001Invalid request format

This error may be caused by various faults in the request. For example:

  • wrong authentication header
  • non-secure request that should be secured.
400002Missing required parameterThe method requires some parameters. One of the required parameters was not set in this method call. The error message will include the name of the missing parameter.
400003Unique identifier exists

A user tries to register or set the account information with an email or username that already exists in the accounts database. See Accounts API Error Codes and Messages for more information.  Some possible response messages are:

  • If a chosen Username already exists the returned message is Username already exists.
  • If a chosen Email already exists the returned message is Email already exists.
400004Invalid parameter formatOne of the parameters of this request has been set with a value which is not in the expected format.
400006Invalid parameter valueOne of the parameters of this request has been set with a value which is not within the parameter's defined value bounds. Please refer to the method's parameter table, and check the definition of valid values per parameter. The error message will include the name of the specific parameter.
400007Duplicate valueInternal error.
400008Invalid authentication headerAn OAuth2 error. See OAuth2 Error Response for more information.

In accounts.register, whenever there is a validation error.

Some possible response messages are:

  • If input Password Doesn't meet policy requirements (or is larger than 30 characters) the returned message is "Password does not meet complexity requirements".
  • If input Password Confirmation does not match Password field the returned message is Passwords do not match.
  • If any Invalid or unsupported input (all fields) is detected the returned message is Invalid %fieldname.
400011Invalid redirect URIAn OAuth2 error. See OAuth2 Error Response for more information.
400012Invalid response typeAn OAuth2 error. See OAuth2 Error Response for more information.
400013Unsupported grant typeAn OAuth2 error. See OAuth2 Error Response for more information.
400014Invalid grantAn OAuth2 error. See OAuth2 Error Response for more information.
400015Code expiredAn OAuth2 error. See OAuth2 Error Response for more information.
400020Schema validation failedThere was an attempt to write to fields from the client side. By default, only signed requests coming from the server are allowed to write into the data fields.
400021CAPTCHA verification failedThe registration policy requires the user to pass a CAPTCHA test in order to register and the CAPTCHA verification has failed. See Accounts API Error Codes and Messages for more information.
400022Unique index validation Used mostly for DS, where custom unique indexes are supported.
400023Invalid type validation When the internal type (string, int, date, etc) does not match the type of the provided value. 
400024Dynamic fields validation A validation error is returned whenever there is a data validation error regarding one of the following required fields: username, password, secretQuestion, secretAnswer, email.
400025Write access validation

A write access error regarding one of the following required fields: 

  • username
  • password
  • secretQuestion
  • secretAnswer
  • email
400026Invalid format validation Invalid regex format.
400027Required value validation 

A required value is missing or has an error in one of the following required fields:

  • username
  • password
  • secretQuestion
  • secretAnswer
  • email

Some possible response messages are:

  • If CAPTCHA input is blank or incorrect the returned message is "The characters you entered didn't match the word verification. Please try again".
  • If a required field (all fields) is not complete the returned message is "This field is required".
400028Email not verifiedThe email address provided has not been verified.
400029Schema conflictAn internal error was encountered while indexing the object.
400030Operation not allowedThis error is returned if a user logs in with a SAML provider, and multiple identities are not allowed, and a call to socialize.addConnection or to socialize.removeConnection is attempted.
400031Regex too complexThis error is returned if your implementation includes a custom regex for validating the email format of the field in registration screens (defined using accounts.setSchema), and the regex is so complex that it impedes performance.
400050Security verification failed With accounts.resetPassword when the provided credentials could not be verified.
400093Invalid ApiKey parameterThe provided API key is invalid.
400096Not supportedThe function is not supported by any of the currently connected providers.
400097Browser insecureThe user is attempting to access Gigya services from an insecure/unsupported browser. User should switch browsers.
400100No providersWith accounts.tfa.importTFA or accounts.tfa.resetTFA when no such TFA provider exists.
400103Invalid containerIDThe containerID specified does not exist.
400106Not connectedUser is not connected to the required network or to any network.
400120Invalid site domain

The current domain does not match the domain configured for the api key. This error may also be returned if the URL is behind a firewall or is otherwise not publicly available.

When sharing or shortening URLs via any Gigya Add-ons, APIs, or methods, the URL being used must be a publicly accessible URI. If the URI is behind a firewall, an HTTP Auth, or does not respond within 5 seconds of a request to retrieve the URL of the page, even if the URL is within a whitelisted domain, Gigya will respond with errorCode 400120 - Invalid Site Domain, and the request will fail.

400122Provider configuration errorAn error originated from a provider.
400124Limit reachedRefers generally to any reached limits, either in Loyalty or in Comments. In Loyalty, when a user performed more actions than the allowed daily cap (maximum actions per 24 hrs), or when a user performed actions more frequently than the allowed frequency cap (minimum interval between consecutive actions). So the error can be DailyCap exceeded or FreqCap exceeded. In commenting, the error is returned when a user reaches the daily limit of new comments threads per stream.
400125Frequency limit reachedA comments spam cap was reached.
400126Invalid actionIn Gamification when the action is invalid.
400127Insufficient points to redeemWhen the gamification method redeemPoints is called, and the user does not have enough points, the operation fails and this error occurs.
401000Invalid policy configurationIf Protect Against Account Harvesting policy is enabled and neither Email Validation nor CAPTCHA Validation policies are enabled.
401001Media items not supportedWhen media items are not allowed for this category.
401010Suspected spamIf someone is trying to use Gigya to send an email with a URL that does not match any of the client's domains. 
401020Login Failed Captcha RequiredIf accounts.login is attempted and the CAPTCHA threshold has been reached. The CAPTCHA threshold is set in the site Policies (security.captcha.failedLoginThreshold policy).
401021Login Failed Wrong CaptchaIf accounts.login is attempted and the CAPTCHA threshold has been reached and the provided CAPTCHA text is wrong. The CAPTCHA threshold is set in the site Policies (security.captcha.failedLoginThreshold policy).
401030Old password usedThe password provided is not the correct current password, however, it is a password previously associated with the account. This may appear in the following cases:
  • When accounts.login is attempted with a password that doesn't match the current password but does match the previous one, the server will return this error with a message saying that "the password was modified on" the date when the current password was set.
  • When accounts.resetPassword is attempted with a password that has previously been used with the account, the server will return this error with a message stating "invalid password: the provided password was already in use by this account".
403000ForbiddenYou do not have permission to invoke the method.
403002Request has expired

The timestamp or expiration of the token used exceeded the allowed time window.

The most common cause for this error is when your server's clock is not accurately set. This causes a gap between your time and Gigya's time. Even a gap of two minutes is enough to create this error.

Please refer to Signing requests for more details.

403003Invalid request signatureThe request is not signed with a valid signature. Please refer to Signing requests for more details.
403004Duplicate nonceThe value of the nonce parameter that was passed with this request is not unique. Gigya requires that in each REST API call the nonce string will be unique. If Gigya receives two API calls with the same nonce, the second API call is rejected. Please refer to Signing requests for more details.
403005Unauthorized userThe user ID that is passed is not valid for this site.
403006Secret Sent Over HttpWhen sending the secret key in REST it has to be over HTTPS. 
403007Permission deniedReturned when a user lacks the necessary permissions to perform the requested action, or when the user's credentials are not configured properly.  
403008Invalid OpenID UrlCannot find an openId endpoint on the url or cannot find the username given for the openId login.
403009Provider session expiredThe user session for this provider has expired.
403010Invalid SecretThe request has an invalid secret key.
403011Session has expiredThe session for this user has expired.
403012No valid sessionRequested user has no valid session.
403013Unverified UserThe user is not registered on the site. Encountering this error within a Site Group situation means that accounts.verifyLogin was not called on the destination site.
403015Missing request referrerWe can't validate the request because the referrer header is missing.
403017Unexpected provider userThe user currently logged in to the requested provider is not the same as the one logged in to the site.
403022Permission not requestedThis operation needs a user permission and it was not requested. You may use the method socialize.requestPermissions to request the user permission. After gaining user permission you may retry to execute this operation.
403023No user permissionThis operation needs a user permission and the user did not grant your application with the necessary permission.
403024Provider limit reachedLimit reached: Status is a duplicate. This error occurs when a user shares content multiple times, and is returned with the provider name, e.g., "provider" : "twitter".
403025Invalid tokenInvalid OAuth2 token. Read more in Using Gigya's REST API in compliance with OAuth 2.0.
403026Unauthorized access errorReturned from the accounts.isAvailableLoginID method, when Protect Against Account Harvesting policy is enabled.
403031Approved by moderatorCan't flag comment, it was already approved by a moderator.
403035No user cookieThe request is missing user credentials.
403036Unauthorized partnerThe relevant Gigya product is not enabled for this partner.
403037Post deniedComments - Post denied when the user tried to review twice.
403040No login ticketNo login ticket in callback URL.
403041Account disabledA user has tried to log into an inactive account. See Accounts API Error Codes and Messages for more information.
403042Invalid loginIDA user passes an incorrect password or a login ID that doesn't exist in our accounts database. See Accounts API Error Codes and Messages for more information.
403043Login identifier existsThe username/email address provided by the user exists in the database but is associated with a different user. See Accounts API Error Codes and Messages for more information.
403044Underage userA user under the age of 13 has tried to log in. For COPPA compliance (Children's Online Privacy Protection Act). Please refer to the Age Limit section in the Policies guide.
403045Invalid site configuration errorIf Customer Identity (RaaS) is enabled for your site, but the storage (DS) size has not been configured.
403047Login ID does not existThere is no user with that username or email. In the "Forgot Password" screen of a Gigya Screen-Set, this error is returned if a user fills in an email of a user that doesn't exist.
403048API Rate Limit ExceededThe daily API call limit has been reached.
403051Ip Blocked

The IP address attempting to connect to Gigya does not have permission.

Unable to render {include} The included page could not be found.

403100Pending password changeWhen accounts.login is attempted and the password change interval has passed since the last password change. The interval is set in the site Policies (security.passwordChangeInterval policy).
403101 Account Pending TFA VerificationWhen accounts.login, accounts.socialLogin, accounts.finalizeRegistration, socialize.notifyLogin, or socialize.login is called and the RBA policy requires two-factor authentication, and the device is not already in the verified device list for the account. The first time the method is called, the device needs to be registered, and for the following calls, the device needs to be verified. 


Account Pending TFA RegistrationWhen accounts.loginaccounts.socialLoginaccounts.finalizeRegistrationsocialize.notifyLogin, or socialize.login is called and the RBA policy requires two-factor authentication, and the device is not already in the verified device list for the account. The first time the method is called, the device needs to be registered, and for the following calls, the device needs to be verified. 
403110 Account Pending Recent Login When there is an attempt to deactivate a TFA provider for a user (with accounts.tfa.deactivateProvider) or to register a user (with accounts.tfa.initTFA) and the user did not log in through the device in the last few minutes.
403120Account Temporarily Locked OutWhen accounts.login is attempted and the account is locked out or the originating IP is locked out. This occurs after a set number of failed login attempts. This number is configured in the site's RBA Policies.
403200Redundant operationWhen the client performs an operation that is redundant.
403201Invalid application IDWhen the provided app ID is different from the one configured for the site.
404000Not found

When returned from a comments API: category not found.

When returned from an accounts API: email verification failed

Unable to render {include} The included page could not be found.

404001Friend not foundThe friend user ID provided is not a friend for the current user.
404002Category not foundComments - Category not found.
404003UID not foundCaused by an invalid UID, or a UID not applicable to the current API key.
404004Invalid URLAn 404 error message returned when the URL is invalid.
405001Invalid API methodInternal for Gigya JavaScript Web SDK.
409001Identity existsWhen attempting to connect to a provider that is already connected or to link to an already linked account.
409002Social provider exists in accountWhen attempting to link an account to a social provider, but that social provider already exists in the account, under a different email.
409010Missing user photoWhen calling accounts.getProfilePhoto, accounts.publishProfilePhoto or accounts.uploadProfilePhoto. The user photo requested does not exist or the photo provided is not valid.
409011Counter not registeredThere was an attempt to set or retrieve information in a counter that the system cannot find. See accounts.incrementCounters.
409012Invalid gmid ticketSee 3rd Party Cookies for information about using gmid tickets.
409013SAML mapped attribute not foundWhen a mapped attribute value for the providerUID cannot be retrieved.
409014SAML certificate not foundWhen the SAML certificate cannot be retrieved.
409030Concurrent updates not allowedWhen attempting to call an API for the same user/data with more than the maximum number of concurrent requests defined for that API.
409031No provider sessionWhen a request to a social provider is pending, but a required authToken is missing.
409040CERT_INVALID_CNAMEA Cname failed to validate. Possible causes are apiPrefix is empty or the domain name was not found or there was a name mismatch.
410000GoneResource is no longer available.
413001Request entity too largeComments plugin received a request that was too large.
413002Comment text too largeComments plugin received a comment with too much text.
413003Object too largeThe data store object size is too large, it is limited to 512KB.
413004Profile photo too largeThe profile photo exceeded file-size limits, or uses a non-supported format.
500000General security warning General security warning. When received while using any Gigya SDKs, this error means that the SDK could not connect to Gigya servers and does not mean there was an actual error received.
500001General Server errorGeneral server error.
500002Server login errorGeneral error during the login process.
500003Default application configurationFor multiple Data Centers (DCs) when no default application can be found.
500014Session migration errorError while migrating old Facebook session to new Graph API Facebook session.
500023Provider errorGeneral error from the provider.
500026Network errorVarious network errors, e.g., when a JSONP request fails.
500028Database errorGeneral database error.
500031No provider applicationThere is no definition of provider application for this site. Please refer to Opening External Applications to learn how to define a provider application.
500032Load FailedThe requested file failed to load.
500033Invalid environment configWhen there is no target environment in the config file.
500034Error during backend operationInternal error.
503001Service unavailable for this operationToo many calls were done with the same account UID within a specific time period.
504001TimeoutClient-side error.
504002Request TimeoutA timeout that was defined in the request is reached.
599999Missing Error CodeThis is the errorCode returned when there is no other specific errorCode defined for the error that occurred. You can find additional information in the errorDetails and/or statusReason fields (note that statusReason is a deprecated property and may not contain a value).


Unable to render {include} The included page could not be found.

Unable to render {include} The included page could not be found.


Additional Information

On certain occasions within Accounts APIs you may receive Validation Errors as sub errors of the primary error. This may occur whenever more than a single field is being validated as part of the originating API call. For more information, see Accounts API Validation Errors.