Clerk Backend API errors
An index of Clerk Backend API errors.
Actor Tokens
{
"shortMessage": "cannot revoke",
"longMessage": "Actor token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
"code": "actor_token_cannot_be_revoked_code"
}Allowlist Identifiers
{
"shortMessage": "Identifier not found",
"longMessage": "No identifier was found with id <identifierID>",
"code": "resource_not_found"
}
{
"shortMessage": "duplicate allowlist identifier",
"longMessage": "the identifier <identifier> already exists",
"code": "duplicate_record"
}Applications
AccountlessApplicationNotFound signifies an error when no application with the given claim token could be found
{
"shortMessage": "Application not found",
"longMessage": "No application was found with the given claim token.",
"code": "resource_not_found"
}Auth
{
"shortMessage": "Could not authenticate request.",
"longMessage": "Could not authenticate request.",
"code": "could_not_authenticate_request"
}
{
"shortMessage": "Failed to verify internal migration JWT.",
"longMessage": "Failed to verify internal migration JWT.",
"code": "failed_to_verify_internal_migration_jwt"
}
IdentificationExists signifies an error when the identifier already exists
{
"shortMessage": "already exists",
"longMessage": "This <identifier> already exists.",
"code": ""
}
{
"shortMessage": "The provided internal migration JWT is missing the instance ID.",
"longMessage": "The provided internal migration JWT is missing the instance ID.",
"code": "internal_migration_jwt_missing_instance_id"
}
InvalidAuthentication signifies an error when the request is not authenticated
{
"shortMessage": "Invalid authentication",
"longMessage": "Unable to authenticate the request, you need to supply an active session",
"code": "authentication_invalid"
}
InvalidAuthorization signifies an error when the request is not authorized to perform the given operation
{
"shortMessage": "Unauthorized request",
"longMessage": "You are not authorized to perform this request",
"code": "authorization_invalid"
}
InvalidAuthorizationHeaderFormat signifies an error when the Authorization header has no proper format.
{
"shortMessage": "Invalid Authorization header format",
"longMessage": "Invalid Authorization header format. Must be 'Bearer <YOUR_API_KEY>'",
"code": "authorization_header_format_invalid"
}
InvalidClerkSecretKey signifies an error when the supplied client key is invalid
{
"shortMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
"longMessage": "The provided Clerk Secret Key is invalid. Make sure that your Clerk Secret Key is correct.",
"code": "clerk_key_invalid"
}
InvalidRequestForEnvironment signifies an error when the incoming request is invalid for given environment(s)
{
"shortMessage": "Invalid request for environment",
"longMessage": "Request only valid for <envTypes> instances.",
"code": "request_invalid_for_environment"
}
RequestInvalidForInstance signifies an error when the incoming request is invalid for the given instance, due to the auth_config
{
"shortMessage": "Invalid request for instance",
"longMessage": "This request is not valid for your instance. Modify your instance settings to use this request.",
"code": "request_invalid_for_instance"
}
{
"shortMessage": "Unsupported country code",
"longMessage": "Phone numbers from this country (<countryName>) are currently not supported. For more information, please contact <support>.",
"code": "unsupported_country_code",
"meta": "{\"formParameter\": {\"Name\": \"param\"}, \"Alpha2\": alpha2, \"CountryCode\": countryCode}"
}Billing
{
"shortMessage": "Unsupported plan features",
"longMessage": "Some features are not supported in your current plan. Upgrade your subscription to unlock them.",
"code": "unsupported_subscription_plan_features",
"meta": {
"unsupportedfeatures": "unsupportedfeatures"
}
}Blocklist Identifiers
{
"shortMessage": "Identifier not found",
"longMessage": "No identifier was found with id <identifierID>",
"code": "resource_not_found"
}
{
"shortMessage": "duplicate blocklist identifier",
"longMessage": "the identifier <identifier> already exists",
"code": "duplicate_record"
}Clients
ClientNotFound signifies an error when no client is found with clientID
{
"shortMessage": "Client not found",
"longMessage": "No client was found with id <clientID>",
"code": "resource_not_found"
}
ClientNotFoundInRequest signifies an error when no client is found in an incoming request
{
"shortMessage": "No client found",
"longMessage": "This request is expecting a client and did not find one",
"code": "client_not_found"
}Cookie
InvalidCookie signifies an error when cookie is invalid
{
"shortMessage": "",
"code": "cookie_invalid"
}
InvalidRotatingToken signifies an error when rotating token does not match the client’s rotating token
{
"shortMessage": "",
"longMessage": "The client's rotating key does not match the given one <token>",
"code": "cookie_invalid"
}
MissingClaims signifies an error when token is missing claim
{
"shortMessage": "",
"longMessage": "The token is missing the following claims: <claims>",
"code": "cookie_invalid"
}Deprecation
{
"shortMessage": "endpoint is deprecated and pending removal",
"longMessage": "endpoint is deprecated and pending removal",
"code": "operation_deprecated"
}Domains
DomainUpdateForbidden signifies an error when trying to update an non production instance domain
{
"shortMessage": "Domain update was forbidden",
"longMessage": "Domain can be only updated for production instances",
"code": "domain_update_forbidden"
}
{
"shortMessage": "",
"longMessage": "Clerk Frontend API cannot be accessed through the proxy URL. Make sure your proxy is configured correctly.",
"code": "invalid_proxy_configuration",
"meta": {
"name": "proxy_url"
}
}
{
"shortMessage": "operation not allowed",
"longMessage": "This operation is not allowed on a primary domain. Try again with a satellite domain of the instance.",
"code": "operation_not_allowed_on_primary_domain"
}
PrimaryDomainAlreadyExists signifies an error when a new domain is added as
primary when there is already once in the instance.
Currently, we only support a single primary domain per instance.
{
"shortMessage": "primary domain already exists",
"longMessage": "Currently, only a single primary domain is supported and the current instance already has one. All new domains need to be set a satellites.",
"code": "primary_domain_already_exists",
"meta": {
"name": "is_satellite"
}
}Features
{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled on this instance",
"code": "feature_not_enabled"
}
{
"shortMessage": "not an OIDC provider",
"longMessage": "You are using the legacy OAuth 2.0 provider. Please migrate to the new OIDC compatible provider to use this feature",
"code": "feature_requires_oidc_provider"
}
{
"shortMessage": "not a Progressive Sign Up instance",
"longMessage": "<feature> can only be used in instances that migrated to Progressive Sign Up (https://clerk.com/docs/upgrade-guides/progressive-sign-up)",
"code": "feature_requires_progressive_sign_up"
}Forms
FormAlreadyExists signifies an error when given resource already exists
{
"shortMessage": "",
"code": "form_already_exists",
"meta": {
"name": "param"
}
}
FormAtLeastOneOptionalParameterMissing signifies an error when at least one optional parameter must be provided
{
"shortMessage": "at least one parameter must be provided",
"longMessage": "at least one of `<parameters>` must be provided",
"code": "form_param_missing",
"meta": {
"names": "paramnames"
}
}
{
"shortMessage": "Date values must not be in the future.",
"longMessage": "Date values must not be in the future.",
"code": "form_disallow_future_date",
"meta": {
"name": "param"
}
}
FormDuplicateParameter signifies an error when a duplicate parameter is found in a form
{
"shortMessage": "is duplicate",
"longMessage": "<param> included multiple times. There should only be one.",
"code": "form_param_duplicate",
"meta": {
"name": "param"
}
}
FormIdentifierExists signifies an error when given identifier already exists
{
"shortMessage": "",
"code": "form_identifier_exists",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Date values must be given in Unix millisecond timestamp format.",
"longMessage": "Date values must be given in Unix millisecond timestamp format.",
"code": "form_param_invalid_date",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid email address.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid email address local part.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidEncodingParameterValue signifies an error when the given parameter has an invalid encoding
{
"shortMessage": "invalid character encoding",
"longMessage": "<param> contains invalid UTF-8 characters",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be either a valid email address, a valid phone number according to E.164 international standard or a valid web3 wallet.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidOrigin signifies an error when the given origin is http/https
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid origin such as my-app://localhost, chrome-extension://mnhbilbfebpbokpjjamapdecdgieldho, or capacitor://localhost:3000",
"code": "form_invalid_origin",
"meta": {
"name": "param"
}
}
FormInvalidParameterFormat signifies an error when the given parameter has an invalid format
{
"shortMessage": "",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> is invalid. Only one of the following parameter values is allowed: <allowedValues>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValue signifies an error when the given parameter has an invalid value
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match one of the allowed values for parameter <param>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValueWithAllowed signifies an error when the given parameter has an invalid value.
The difference with FormInvalidParameterValue is that this error also includes the allowed values
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match the allowed values for parameter <param>. Allowed values: <allowedValues>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooLong signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_long",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooShort signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_short",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Passwords must contain at least one lowercase character.",
"longMessage": "Passwords must contain at least one lowercase character.",
"code": "form_password_no_lowercase",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Passwords must contain at least one number.",
"longMessage": "Passwords must contain at least one number.",
"code": "form_password_no_number",
"meta": {
"name": "param"
}
}
{
"shortMessage": "",
"code": "form_password_no_special_char",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Given password is not strong enough.",
"longMessage": "Given password is not strong enough.",
"code": "form_password_not_strong_enough"
}
{
"shortMessage": "Passwords must contain at least one uppercase character.",
"longMessage": "Passwords must contain at least one uppercase character.",
"code": "form_password_no_uppercase",
"meta": {
"name": "param"
}
}
FormInvalidPasswordSizeInBytesExceeded signifies that the size in bytes was exceeded.
Note that the maximum character length constraint may fail to detect this case,
if multi-byte characters are included in the password.
For example, bcrypt limit https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.8.0:bcrypt/bcrypt.go;l=87
{
"shortMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
"longMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
"code": "form_password_size_in_bytes_exceeded",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid phone number according to E.164 international standard.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
{
"shortMessage": "invalid format",
"longMessage": "<param> must contain a datetime specified in RFC3339 format (e.g. `2022-10-20T10:00:27.645Z`).",
"code": "form_param_invalid_time",
"meta": {
"name": "param"
}
}
FormInvalidTypeParameter signifies an error when a form parameter has the wrong type
{
"shortMessage": "is invalid",
"longMessage": "`<param>` must be a `<paramType>`.",
"code": "form_param_type_invalid",
"meta": {
"name": "param"
}
}
FormInvalidUsernameCharacter signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_invalid_character",
"meta": {
"name": "param"
}
}
FormInvalidUsernameLength signifies an error when the given username does not have required length
{
"shortMessage": "",
"code": "form_username_invalid_length",
"meta": {
"name": "param"
}
}
FormInvalidUsernameNeedsNonNumberCharCode signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_needs_non_number_char",
"meta": {
"name": "param"
}
}
FormInvalidWeb3Wallet signifies an error when the given web3 wallet address is invalid
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid web3 wallet address that starts with 0x and contains 40 hexadecimal characters.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormMetadataInvalidType signifies an error when the given metadata is not a valid key-value object
{
"shortMessage": "",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormMissingConditionalParameter signifies an error when required parameter based on conditions is missing
{
"shortMessage": "is missing",
"longMessage": "`<param>` is required when `<leftCondition>` is `<rightCondition>`.",
"code": "form_conditional_param_missing"
}
FormMissingConditionalParameterOnExistence signifies an error when parameter is required because of the existence of another
{
"shortMessage": "is missing",
"longMessage": "`<missingParam>` is required when `<conditionalParam>` is present.",
"code": "form_conditional_param_missing",
"meta": {
"name": "missingparam"
}
}
FormMissingParameter signifies an error when an expected form parameter is missing
{
"shortMessage": "is missing",
"longMessage": "<param> must be included.",
"code": "form_param_missing",
"meta": {
"name": "param"
}
}
FormMissingResource signifies an error when the form parameter is referring to a missing resource
{
"shortMessage": "is missing",
"longMessage": "The resource associated with the supplied <param> was not found.",
"code": "form_resource_not_found",
"meta": {
"name": "param"
}
}
FormNilParameter signifies an error when a nil parameter is found in a form
{
"shortMessage": "",
"code": "form_param_nil",
"meta": {
"name": "param"
}
}
FormNotAllowedToDisableDefaultSecondFactor signifies an error when trying to disable the default flag from a second-factor
{
"shortMessage": "The default second factor method can only be changed by assigning another method as the default.",
"longMessage": "The default second factor method can only be changed by assigning another method as the default.",
"code": "form_disable_default_second_factor_not_allowed",
"meta": {
"name": "param"
}
}
FormParameterArraySizeExceeded signifies an error when the given array exceeds the maximum allowed size
{
"shortMessage": "exceeds maximum size",
"longMessage": "<parameter> should not exceed %d items.",
"code": "form_param_array_size_exceeded",
"meta": {
"name": "param"
}
}
FormParameterMaxLengthExceeded signifies an error when the given param value exceeds the maximum allowed length
{
"shortMessage": "exceeds maximum length",
"longMessage": "<parameter> should not exceed %d characters.",
"code": "form_param_max_length_exceeded",
"meta": {
"name": "param"
}
}
FormParameterMinLengthExceeded signifies an error when the given param value is less than the minimum allowed length
{
"shortMessage": "does not reach minimum length",
"longMessage": "<parameter> must be at least %d characters long.",
"code": "form_param_min_length_exceeded",
"meta": {
"name": "param"
}
}
FormParameterNotAllowedConditionally signifies an error when parameter is not allowed based on condition
{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed when `<leftCondition>` is <rightCondition>.",
"code": "form_conditional_param_disallowed",
"meta": {
"name": "param"
}
}
FormParameterNotAllowedIfAnotherParameterIsPresent signifies an error when a parameter is present but
is not allowed because another parameter is also present
{
"shortMessage": "is not allowed",
"longMessage": "`<notAllowedParam>` isn't allowed when `<existingParam>` is present.",
"code": "form_conditional_param_disallowed",
"meta": {
"name": "notallowedparam"
}
}
FormParameterSizeTooLarge signifies an error when a parameter exceeds the max allowed size
{
"shortMessage": "",
"code": "form_param_exceeds_allowed_size",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Value too large",
"longMessage": "The value of <param> can't be greater than %d",
"code": "form_param_value_too_large",
"meta": {
"name": "param"
}
}
FormPasswordDigestInvalid signifies an error when the provided password_digest is not valid for the provided password_hasher
{
"shortMessage": "",
"code": "form_password_digest_invalid_code",
"meta": {
"name": "param"
}
}
FormPasswordValidationFailed signifies a generic error when the password validation failed
{
"shortMessage": "Incorrect password. Please try again.",
"longMessage": "Incorrect password. Please try again.",
"code": "form_password_validation_failed",
"meta": {
"name": "param"
}
}
FormPwnedPassword signifies an error when the chosen password has been found in the pwned list
{
"shortMessage": "",
"code": "form_password_pwned",
"meta": {
"name": "param"
}
}
FormUnknownParameter signifies an error when an unexpected parameter is found in a form
{
"shortMessage": "is unknown",
"longMessage": "<param> is not a valid parameter for this request.",
"code": "form_param_unknown",
"meta": {
"name": "param"
}
}
FormValidationFailed converts validator.ValidationErrors to Error.
{
"shortMessage": "is invalid",
"longMessage": "<sanitizedField> is invalid",
"code": "form_param_value_invalid",
"meta": {
"name": "sanitizedfield"
}
}Home Url
HomeURLTaken signifies an error when the root domain of the provided home_url already in use by another application
{
"shortMessage": "Domain already in use",
"longMessage": "The <homeURL> root domain is already in use by another application.",
"code": "home_url_taken",
"meta": {
"name": "paramname"
}
}
KnownHostingDomain signifies an error when the domain extracted from the provided home_url belongs to a
known hosting service and cannot be used to deploy production apps
{
"shortMessage": "Known hosting domain",
"longMessage": "The <domain> domain cannot be used to deploy production apps.",
"code": "known_hosting_domain",
"meta": {
"name": "paramname"
}
}
ReservedDomain signifies an error when the domain extracted from the provided home_url is reserved by Clerk
{
"shortMessage": "Domain reserved by Clerk",
"longMessage": "The <domain> domain is reserved by Clerk.",
"code": "reserved_domain",
"meta": {
"name": "paramname"
}
}
ReservedSubdomain signifies an error when the subdomain extracted from the provided home_url is reserved by Clerk
{
"shortMessage": "Reserved subdomain",
"longMessage": "The <subdomain> subdomain is reserved by Clerk.",
"code": "reserved_subdomain",
"meta": {
"name": "paramname"
}
}Identifications
{
"shortMessage": "Create failed",
"longMessage": "Unverified identifications cannot be a second factor",
"code": "identification_create_second_factor_unverified"
}
IdentificationNotFound signifies an error when comm is not found
{
"shortMessage": "Resource not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}
{
"shortMessage": "Update failed",
"longMessage": "You cannot set your last identification as second factor.",
"code": "identification_update_failed"
}
{
"shortMessage": "Update failed",
"longMessage": "Cannot update second factor attributes for unverified identification",
"code": "identification_update_second_factor_unverified"
}Images
{
"shortMessage": "Image not found",
"longMessage": "Image not found",
"code": "image_not_found"
}
RequestWithoutImage signifies an error when no image was present in the request.
{
"shortMessage": "Image file missing",
"longMessage": "There was no image file present in the request",
"code": "form_param_missing"
}Instance Settings
{
"shortMessage": "Enhanced email deliverability mode is only compatible with email codes (OTP)",
"longMessage": "Ensure that either enhanced email deliverability is disabled or you only have email codes (OTP) enabled.",
"code": "enhanced_email_deliverability_prohibited"
}Instances
BreaksInstanceInvariantCode
{
"shortMessage": "Breaks instance invariant",
"longMessage": "%v - This invariant is determined by your user settings",
"code": "breaks_instance_invariant"
}
InstanceNotFound signifies an error when no instance with given instanceID was found
{
"shortMessage": "Instance not found",
"longMessage": "No instance was found with id <instanceID>",
"code": "resource_not_found"
}Internal
{
"shortMessage": "Bad request",
"longMessage": "Bad request",
"code": "bad_request"
}
403 - quota exceeded
{
"shortMessage": "Quota exceeded",
"longMessage": "Quota exceeded, you have reached your limit.",
"code": "quota_exceeded"
}
Unexpected is used for all unexpected errors
{
"shortMessage": "Oops, an unexpected error occurred",
"longMessage": "There was an internal error on our servers. We've been notified and are working on fixing it.",
"code": "internal_clerk_error"
}Invitations
DuplicateInvitations denotes an error when there are already invitations
for the given email addresses
{
"shortMessage": "",
"longMessage": "There are already pending invitations for the following email addresses: <emails>",
"code": "duplicate_record",
"meta": {
"emailaddresses": "emailaddresses"
}
}
InvitationAlreadyAccepted denotes an error when someone tries to use
an invitation which is already accepted.
{
"shortMessage": "Invitation is already accepted, try signing in instead.",
"longMessage": "Invitation is already accepted, try signing in instead.",
"code": "invitation_already_accepted"
}
InvitationAlreadyRevoked denotes an error when someone tries to revoke
an invitation which is already revoked.
{
"shortMessage": "Invitation is already revoked.",
"longMessage": "Invitation is already revoked.",
"code": "invitation_already_revoked"
}
InvitationNotFound denotes an error when there is no invitation with
the given id
{
"shortMessage": "not found",
"longMessage": "No invitation was found with id <invitationID>.",
"code": "resource_not_found"
}
InvitationsNotSupportedInInstance denotes an error when user is
trying to create an invitation on an instance that doesn’t support it
{
"shortMessage": "Invitations are only supported on instances that accept email addresses.",
"longMessage": "Invitations are only supported on instances that accept email addresses.",
"code": "invitations_not_supported"
}Jwt Templates
JWTTemplateNotFound signifies an error when a JWT template was not found by the provided attribute
{
"shortMessage": "JWT template not found",
"longMessage": "No JWT template exists with <attribute>: <val>",
"code": "resource_not_found"
}
JWTTemplateReservedClaim denotes an error when the provided template contains a reserved claim.
{
"shortMessage": "reserved claim used",
"longMessage": "You can't use the reserved claim: '<claim>'",
"code": "jwt_template_reserved_claim",
"meta": {
"name": "param"
}
}
{
"shortMessage": "session token template cannot be deleted",
"longMessage": "This template cannot be deleted because it's a session token template",
"code": "session_token_jwt_template"
}Machine Token
MachineTokenReservedClaim denotes an error when the provided machine token claims object contains a reserved claim.
{
"shortMessage": "reserved claim used",
"longMessage": "You can't use the reserved claim: '<claim>'",
"code": "machine_token_reserved_claim",
"meta": {
"name": "param"
}
}Maintenance
{
"shortMessage": "System under maintenance",
"longMessage": "We are currently undergoing maintenance and only essential operations are permitted. We will be back shortly.",
"code": "maintenance_mode"
}Management
{
"shortMessage": "duplicate list items not allowed",
"longMessage": "duplicate list items not allowed: <param>",
"code": "duplicate_list_items_not_allowed"
}
{
"shortMessage": "invalid environment type",
"longMessage": "invalid environment types: <envTypes>",
"code": "invalid_environment_type"
}Oauth
{
"shortMessage": "Missing OAuth access token",
"longMessage": "OAuth access token is missing",
"code": "oauth_missing_access_token"
}
{
"shortMessage": "Cannot refresh OAuth access token",
"longMessage": "The current access token has expired and we cannot refresh it, because the authorization server hasn't provided us with a refresh token",
"code": "oauth_missing_refresh_token"
}
{
"shortMessage": "OAuth provider not enabled",
"longMessage": "Single-sign on for this OAuth provider is not enabled in the instance settings.",
"code": "oauth_token_provider_not_enabled"
}
{
"shortMessage": "Token retrieval failed",
"longMessage": "Failed to retrieve a new access token from the OAuth provider",
"code": "oauth_token_retrieval_error"
}
UnsupportedOauthProvider signifies an error when an instance tries to enable
an OAuth external provider which is not supported.
{
"shortMessage": "",
"longMessage": "%v OAuth is not supported. Please contact us if you think this error should not appear.",
"code": "oauth_unsupported_provider"
}Oauth Application
{
"shortMessage": "duplicate redirect URI",
"longMessage": "the redirect URI already exists",
"code": "duplicate_record"
}
{
"shortMessage": "consent screen cannot be disabled",
"longMessage": "Consent screen cannot be disabled for a dynamically registered OAuth Application",
"code": "oauth_application_consent_screen_cannot_be_disabled"
}Organizations
{
"shortMessage": "missing permission",
"longMessage": "Current user is missing an organization permission.",
"code": "missing_organization_permission",
"meta": {
"permissions": "permissions"
}
}
403 - Only for organization members Deprecated: This error reveals the existence of an organization to an unauthorized user. Use OrganizationNotFoundOrUnauthorized instead, and ensure other pathways that error when the organization isn’t found also use OrganizationNotFoundOrUnauthorized
{
"shortMessage": "not a member",
"longMessage": "Current user is not a member of the organization. Only organization members can perform this action.",
"code": "not_a_member_in_organization"
}
{
"shortMessage": "this organization already has an SSO connection",
"longMessage": "This organization already has an SSO connection.",
"code": "organization_already_has_sso_connection",
"meta": {
"name": "organization_id"
}
}
400 - Creator doesn’t exist
{
"shortMessage": "creator not found",
"longMessage": "No users found with id <userID>.",
"code": "organization_creator_not_found"
}
{
"shortMessage": "organizaton domain already exists",
"longMessage": "This domain is already used by another organization.",
"code": "organization_domain_already_exists",
"meta": {
"name": "param"
}
}
{
"shortMessage": "blocked email domain",
"longMessage": "This is a blocked email provider domain. Please use a different one.",
"code": "organization_domain_blocked",
"meta": {
"name": "param"
}
}
{
"shortMessage": "common email domain",
"longMessage": "This is a common email provider domain. Please use a different one.",
"code": "organization_domain_common",
"meta": {
"name": "param"
}
}
{
"shortMessage": "organization enrollment mode not enabled",
"longMessage": "Enrollment mode <enrollmentMode> is not enabled for this instances's organizations.",
"code": "organization_domain_enrollment_mode_not_enabled"
}
{
"shortMessage": "organization domains quota exceeded",
"longMessage": "You have reached your limit of %d domains per organization.",
"code": "organization_domain_quota_exceeded"
}
{
"shortMessage": "organization invitation not unique",
"longMessage": "Organizations cannot have duplicate pending invitations for an email address.",
"code": "organization_invitation_not_unique"
}
{
"shortMessage": "missing permissions for creator role",
"longMessage": "The creator role must contain the following permissions: <permissionKeys>",
"code": "organization_missing_creator_role_permissions"
}
{
"shortMessage": "invalid organization name",
"longMessage": "The organization name %q is invalid: <name>",
"code": "form_param_value_invalid",
"meta": {
"name": "name"
}
}
{
"shortMessage": "access denied",
"longMessage": "The organizations feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "organization_not_enabled_in_instance"
}
404 - Organization not found
WARNING: This is safe to use for endpoints where the caller is authorized to be
aware of every organization. But if the endpoint errors if the caller is not
authorized on the organization, do not use this, because it leaks the existence
of the organization! Use OrganizationNotFoundOrUnauthorized instead.
{
"shortMessage": "not found",
"longMessage": "Given organization not found.",
"code": "resource_not_found"
}
404 - Used for any case
{
"shortMessage": "not found or unauthorized",
"longMessage": "Given organization not found, or you don't have permission to access the organization",
"code": "organization_not_found_or_unauthorized"
}
{
"shortMessage": "not found",
"longMessage": "Organization role not found",
"code": "resource_not_found",
"meta": {
"name": "paramname"
}
}
{
"shortMessage": "cannot disable organizations",
"longMessage": "Cannot disable organizations because <reason>.",
"code": "organizations_disable_not_allowed"
}Redirect Urls
RedirectURLNotFound signifies an error when a RedirectURL was not found by the provided attribute
{
"shortMessage": "Redirect url not found",
"longMessage": "No RedirectURL exists with <attribute>: <val>",
"code": "resource_not_found"
}Requests
{
"shortMessage": "bulk size exceeded",
"longMessage": "Parameters exceed the maximum allowed bulk processing size of %d.",
"code": "bulk_size_exceeded"
}
{
"shortMessage": "",
"longMessage": "<value> does not match one of the allowed values for parameter <param>",
"code": "invalid_query_parameter_value"
}
InvalidRequestBody signifies an error when the body of the request does not conform to the expected format
{
"shortMessage": "Request body invalid",
"longMessage": "The request body is invalid. Please consult the API documentation for more information.",
"code": "request_body_invalid"
}
{
"shortMessage": "Malformed publishable key",
"longMessage": "Ensure the provided publishable key (<key>) is the one displayed in Dashboard",
"code": "malformed_publishable_key"
}
MalformedRequestParameters signifies an error when the request parameters are malformed and result in parsing errors
{
"shortMessage": "Malformed request parameters",
"longMessage": "The request parameters are malformed and could not be parsed",
"code": "malformed_request_parameters"
}
{
"shortMessage": "Missing query parameter",
"longMessage": "Either of the following query parameters must be provided: <parameters>.",
"code": "missing_query_parameter"
}
MissingQueryParameter denotes that the required query parameter, param, was
not provided by the request.
{
"shortMessage": "",
"longMessage": "The query parameter '<param>' is missing from the request. Please consult the API documentation for more information.",
"code": "missing_query_parameter"
}
UnsupportedContentType signifies an error when provided content type is unsupported
{
"shortMessage": "Content-Type is unsupported",
"longMessage": "Content-Type <actual> is unsupported. You should use <expected> instead.",
"code": "unsupported_content_type"
}Saml
{
"shortMessage": "SAML Connection can't be activated",
"longMessage": "You have to provide the <fields> before you are able to activate this connection.",
"code": "saml_connection_cant_be_activated"
}
{
"shortMessage": "Failed to fetch IdP metadata",
"longMessage": "We failed to fetch the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
"code": "saml_failed_to_fetch_idp_metadata"
}
{
"shortMessage": "Failed to parse IdP metadata",
"longMessage": "We failed to parse the IdP metadata. If the error persists, please provide the IdP configuration data explicitly.",
"code": "saml_failed_to_parse_idp_metadata"
}Session Refresh
{
"shortMessage": "expired session token consumed",
"longMessage": "The provided expired session token was already consumed in a previous refresh request",
"code": "session_refresh_expired_session_token_consumed"
}
{
"shortMessage": "Invalid expired_token param",
"longMessage": "The session token provided could not be successfully verified",
"code": "expired_session_token_invalid"
}
{
"shortMessage": "session token too old",
"longMessage": "The provided expired session token is too old",
"code": "session_refresh_expired_session_token_too_old"
}
{
"shortMessage": "session inactive",
"longMessage": "The provided session is not active",
"code": "session_refresh_inactive_session"
}
{
"shortMessage": "expired session token ineligible",
"longMessage": "The provided expired session token is not eligible for refresh",
"code": "session_refresh_session_token_ineligible"
}
{
"shortMessage": "Request origin is invalid",
"longMessage": "The request_origin parameter could not be parsed",
"code": "refresh_request_origin_invalid"
}
{
"shortMessage": "missing 'azp' claim",
"longMessage": "No 'azp' claim present in the provided expired session token",
"code": "expired_session_token_missing_azp"
}
{
"shortMessage": "missing 'iat' claim",
"longMessage": "No 'iat' claim present in the provided expired session token",
"code": "session_refresh_expired_session_token_missing_iat"
}
{
"shortMessage": "missing 'sid' claim",
"longMessage": "No 'sid' claim present in the provided expired session token",
"code": "expired_session_token_missing_sid"
}
{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled in your instance",
"code": "feature_not_enabled"
}
{
"shortMessage": "Request origin does not match azp claim",
"longMessage": "The request_origin parameter does not match the 'azp' claim of expired_token",
"code": "refresh_request_origin_azp_mismatch"
}
{
"shortMessage": "Session not found",
"longMessage": "No session was found with id <sessionID>",
"code": "session_refresh_session_not_found"
}
{
"shortMessage": "Session ID does not match the 'sid' claim",
"longMessage": "The 'sid' claim of the provided expired session token does not match the session ID provided in the request path",
"code": "refresh_sid_mismatch"
}
{
"shortMessage": "Refresh token not found",
"longMessage": "The provided refresh token was not found",
"code": "refresh_token_not_found"
}
{
"shortMessage": "user not found",
"longMessage": "The provided user was not found",
"code": "session_refresh_user_not_found"
}Sessions
{
"shortMessage": "account deprovisioned",
"longMessage": "Your account is deprovisioned",
"code": "deprovisioned"
}
{
"shortMessage": "account deprovisioned",
"longMessage": "The target user's account has been deprovisioned according to their external identity provider",
"code": "deprovisioned"
}
{
"shortMessage": "Invalid session token",
"longMessage": "The token provided could not be successfully verified",
"code": "invalid_session_token"
}
SessionNotFound signifies an error when no session with given sessionID was found
{
"shortMessage": "Session not found",
"longMessage": "No session was found with id <sessionID>",
"code": "resource_not_found"
}Sign In
IdentificationClaimed signifies an error when the requested identification is already claimed by another user
{
"shortMessage": "Identification claimed by another user",
"longMessage": "One or more identifiers on this sign up have since been connected to a different User. Please sign up again.",
"code": "identification_claimed"
}Sign In Tokens
{
"shortMessage": "cannot revoke",
"longMessage": "Sign in token cannot be revoked because its status is <status>. Only pending tokens can be revoked.",
"code": "sign_in_token_cannot_be_revoked_code"
}Sign Up
{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed to be `%v` when sign-up mode is set to <value>",
"code": "sign_up_mode_restricted_invalid_value",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Sign up cannot be updated",
"longMessage": "This sign up has reached a terminal state and cannot be updated",
"code": "sign_up_cannot_be_updated"
}Signing Keys
SigningKeyNotFound signifies an error when no signing key with a given signingKeyID was found
{
"shortMessage": "Signing key not found",
"longMessage": "No signing key was found with id <signingKeyID>",
"code": "resource_not_found"
}Subscription Plans
{
"shortMessage": "Product not supported by subscription plan",
"longMessage": "The product <productID> is not compatible with the current subscription plan",
"code": "product_not_supported_by_subscription_plan"
}Templates
{
"shortMessage": "Invalid template body",
"longMessage": "This template body is invalid and cannot be rendered successfully, please check for syntax errors",
"code": "invalid_template_body",
"meta": {
"name": "body"
}
}
{
"shortMessage": "",
"longMessage": "Body should contain the {{<requiredVariable>}} variable",
"code": "required_variable_missing",
"meta": {
"name": "body"
}
}
{
"shortMessage": "Template body cannot be modified",
"longMessage": "The body of template with slug <slug> can't be modified",
"code": "template_body_modification_restricted"
}
TemplateDeletionRestricted signifies an error when a deletion is attempted for a built-in (non-custom) template
{
"shortMessage": "Template deletion restricted",
"longMessage": "Template with slug <slug> can't be deleted",
"code": "template_deletion_restricted"
}
TemplateNotFound signifies an error when no template with given slug was found
{
"shortMessage": "Template not found",
"longMessage": "No template was found with slug <slug>",
"code": "resource_not_found"
}
TemplateRevertRestricted signifies an error when a custom template is attempted to be reverted
{
"shortMessage": "Template revert restricted",
"longMessage": "Template with slug <slug> can't be reverted",
"code": "template_revert_error"
}
TemplateTypeUnsupported signifies an error when an invalid template type is provided
{
"shortMessage": "Template type not supported",
"longMessage": "Template type <templateType> is not supported",
"code": "template_type_unsupported"
}Totp
{
"shortMessage": "invalid TOTP secret",
"longMessage": "The TOTP secret is invalid, please provide a valid one base32 encoded",
"code": "invalid_totp_secret_code"
}Url
{
"shortMessage": "URL not found",
"longMessage": "The URL was not found",
"code": "resource_not_found"
}User Settings
{
"shortMessage": "forbidden",
"longMessage": "Resource forbidden",
"code": "resource_forbidden"
}
{
"shortMessage": "not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}Users
{
"shortMessage": "incorrect password",
"longMessage": "The provided password is not the one the user has set",
"code": "incorrect_password"
}
{
"shortMessage": "incorrect TOTP",
"longMessage": "The provided TOTP code is incorrect",
"code": "totp_incorrect_code"
}
{
"shortMessage": "invalid length",
"longMessage": "The provided TOTP code must be 6 characters long.",
"code": "totp_invalid_length"
}
{
"shortMessage": "no password set",
"longMessage": "This user does not have a password set for their account",
"code": "no_password_set"
}
{
"shortMessage": "TOTP is disabled",
"longMessage": "This user does not have TOTP enabled in their account",
"code": "totp_disabled"
}
UserBanned signifies an error when a user is banned
{
"shortMessage": "User banned",
"longMessage": "You have been banned. If you think this was by mistake, please contact support.",
"code": "user_banned"
}
{
"shortMessage": "missing data",
"longMessage": "%q data doesn't match user requirements set for this instance",
"code": "form_data_missing",
"meta": {
"names": "missingparams"
}
}
UserNotFound signifies an error when no user is found with userID
{
"shortMessage": "not found",
"longMessage": "No user was found with id <userID>",
"code": "resource_not_found"
}
{
"shortMessage": "user quota exceeded",
"longMessage": "You have reached your limit of %d users. <maxAllowed>",
"code": "user_quota_exceeded"
}Webhooks
{
"shortMessage": "No Svix apps are associated with the current instance.",
"longMessage": "No Svix apps are associated with the current instance.",
"code": "svix_app_missing"
}Clerk Frontend API errors
An index of Clerk Frontend API errors.
Actor Tokens
{
"shortMessage": "actor token has already been used",
"longMessage": "This actor token has already been used. Each token can only be used once.",
"code": "actor_token_already_used_code"
}
{
"shortMessage": "not in sign in",
"longMessage": "Actor tokens can only be used during sign in.",
"code": "actor_token_not_in_sign_in_code"
}
{
"shortMessage": "actor token cannot be used",
"longMessage": "This actor token cannot be used anymore. Please request a new one.",
"code": "actor_token_cannot_be_used_code"
}
{
"shortMessage": "actor token has been revoked",
"longMessage": "This actor token has been revoked and cannot be used anymore.",
"code": "actor_token_revoked_code"
}
{
"shortMessage": "user not found",
"longMessage": "The user of the actor token no longer exists. Please request a new one.",
"code": "actor_token_subject_not_found"
}Auth
IdentificationExists signifies an error when the identifier already exists
{
"shortMessage": "already exists",
"longMessage": "This <identifier> already exists.",
"code": ""
}
{
"shortMessage": "Email subaddress not allowed.",
"longMessage": "Email address must not contain the characters '+', '=', or '#'.",
"code": "not_allowed_access",
"meta": {
"name": "email_address"
}
}
{
"shortMessage": "Country code not allowed.",
"longMessage": "Phone number sign ups are not allowed for this country code. Please use a different method.",
"code": "not_allowed_access",
"meta": {
"name": "phone_number"
}
}
{
"shortMessage": "Access not allowed.",
"longMessage": "<who> <pluralization> not allowed to access this application.",
"code": "not_allowed_access",
"meta": "{\"Identifiers\": identifiers}"
}
InvalidAuthentication signifies an error when the request is not authenticated
{
"shortMessage": "Invalid authentication",
"longMessage": "Unable to authenticate the request, you need to supply an active session",
"code": "authentication_invalid"
}
InvalidAuthorization signifies an error when the request is not authorized to perform the given operation
{
"shortMessage": "Unauthorized request",
"longMessage": "You are not authorized to perform this request",
"code": "authorization_invalid"
}
InvalidAuthorizationHeaderFormat signifies an error when the Authorization header has no proper format.
{
"shortMessage": "Invalid Authorization header format",
"longMessage": "Invalid Authorization header format. Must be 'Bearer <YOUR_API_KEY>'",
"code": "authorization_header_format_invalid"
}
InvalidCSRFToken signifies an error when the request does not contain a CSRF token or the given token is invalid
{
"shortMessage": "Invalid or missing CSRF token",
"longMessage": "To protect against CSRF attacks, the given request must include a valid CSRF token.",
"code": "csrf_token_invalid"
}
{
"shortMessage": "invalid handshake",
"longMessage": "The handshake request is invalid: <reason>",
"code": "invalid_handshake"
}
InvalidHost signifies an error when the incoming request has an invalid host
{
"shortMessage": "Invalid host",
"longMessage": "We were unable to attribute this request to an instance running on Clerk. Make sure that your Clerk Publishable Key is correct.",
"code": "host_invalid"
}
InvalidOriginHeader signifies an error when the origin header of the incoming request is invalid
{
"shortMessage": "Invalid HTTP Origin header",
"longMessage": "The Request HTTP Origin header must be equal to or a subdomain of the requesting URL.",
"code": "origin_invalid"
}
InvalidRequestForEnvironment signifies an error when the incoming request is invalid for given environment(s)
{
"shortMessage": "Invalid request for environment",
"longMessage": "Request only valid for <envTypes> instances.",
"code": "request_invalid_for_environment"
}
InvalidUserSettings signifies an error where the auth settings of the instance
are not well configured, which results in sign in and sign up endpoints to be
restricted.
{
"shortMessage": "invalid auth configuration",
"longMessage": "The authentication settings are invalid.",
"code": "user_settings_invalid"
}
MissingRequestHeadersForNonStandardBrowsers signifies an error when the incoming request is missing mandatory headers
{
"shortMessage": "Invalid request headers",
"longMessage": "Your Clerk Frontend API is accessible from browsers and native applications. To protect against common web attacks, we require the HTTP Authorization header to be present in native application requests. Make sure the HTTP Authorization header is set a valid Clerk client JWT or set it to an empty string for your first Frontend API request that will return your Clerk client JWT.",
"code": "request_header_missing"
}
MissingRequestHeadersForStandardBrowsers signifies an error when the incoming request is missing mandatory headers
{
"shortMessage": "Invalid request headers",
"longMessage": "Your Clerk Frontend API is accessible from browsers and native applications. To protect against standard web attacks, the HTTP Origin header is required in browser requests. If you see this error, you probably accessed Clerk Frontend API directly from the address bar or a browser extension is intercepting your browser requests, removing the HTTP Origin header. For more information refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin.",
"code": "request_header_missing"
}
{
"shortMessage": "Multiple 'Authorization' header values",
"longMessage": "Setting multiple values in the 'Authorization' header is forbidden",
"code": "multiple_authorization_header_values_forbidden"
}
{
"shortMessage": "Multiple 'Origin' header values",
"longMessage": "Setting multiple values in the 'Origin' header is forbidden",
"code": "multiple_origin_header_values_forbidden"
}
NativeAPIDisabled signifies an error when the incoming request is from a native client (\_is\_native={1|true})
and the instance is not configured to allow native API requests.
{
"shortMessage": "Native API disabled",
"longMessage": "The Native API is disabled for this instance. Visit the Clerk Dashboard to enable it.",
"code": "native_api_disabled"
}
{
"shortMessage": "Setting both the 'Origin' and 'Authorization' headers is forbidden",
"longMessage": "For security purposes, only one of the 'Origin' and 'Authorization' headers should be provided, but not both. In browser contexts, the 'Origin' header is set automatically by the browser. In native application contexts (e.g. mobile apps), set the 'Authorization' header.",
"code": "origin_authorization_headers_conflict"
}
SignedOut signifies an error when a user is signed out
{
"shortMessage": "Signed out",
"longMessage": "You are signed out",
"code": "signed_out"
}
{
"shortMessage": "This email address is already in use.",
"longMessage": "This email address is already in use. Creating multiple accounts with the same email address is not allowed.",
"code": "not_allowed_access",
"meta": {
"name": "email_address"
}
}
{
"shortMessage": "Unsupported country code",
"longMessage": "Phone numbers from this country (<countryName>) are currently not supported. For more information, please contact <support>.",
"code": "unsupported_country_code",
"meta": "{\"formParameter\": {\"Name\": \"param\"}, \"Alpha2\": alpha2, \"CountryCode\": countryCode}"
}
URLBasedSessionSyncingDisabled signifies an error when the incoming request attempts
to use an endpoint with URL-based session syncing, when the instance operates with
third-party cookies instead.
{
"shortMessage": "URL-based session syncing is disabled for this instance",
"longMessage": "This is a development instance operating with legacy, third-party cookies. To enable URL-based session syncing refer to https://clerk.com/docs/upgrade-guides/url-based-session-syncing.",
"code": "url_based_session_syncing_disabled"
}Awscognito
{
"shortMessage": "ADMIN_USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client.",
"longMessage": "ADMIN_USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client. Ensure that your Cognito user pool has a public client with the ALLOW_ADMIN_USER_PASSWORD_AUTH auth flow enabled.",
"code": "aws_cognito_admin_user_password_auth_not_enabled"
}
{
"shortMessage": "USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client.",
"longMessage": "USER_PASSWORD_AUTH flow not enabled for this AWS Cognito client. Ensure that your Cognito user pool has a public client with the ALLOW_USER_PASSWORD_AUTH auth flow enabled.",
"code": "aws_cognito_user_password_auth_not_enabled"
}Backup Codes
{
"shortMessage": "Backup codes not available",
"longMessage": "In order to use backup codes, you have to enable any other Multi-factor method",
"code": "backup_codes_not_available"
}Clients
ClientNotFound signifies an error when no client is found with clientID
{
"shortMessage": "Client not found",
"longMessage": "No client was found with id <clientID>",
"code": "resource_not_found"
}
ClientNotFoundInRequest signifies an error when no client is found in an incoming request
{
"shortMessage": "No client found",
"longMessage": "This request is expecting a client and did not find one",
"code": "client_not_found"
}Commerce
{
"shortMessage": "Annual plan period not supported",
"longMessage": "Annual plan period not supported",
"code": "annual_plan_period_not_supported"
}
{
"shortMessage": "access denied",
"longMessage": "The billing feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "billing_not_enabled"
}
{
"shortMessage": "Another checkout is already in progress",
"longMessage": "Another checkout is already in progress",
"code": "checkout_already_in_progress"
}
{
"shortMessage": "Checkout not found",
"longMessage": "Checkout not found",
"code": "checkout_not_found"
}
{
"shortMessage": "Statement not found",
"longMessage": "No statement found with id <statementID>.",
"code": "commerce_statement_not_found"
}
{
"shortMessage": "External payments not setup",
"longMessage": "External payments not setup",
"code": "external_payments_not_setup"
}
{
"shortMessage": "Invalid gateway type",
"longMessage": "Gateway type is invalid",
"code": "invalid_gateway_type"
}
{
"shortMessage": "Invalid plan change",
"longMessage": "Please choose a different plan or billing interval, or contact support.",
"code": "invalid_plan_change",
"meta": "{\"Plan\": {\"ID\": \"planID\", \"Name\": \"planName\", \"CurrencySymbol\": \"currencySymbol\", \"AmountFormatted\": \"amountFormatted\", \"AnnualAmountFormatted\": \"annualMonthlyAmountFormatted\"}, \"Period\": period, \"IsPlanUpgradePossible\": isPlanUpgradePossible}"
}
{
"shortMessage": "Invalid plan type",
"longMessage": "Plan type (<planType>) is invalid",
"code": "invalid_plan_type"
}
{
"shortMessage": "Invalid use of test card",
"longMessage": "Test card cannot be used in production environment.",
"code": "invalid_use_of_test_card"
}
{
"shortMessage": "Max payment methods quota exceeded",
"longMessage": "You have reached your limit of %d payment methods. Please delete a payment source to add a new one.",
"code": "max_payment_methods_quota_exceeded"
}
{
"shortMessage": "Missing payer email",
"longMessage": "Payer email is required to perform this operation",
"code": "missing_payer_email"
}
{
"shortMessage": "Missing plan ID",
"longMessage": "Plan ID is required to perform this operation",
"code": "missing_plan_id"
}
{
"shortMessage": "Payee not active",
"longMessage": "Payee is not active",
"code": "payee_not_active"
}
{
"shortMessage": "Payee not found",
"longMessage": "Payee not found",
"code": "payee_not_found"
}
{
"shortMessage": "Payer not found",
"longMessage": "Payer not found",
"code": "payer_not_found"
}
{
"shortMessage": "Your card was declined",
"longMessage": "The card was declined.",
"code": "payment_attempt_failed_card_declined"
}
{
"shortMessage": "Card expired",
"longMessage": "The card has expired.",
"code": "payment_attempt_failed_card_expired"
}
{
"shortMessage": "Insufficient funds",
"longMessage": "The card has insufficient funds.",
"code": "payment_attempt_failed_card_insufficient_funds"
}
{
"shortMessage": "Processing error",
"longMessage": "There was a processing error with the payment method.",
"code": "payment_attempt_failed_processing_error"
}
{
"shortMessage": "Payment method is expired",
"longMessage": "Payment method is expired",
"code": "payment_source_expired"
}
{
"shortMessage": "Payment source in use",
"longMessage": "Payment source is in use, as you have active subscriptions. Please cancel those subscriptions before deleting the payment source.",
"code": "payment_source_in_use"
}
{
"shortMessage": "Payment source not found",
"longMessage": "Payment source not found",
"code": "payment_source_not_found"
}
{
"shortMessage": "Plan already active",
"longMessage": "This plan is already active for plan period: <planPeriod>.",
"code": "plan_already_active"
}
{
"shortMessage": "Plan not found",
"longMessage": "Plan not found",
"code": "plan_not_found"
}
{
"shortMessage": "Subscription item not found",
"longMessage": "Subscription item not found",
"code": "subscription_item_not_found"
}Domains
{
"shortMessage": "operation not allowed",
"longMessage": "This operation is not allowed on a satellite domain. Try again using the primary domain of your instance.",
"code": "operation_not_allowed_on_satellite_domain"
}
SyncNonceAlreadyConsumed signifies an error when the nonce that was given
during the sync flow is already consumed.
{
"shortMessage": "sync nonce already consumed",
"longMessage": "The given sync nonce has already been consumed and cannot be re-used.",
"code": "sync_nonce_already_consumed"
}Enterprise Sso
{
"shortMessage": "Identifications creation disabled by your enterprise account",
"longMessage": "You cannot create identifications because your enterprise account does not allow it.",
"code": "enterprise_sso_additional_identifications_disabled"
}
{
"shortMessage": "Enterprise Connection email address domain mismatch",
"longMessage": "The email address returned by the provider <received> does not match the domain of the enterprise connection <expected> that initiated the authentication.",
"code": "enterprise_sso_email_address_domain_mismatch"
}
{
"shortMessage": "Hosted domain mismatch",
"longMessage": "The Enterprise Connection domain does not match the user's hosted domain from the OAuth provider.",
"code": "enterprise_sso_hosted_domain_mismatch"
}
{
"shortMessage": "No Enterprise Connection for this sign-in",
"longMessage": "The current sign-in does not have a corresponding Enterprise Connection. Please check the domain of the provided email address.",
"code": "enterprise_sso_sign_in_connection_missing"
}
{
"shortMessage": "No Enterprise Connection for this sign-up",
"longMessage": "The current sign-up does not have a corresponding Enterprise Connection. Please check the domain of the provided email address.",
"code": "enterprise_sso_sign_up_connection_missing"
}
{
"shortMessage": "Enterprise Connection user attribute missing",
"longMessage": "This account does not have an associated '<attrName>' attribute. Contact your IdP administrator for resolution.",
"code": "enterprise_sso_user_attribute_missing"
}Features
{
"shortMessage": "not enabled",
"longMessage": "This feature is not enabled on this instance",
"code": "feature_not_enabled"
}
{
"shortMessage": "dynamic client registration is not enabled",
"longMessage": "Dynamic client registration is not enabled on this instance. Please enable it in the instance settings to use this feature",
"code": "feature_requires_dynamic_oauth_client_registration"
}
{
"shortMessage": "OAuth Client does not have the consent screen enabled",
"longMessage": "OAuth Client does not have the consent screen enabled, please enable it in the OAuth Client settings to use this feature",
"code": "feature_requires_oauth2_consent_screen_enabled"
}
{
"shortMessage": "not an OIDC provider",
"longMessage": "You are using the legacy OAuth 2.0 provider. Please migrate to the new OIDC compatible provider to use this feature",
"code": "feature_requires_oidc_provider"
}Forms
FormDisabledParameterValue signifies an error when the given parameter has an invalid value because it is not enabled in the settings
{
"shortMessage": "is disabled",
"longMessage": "<value> is disabled. Please verify you're using the correct instance, or see our docs to learn how to enable this value.",
"code": "form_param_value_disabled",
"meta": {
"name": "param"
}
}
FormDuplicateParameter signifies an error when a duplicate parameter is found in a form
{
"shortMessage": "is duplicate",
"longMessage": "<param> included multiple times. There should only be one.",
"code": "form_param_duplicate",
"meta": {
"name": "param"
}
}
FormIdentifierExists signifies an error when given identifier already exists
{
"shortMessage": "",
"code": "form_identifier_exists",
"meta": {
"name": "param"
}
}
FormIdentifierNotFound signifies an error when a required identifier is not found
{
"shortMessage": "",
"code": "form_identifier_not_found",
"meta": {
"name": "param"
}
}
FormIncorrectCode signifies an error when the given code is incorrect
{
"shortMessage": "is incorrect",
"longMessage": "Incorrect code",
"code": "form_code_incorrect",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is incorrect",
"longMessage": "Incorrect signature",
"code": "form_incorrect_signature"
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid email address.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
{
"shortMessage": "invalid email addresses",
"longMessage": "The following email addresses are invalid: <emailAddresses>",
"code": "form_param_format_invalid",
"meta": {
"emailaddresses": "invalidemailaddresses"
}
}
FormInvalidEncodingParameterValue signifies an error when the given parameter has an invalid encoding
{
"shortMessage": "invalid character encoding",
"longMessage": "<param> contains invalid UTF-8 characters",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterFormat signifies an error when the given parameter has an invalid format
{
"shortMessage": "",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValue signifies an error when the given parameter has an invalid value
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match one of the allowed values for parameter <param>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidParameterValueWithAllowed signifies an error when the given parameter has an invalid value.
The difference with FormInvalidParameterValue is that this error also includes the allowed values
{
"shortMessage": "is invalid",
"longMessage": "<value> does not match the allowed values for parameter <param>. Allowed values: <allowedValues>",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooLong signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_long",
"meta": {
"name": "param"
}
}
FormInvalidPasswordLengthTooShort signifies an error when the password is invalid because of its length
{
"shortMessage": "",
"code": "form_password_length_too_short",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Passwords must contain at least one lowercase character.",
"longMessage": "Passwords must contain at least one lowercase character.",
"code": "form_password_no_lowercase",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Passwords must contain at least one number.",
"longMessage": "Passwords must contain at least one number.",
"code": "form_password_no_number",
"meta": {
"name": "param"
}
}
{
"shortMessage": "",
"code": "form_password_no_special_char",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Given password is not strong enough.",
"longMessage": "Given password is not strong enough.",
"code": "form_password_not_strong_enough"
}
{
"shortMessage": "Passwords must contain at least one uppercase character.",
"longMessage": "Passwords must contain at least one uppercase character.",
"code": "form_password_no_uppercase",
"meta": {
"name": "param"
}
}
FormInvalidPasswordSizeInBytesExceeded signifies that the size in bytes was exceeded.
Note that the maximum character length constraint may fail to detect this case,
if multi-byte characters are included in the password.
For example, bcrypt limit https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.8.0:bcrypt/bcrypt.go;l=87
{
"shortMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
"longMessage": "Your password has exceeded the maximum number of bytes allowed, please shorten it or remove some special characters.",
"code": "form_password_size_in_bytes_exceeded",
"meta": {
"name": "param"
}
}
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid phone number according to E.164 international standard.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormInvalidTypeParameter signifies an error when a form parameter has the wrong type
{
"shortMessage": "is invalid",
"longMessage": "`<param>` must be a `<paramType>`.",
"code": "form_param_type_invalid",
"meta": {
"name": "param"
}
}
FormInvalidUsernameCharacter signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_invalid_character",
"meta": {
"name": "param"
}
}
FormInvalidUsernameLength signifies an error when the given username does not have required length
{
"shortMessage": "",
"code": "form_username_invalid_length",
"meta": {
"name": "param"
}
}
FormInvalidUsernameNeedsNonNumberCharCode signifies an error when the given username does not match username regex
{
"shortMessage": "",
"code": "form_username_needs_non_number_char",
"meta": {
"name": "param"
}
}
FormInvalidWeb3Wallet signifies an error when the given web3 wallet address is invalid
{
"shortMessage": "is invalid",
"longMessage": "<param> must be a valid web3 wallet address that starts with 0x and contains 40 hexadecimal characters.",
"code": "form_param_format_invalid",
"meta": {
"name": "param"
}
}
FormDisabledParameterValue signifies an error when the legal consent value has not been filled
{
"shortMessage": "legal not accepted",
"longMessage": "Legal consent must be accepted in order to continue.",
"code": "legal_not_accepted",
"meta": {
"name": "param"
}
}
FormMaximumParametersExceeded signifies an error when more than 100 of the same param is included.
{
"shortMessage": "",
"longMessage": "<param> is included more than the maximum of 100 times.",
"code": "form_param_duplicate",
"meta": {
"name": "param"
}
}
FormMetadataInvalidType signifies an error when the given metadata is not a valid key-value object
{
"shortMessage": "",
"code": "form_param_value_invalid",
"meta": {
"name": "param"
}
}
FormMissingParameter signifies an error when an expected form parameter is missing
{
"shortMessage": "is missing",
"longMessage": "<param> must be included.",
"code": "form_param_missing",
"meta": {
"name": "param"
}
}
FormMissingResource signifies an error when the form parameter is referring to a missing resource
{
"shortMessage": "is missing",
"longMessage": "The resource associated with the supplied <param> was not found.",
"code": "form_resource_not_found",
"meta": {
"name": "param"
}
}
FormNilParameter signifies an error when a nil parameter is found in a form
{
"shortMessage": "",
"code": "form_param_nil",
"meta": {
"name": "param"
}
}
FormNilParameterWithCustomText signifies an error when a nil parameter is found in a form.
This variant also accepts a custom text to be displayed.
{
"shortMessage": "",
"code": "form_param_nil",
"meta": {
"name": "param"
}
}
FormParameterArraySizeExceeded signifies an error when the given array exceeds the maximum allowed size
{
"shortMessage": "exceeds maximum size",
"longMessage": "<parameter> should not exceed %d items.",
"code": "form_param_array_size_exceeded",
"meta": {
"name": "param"
}
}
FormParameterMaxLengthExceeded signifies an error when the given param value exceeds the maximum allowed length
{
"shortMessage": "exceeds maximum length",
"longMessage": "<parameter> should not exceed %d characters.",
"code": "form_param_max_length_exceeded",
"meta": {
"name": "param"
}
}
FormParameterNotAllowedConditionally signifies an error when parameter is not allowed based on condition
{
"shortMessage": "is not allowed",
"longMessage": "`<param>` isn't allowed when `<leftCondition>` is <rightCondition>.",
"code": "form_conditional_param_disallowed",
"meta": {
"name": "param"
}
}
FormParameterSizeTooLarge signifies an error when a parameter exceeds the max allowed size
{
"shortMessage": "",
"code": "form_param_exceeds_allowed_size",
"meta": {
"name": "param"
}
}
FormPasswordIncorrect signifies an error when given password is incorrect
{
"shortMessage": "Password is incorrect. Try again, or use another method.",
"longMessage": "Password is incorrect. Try again, or use another method.",
"code": "form_password_incorrect",
"meta": {
"name": "param"
}
}
FormPasswordValidationFailed signifies a generic error when the password validation failed
{
"shortMessage": "Incorrect password. Please try again.",
"longMessage": "Incorrect password. Please try again.",
"code": "form_password_validation_failed",
"meta": {
"name": "param"
}
}
FormPwnedPassword signifies an error when the chosen password has been found in the pwned list
{
"shortMessage": "",
"code": "form_password_pwned",
"meta": {
"name": "param"
}
}
FormUnknownParameter signifies an error when an unexpected parameter is found in a form
{
"shortMessage": "is unknown",
"longMessage": "<param> is not a valid parameter for this request.",
"code": "form_param_unknown",
"meta": {
"name": "param"
}
}
FormValidationFailed converts validator.ValidationErrors to Error.
{
"shortMessage": "is invalid",
"longMessage": "<sanitizedField> is invalid",
"code": "form_param_value_invalid",
"meta": {
"name": "sanitizedfield"
}
}Fraud
{
"shortMessage": "CAPTCHA verification is required",
"longMessage": "CAPTCHA verification is required",
"code": "requires_captcha"
}
{
"shortMessage": "device attestation challenge client mismatch",
"longMessage": "The device attestation challenge provided is not valid for the client.",
"code": "device_attestation_challenge_client_mismatch"
}
{
"shortMessage": "device attestation is misconfigured",
"longMessage": "Device attestation is misconfigured for this instance.",
"code": "device_attestation_misconfigured"
}
{
"shortMessage": "device attestation not configured",
"longMessage": "Device attestation is not configured for this instance.",
"code": "device_attestation_not_configured"
}
{
"shortMessage": "unsupported native client platform",
"longMessage": "Device attestation is not supported for the client platform.",
"code": "device_attestation_unsupported_platform"
}
{
"shortMessage": "device attestation verification failed",
"longMessage": "Failed to verify the provided device attestation.",
"code": "device_attestation_verification_failed"
}
{
"shortMessage": "Action blocked",
"longMessage": "This action was detected as suspicious and has been blocked. If you believe this was a mistake, please contact support.",
"code": "action_blocked"
}
{
"shortMessage": "Device blocked",
"longMessage": "This device was detected as suspicious and has been blocked. It will no longer be able to perform actions. If you believe this was by mistake, please contact support.",
"code": "device_blocked"
}
{
"shortMessage": "Unusual activity was detected",
"longMessage": "Unusual activity was detected. Please try again later or contact our support if you continue to experience issues.",
"code": "captcha_invalid"
}
{
"shortMessage": "Sign up rate limit exceeded",
"longMessage": "The sign up rate limit was exceeded. Please try a different method or contact our support if you continue to experience issues.",
"code": "signup_rate_limit_exceeded"
}
{
"shortMessage": "invalid device attestation assertion",
"longMessage": "The device attestation assertion provided is invalid.",
"code": "invalid_device_attestation_assertion"
}
{
"shortMessage": "invalid device attestation challenge",
"longMessage": "The device attestation challenge provided is either invalid or has expired.",
"code": "invalid_device_attestation_challenge"
}
{
"shortMessage": "assertion required",
"longMessage": "An assertion is required to verify your device.",
"code": "requires_assertion"
}
{
"shortMessage": "Device attestation is required",
"longMessage": "A valid device attestation could not be found for the client.",
"code": "requires_device_attestation"
}Google One Tap
{
"shortMessage": "Google One Tap token is invalid",
"longMessage": "The provided Google One Tap token is invalid. Make sure you're using a valid token generated by Google.",
"code": "google_one_tap_token_invalid"
}Identifications
IdentificationNotFound signifies an error when comm is not found
{
"shortMessage": "Resource not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}
{
"shortMessage": "Identification not found",
"longMessage": "No primary identification was found for user <userID>",
"code": "primary_identification_not_found"
}
{
"shortMessage": "too many unverified contacts",
"longMessage": "There are too many unverified contacts for this user.",
"code": "too_many_unverified_identifications"
}Images
{
"shortMessage": "Image not found",
"longMessage": "Image not found",
"code": "image_not_found"
}
RequestWithoutImage signifies an error when no image was present in the request.
{
"shortMessage": "Image file missing",
"longMessage": "There was no image file present in the request",
"code": "form_param_missing"
}Instances
InstanceTypeInvalid signifies an error when a request cannot be applied to the given instance
{
"shortMessage": "This request isn't valid for this instance type.",
"longMessage": "This request isn't valid for this instance type.",
"code": "instance_type_invalid"
}Internal
{
"shortMessage": "Bad request",
"longMessage": "Bad request",
"code": "bad_request"
}
{
"shortMessage": "",
"code": "bad_request"
}
Unexpected is used for all unexpected errors
{
"shortMessage": "Oops, an unexpected error occurred",
"longMessage": "There was an internal error on our servers. We've been notified and are working on fixing it.",
"code": "internal_clerk_error"
}Invitations
InvitationAccountAlreadyExists denotes an error when there is an existing
user identification with the same email as the invitation.
{
"shortMessage": "account exists",
"longMessage": "An account already exists for this invitation. Sign in instead.",
"code": "invitation_account_exists"
}
InvitationAlreadyAccepted denotes an error when someone tries to use
an invitation which is already accepted.
{
"shortMessage": "Invitation is already accepted, try signing in instead.",
"longMessage": "Invitation is already accepted, try signing in instead.",
"code": "invitation_already_accepted"
}
{
"shortMessage": "identification not found",
"longMessage": "This invitation refers to a non-existing identification.",
"code": "invitation_account_not_exists"
}
InvitationNotFound denotes an error when there is no invitation with
the given id
{
"shortMessage": "not found",
"longMessage": "No invitation was found with id <invitationID>.",
"code": "resource_not_found"
}
RevokedInvitation denotes an error when the given invitation token
does not correspond to any invitations, which means that the invitation
has been removed.
{
"shortMessage": "The invitation was revoked.",
"longMessage": "The invitation was revoked.",
"code": "revoked_invitation"
}Jwt Templates
JWTTemplateNotFound signifies an error when a JWT template was not found by the provided attribute
{
"shortMessage": "JWT template not found",
"longMessage": "No JWT template exists with <attribute>: <val>",
"code": "resource_not_found"
}Maintenance
{
"shortMessage": "System under maintenance",
"longMessage": "We are currently undergoing maintenance and only essential operations are permitted. We will be back shortly.",
"code": "maintenance_mode"
}Oauth
ExternalAccountEmailAddressVerificationRequired signifies an error when the external account requires email address verification
{
"shortMessage": "Email address verification required",
"longMessage": "Your associated email address is required to be verified, because it was initially created as unverified.",
"code": "external_account_email_address_verification_required"
}
{
"shortMessage": "Missing refresh token",
"longMessage": "We cannot refresh your OAuth access token because the server didn't provide a refresh token. Please re-connect your account.",
"code": "external_account_missing_refresh_token"
}
ExternalAccountNotFound signifies an error when the external account of the oauth callback is not found
{
"shortMessage": "Invalid external account",
"longMessage": "The External Account was not found.",
"code": "external_account_not_found"
}
InvalidOAuthCallback signifies an error when the form of OAuth callback is invalid
{
"shortMessage": "Invalid OAuth callback",
"longMessage": "invalid form for oauth_callback",
"code": "oauth_callback_invalid"
}
MisconfiguredOAuthProvider signifies an error when there is a misconfiguration for an OAuth provider
{
"shortMessage": "Misconfigured OAuth provider",
"longMessage": "Misconfigured OAuth provider. Please make sure you have set it correctly",
"code": "misconfigured_oauth_provider"
}
NonAuthenticatableOauthProvider signifies an error when an oauth flow step is attempted for a provider that is not
enabled for authentication.
{
"shortMessage": "",
"longMessage": "%v OAuth is not supported for authentication. Please contact us if you think this error should not appear.",
"code": "oauth_non_authenticatable_provider"
}
{
"shortMessage": "",
"longMessage": "You did not grant access to your <providerName> account",
"code": "oauth_access_denied"
}
OAuthAccountAlreadyConnected signifies an error when an OAuth account if already connected for a specific provider
{
"shortMessage": "Already connected",
"longMessage": "Another account is already connected for this particular provider (<providerTitle>)",
"code": "oauth_account_already_connected"
}
OAuthConfigMissing signifies an error when an application does not have
SSO credentials set, for a particular SSO provider.
{
"shortMessage": "",
"longMessage": "The application does not have <provider> OAuth keys set in its settings.",
"code": "oauth_config_missing"
}
{
"shortMessage": "Fetch user error",
"longMessage": "Fetch user error",
"code": "oauth_fetch_user_error"
}
OAuthIdentificationClaimed signifies an error when the requested oauth identification is already claimed by another user
{
"shortMessage": "Identification claimed by another user",
"longMessage": "The email address associated with this OAuth account is already claimed by another user.",
"code": "oauth_identification_claimed"
}
{
"shortMessage": "",
"longMessage": "Your <providerName> account configuration is invalid. Make sure you register this endpoint in the list of allowed callback URLs.",
"code": "redirect_uri_mismatch"
}
{
"shortMessage": "malformed redirect uri provided",
"longMessage": "malformed redirect uri provided",
"code": "redirect_uri_mismatch"
}
{
"shortMessage": "Missing OAuth access token",
"longMessage": "OAuth access token is missing",
"code": "oauth_missing_access_token"
}
{
"shortMessage": "Cannot refresh OAuth access token",
"longMessage": "The current access token has expired and we cannot refresh it, because the authorization server hasn't provided us with a refresh token",
"code": "oauth_missing_refresh_token"
}
{
"shortMessage": "",
"longMessage": "Single-sign on with <providerTitle> OAuth provider is not enabled in the instance settings.",
"code": "oauth_provider_not_enabled"
}
OAuthSharedCredentialsNotSupported signifies an error when an OAuth provider uses our shared credentials, but those are not supported anymore.
{
"shortMessage": "Shared credentials not supported",
"longMessage": "Shared credentials are no longer supported for this provider. Please update via the Clerk Dashboard.",
"code": "oauth_shared_credentials_not_supported"
}
{
"shortMessage": "Token exchange error",
"longMessage": "Token exchange error",
"code": "oauth_token_exchange_error"
}
UnsupportedOauthProvider signifies an error when an instance tries to enable
an OAuth external provider which is not supported.
{
"shortMessage": "",
"longMessage": "%v OAuth is not supported. Please contact us if you think this error should not appear.",
"code": "oauth_unsupported_provider"
}Oauth2 Idp
OAuthFetchUserInfo signifies an error when user info cannot be retrieved with the access token
{
"shortMessage": "unable to fetch user info",
"longMessage": "Unable to fetch user info. Check if access token is present and valid.",
"code": "oauth_fetch_user_error"
}Organizations
400 - User with given identifier is already a member of the organization and cannot be added again
{
"shortMessage": "already a member",
"longMessage": "<user> is already a member of the organization.",
"code": "already_a_member_in_organization"
}
{
"shortMessage": "missing permission",
"longMessage": "Current user is missing an organization permission.",
"code": "missing_organization_permission",
"meta": {
"permissions": "permissions"
}
}
403 - Only for organization members Deprecated: This error reveals the existence of an organization to an unauthorized user. Use OrganizationNotFoundOrUnauthorized instead, and ensure other pathways that error when the organization isn’t found also use OrganizationNotFoundOrUnauthorized
{
"shortMessage": "not a member",
"longMessage": "Current user is not a member of the organization. Only organization members can perform this action.",
"code": "not_a_member_in_organization"
}
{
"shortMessage": "admin delete not enabled",
"longMessage": "Deletion by admin is not enabled for this organization.",
"code": "organization_admin_delete_not_enabled"
}
{
"shortMessage": "organizaton domain already exists",
"longMessage": "This domain is already used by another organization.",
"code": "organization_domain_already_exists",
"meta": {
"name": "param"
}
}
{
"shortMessage": "blocked email domain",
"longMessage": "This is a blocked email provider domain. Please use a different one.",
"code": "organization_domain_blocked",
"meta": {
"name": "param"
}
}
{
"shortMessage": "common email domain",
"longMessage": "This is a common email provider domain. Please use a different one.",
"code": "organization_domain_common",
"meta": {
"name": "param"
}
}
{
"shortMessage": "organization enrollment mode not enabled",
"longMessage": "Enrollment mode <enrollmentMode> is not enabled for this instances's organizations.",
"code": "organization_domain_enrollment_mode_not_enabled"
}
{
"shortMessage": "Organization domain mismatch",
"longMessage": "The provided email address doesn't match the organization domain name.",
"code": "organization_domain_mismatch",
"meta": {
"name": "param"
}
}
{
"shortMessage": "organization domains quota exceeded",
"longMessage": "You have reached your limit of %d domains per organization.",
"code": "organization_domain_quota_exceeded"
}
{
"shortMessage": "invitation has already been accepted",
"longMessage": "This invitation has already been accepted. Sign in instead.",
"code": "organization_invitation_already_accepted"
}
{
"shortMessage": "email address already exists",
"longMessage": "The email address in this invitation already exists. If it belongs to you, try signing in instead.",
"code": "organization_invitation_identification_already_exists"
}
{
"shortMessage": "identification not found",
"longMessage": "User not found. If you don't have an account, sign up first to accept this invitation.",
"code": "organization_invitation_identification_not_exist"
}
404 - Invitation not found.
{
"shortMessage": "not found",
"longMessage": "No invitation found with id <invitationID>.",
"code": "organization_invitation_not_found"
}
404 - Invitation is not pending.
{
"shortMessage": "not pending",
"longMessage": "The organization invitation is not in the 'pending' status.",
"code": "organization_invitation_not_pending"
}
{
"shortMessage": "organization invitation not unique",
"longMessage": "Organizations cannot have duplicate pending invitations for an email address.",
"code": "organization_invitation_not_unique"
}
{
"shortMessage": "invitation has been revoked",
"longMessage": "This invitation has been revoked and cannot be used anymore.",
"code": "organization_invitation_revoked_code"
}
{
"shortMessage": "organization invitation to deleted organization",
"longMessage": "This invitation refers to an organization that has been deleted.",
"code": "organization_invitation_to_deleted_organization"
}
{
"shortMessage": "organization managed role operation disallowed",
"longMessage": "Managed roles cannot be set through the frontend API. Use the dashboard or backend API instead.",
"code": "form_param_value_invalid",
"meta": {
"name": "paramname"
}
}
{
"shortMessage": "cannot remove enterprise connection organization membership",
"longMessage": "Cannot remove an organization membership that is tied to an enterprise connection.",
"code": "organization_membership_enterprise_connection_cannot_remove"
}
{
"shortMessage": "organization membership quota exceeded",
"longMessage": "You have reached the limit of %d organization memberships allowed by the subscription plan. Please upgrade your subscription to add more.",
"code": "organization_membership_plan_quota_exceeded"
}
{
"shortMessage": "organization membership quota exceeded",
"longMessage": "You have reached your limit of %d organization memberships, including outstanding invitations.",
"code": "organization_membership_quota_exceeded"
}
{
"shortMessage": "organization membership quota exceeded for sso per org",
"longMessage": "The organization you are trying to join is full. Please contact support.",
"code": "organization_membership_quota_exceeded_for_sso"
}
{
"shortMessage": "invalid organization name",
"longMessage": "The organization name %q is invalid: <name>",
"code": "form_param_value_invalid",
"meta": {
"name": "name"
}
}
{
"shortMessage": "access denied",
"longMessage": "The organizations feature is not enabled for this instance. You can enable it at https://dashboard.clerk.com.",
"code": "organization_not_enabled_in_instance"
}
404 - Organization not found
WARNING: This is safe to use for endpoints where the caller is authorized to be
aware of every organization. But if the endpoint errors if the caller is not
authorized on the organization, do not use this, because it leaks the existence
of the organization! Use OrganizationNotFoundOrUnauthorized instead.
{
"shortMessage": "not found",
"longMessage": "Given organization not found.",
"code": "resource_not_found"
}
404 - Used for any case
{
"shortMessage": "not found or unauthorized",
"longMessage": "Given organization not found, or you don't have permission to access the organization",
"code": "organization_not_found_or_unauthorized"
}
{
"shortMessage": "not found",
"longMessage": "Organization role not found",
"code": "resource_not_found",
"meta": {
"name": "paramname"
}
}
{
"shortMessage": "suggestion has already been accepted",
"longMessage": "This organization suggestion has already been accepted.",
"code": "organization_suggestion_already_accepted"
}
{
"shortMessage": "organization has limited memberships",
"longMessage": "This feature is not supported because organization membership is limited. You can remove the limit by enabling unlimited memberships.",
"code": "organization_unlimited_membership_required"
}
{
"shortMessage": "organization has limited memberships",
"longMessage": "This feature is not supported because organization membership is limited. You can remove the limit by upgrading your subscription plan.",
"code": "organization_unlimited_membership_required"
}Passkeys
{
"shortMessage": "authentication failed",
"longMessage": "Passkey authentication failed",
"code": "passkey_authentication_failure"
}
{
"shortMessage": "passkey identification not verified",
"longMessage": "Passkey identification not verified. Registration is incomplete.",
"code": "passkey_identification_not_verified"
}
{
"shortMessage": "is invalid",
"longMessage": "Invalid passkey public key credential",
"code": "passkey_invalid_public_key_credential",
"meta": {
"name": "param"
}
}
{
"shortMessage": "invalid verification",
"longMessage": "Passkey verification contains invalid nonce",
"code": "passkey_invalid_verification"
}
{
"shortMessage": "not registered",
"longMessage": "Passkey is not registered.",
"code": "passkey_not_registered"
}Redirect Urls
InvalidRedirectURL signifies an error when a RedirectURL is in invalid format
{
"shortMessage": "Redirect url invalid",
"longMessage": "The provided redirect url is not in a valid format",
"code": "invalid_redirect_url"
}
{
"shortMessage": "Redirect url does not belong to your domain",
"longMessage": "The provided redirect URL must belong to your instance's domain",
"code": "redirect_url_domain_mismatch"
}
RedirectURLMismatch signifies an error when the RedirectURL that was passed during an OAuth flow is not included in the redirect_urls whitelist for that instance.
{
"shortMessage": "Redirect url mismatch",
"longMessage": "The current redirect url passed in the sign in or sign up request does not match an authorized redirect URI for this instance. Review authorized redirect urls for your instance. <val>",
"code": "resource_missmatch"
}Requests
{
"shortMessage": "",
"longMessage": "<value> does not match one of the allowed values for parameter <param>",
"code": "invalid_query_parameter_value"
}
InvalidRequestBody signifies an error when the body of the request does not conform to the expected format
{
"shortMessage": "Request body invalid",
"longMessage": "The request body is invalid. Please consult the API documentation for more information.",
"code": "request_body_invalid"
}
MalformedRequestParameters signifies an error when the request parameters are malformed and result in parsing errors
{
"shortMessage": "Malformed request parameters",
"longMessage": "The request parameters are malformed and could not be parsed",
"code": "malformed_request_parameters"
}
MissingQueryParameter denotes that the required query parameter, param, was
not provided by the request.
{
"shortMessage": "",
"longMessage": "The query parameter '<param>' is missing from the request. Please consult the API documentation for more information.",
"code": "missing_query_parameter"
}
OriginHeaderMissing
{
"shortMessage": "Origin header missing",
"longMessage": "This request requires an Origin header to be set, but it is missing",
"code": "origin_missing"
}
{
"shortMessage": "invalid secret key",
"longMessage": "The secret key given with this proxy request is invalid.",
"code": "proxy_request_invalid_secret_key"
}
{
"shortMessage": "missing secret key",
"longMessage": "When using a proxy, it's required to also pass the instance secret key in the Clerk-Secret-Key header.",
"code": "proxy_request_missing_secret_key"
}
UnsupportedContentType signifies an error when provided content type is unsupported
{
"shortMessage": "Content-Type is unsupported",
"longMessage": "Content-Type <actual> is unsupported. You should use <expected> instead.",
"code": "unsupported_content_type"
}Saml
{
"shortMessage": "not found",
"longMessage": "No active SAML Connection found with id <connectionID>.",
"code": "saml_connection_active_not_found"
}
{
"shortMessage": "Email address domain mismatch",
"longMessage": "The email address domain of the provider's account does not match the domain of the connection.",
"code": "saml_email_address_domain_mismatch"
}
{
"shortMessage": "email address domain is used for SAML SSO",
"longMessage": "You can't use this email address, as SAML SSO is enabled for the specific domain.",
"code": "saml_email_address_domain_reserved"
}
{
"shortMessage": "Email address mismatch",
"longMessage": "The provided email address differs from the one in the SAML response.",
"code": "saml_email_address_domain_mismatch"
}
{
"shortMessage": "SAML SSO not enabled",
"longMessage": "SAML SSO is not enabled for this email address.",
"code": "saml_connection_not_found",
"meta": {
"name": "param"
}
}
{
"shortMessage": "Invalid SAML response",
"longMessage": "The SAML response is invalid.<optionalReason>",
"code": "saml_response_invalid"
}
{
"shortMessage": "RelayState parameter missing",
"longMessage": "The RelayState parameter is missing from the SAML Response. Note that RelayState is not required if you are using the IdP-initiated flow. See https://clerk.com/docs/authentication/saml/authentication-flows",
"code": "saml_response_relaystate_missing"
}
{
"shortMessage": "SAML SSO user attribute missing",
"longMessage": "This account does not have an associated '<attrName>' attribute. Contact your IdP administrator for resolution.",
"code": "saml_user_attribute_missing"
}Sessions
{
"shortMessage": "unable to create session",
"longMessage": "Unable to create new session when an impersonation session is present. Please sign out first.",
"code": "session_creation_not_allowed"
}
{
"shortMessage": "account deprovisioned",
"longMessage": "Your account is deprovisioned",
"code": "deprovisioned"
}
InvalidActionForSession signifies an error occurred when user tries to perform invalid action on a session
{
"shortMessage": "Invalid action for user session",
"longMessage": "Unable to <action> session <sessionID>",
"code": "invalid_action_for_session"
}
{
"shortMessage": "Invalid action for session reverification",
"longMessage": "We were unable to <action> for this session, as it's not ready for <resolution>.",
"code": "invalid_action_for_session_reverification"
}
SessionNotFound signifies an error when no session with given sessionID was found
{
"shortMessage": "Session not found",
"longMessage": "No session was found with id <sessionID>",
"code": "resource_not_found"
}
{
"shortMessage": "is missing",
"longMessage": "You need to start a new session verification flow first",
"code": "session_reverification_missing"
}
{
"shortMessage": "Reverification required",
"longMessage": "You need to provide additional verification to perform this operation",
"code": "session_reverification_required"
}
UnauthorizedActionForSession signifies an error occurred when the requestor is not authorized to perform the
requested action to the respective session.
{
"shortMessage": "Unauthorized action for session",
"longMessage": "Not authorized to perform requested action on session <sessionID>",
"code": "action_for_session_not_authorized"
}Sign In
AccountTransferInvalid signifies an error when no account was found to transfer
{
"shortMessage": "Invalid account transfer",
"longMessage": "There is no account to transfer",
"code": "account_transfer_invalid"
}
AlreadySignedIn signifies an error when given session ID is already signed in
{
"shortMessage": "You're already signed in",
"longMessage": "You're already signed in",
"code": "identifier_already_signed_in",
"meta": "session"
}
IdentificationClaimed signifies an error when the requested identification is already claimed by another user
{
"shortMessage": "Identification claimed by another user",
"longMessage": "One or more identifiers on this sign up have since been connected to a different User. Please sign up again.",
"code": "identification_claimed"
}
InvalidClientStateForAction signifies an error when trying to perform an invalid action for the current client state
{
"shortMessage": "Invalid action",
"longMessage": "We were unable to complete <action> for this Client. <resolution>",
"code": "client_state_invalid"
}
InvalidStrategyForUser signifies an error when the supplied verification strategy is not valid for the account
{
"shortMessage": "Invalid verification strategy",
"longMessage": "The verification strategy is not valid for this account",
"code": "strategy_for_user_invalid"
}
MutationOnOlderSignInNotAllowed signifies an error when trying to mutate an older sign in
{
"shortMessage": "Update operations are not allowed on older sign ins",
"longMessage": "Update operations are not allowed on older sign ins",
"code": "resource_forbidden"
}
{
"shortMessage": "no second factors",
"longMessage": "No second factors were found for strategy <strategy>.",
"code": "no_second_factors"
}
{
"shortMessage": "email link sign in cannot be completed",
"longMessage": "Email link sign in cannot be completed because it originates from a different client",
"code": "sign_in_email_link_not_same_client"
}
{
"shortMessage": "identification or user deleted",
"longMessage": "Either the user or the selected identification were deleted. Please start over.",
"code": "sign_in_identification_or_user_deleted"
}
{
"shortMessage": "no identification for user",
"longMessage": "The given token doesn't have an associated identification for the user who created it.",
"code": "sign_in_no_identification_for_user"
}
UserNotFound signifies an error when no user is found with userID
{
"shortMessage": "not found",
"longMessage": "No sign in was found with id <signInID>",
"code": "resource_not_found"
}
SingleModeSessionExists signifies an error when session already exists but we are in single session mode
{
"shortMessage": "Session already exists",
"longMessage": "You're already signed in.",
"code": "session_exists"
}Sign In Tokens
{
"shortMessage": "sign in token has already been used",
"longMessage": "This sign in token has already been used. Each token can only be used once.",
"code": "sign_in_token_already_used_code"
}
{
"shortMessage": "not in sign in",
"longMessage": "Sign in tokens can only be used during sign in.",
"code": "sign_in_token_not_in_sign_in_code"
}
{
"shortMessage": "sign in token cannot be used",
"longMessage": "This sign in token cannot be used anymore. Please request a new one.",
"code": "sign_in_token_cannot_be_used_code"
}
{
"shortMessage": "sign in token has been revoked",
"longMessage": "This sign in token has been revoked and cannot be used anymore.",
"code": "sign_in_token_revoked_code"
}Sign Up
{
"shortMessage": "Error loading CAPTCHA",
"longMessage": "The CAPTCHA failed to load. This may be due to an unsupported browser or a browser extension. Please try a different browser or disabling extensions. If this issue persists, please contact support.",
"code": "captcha_invalid"
}
{
"shortMessage": "Sign up unsuccessful due to failed security validations.",
"longMessage": "Sign up unsuccessful due to failed security validations. Please try using a different browser or disabling browser extensions. If issues persist, contact support for assistance.",
"code": "captcha_invalid"
}
{
"shortMessage": "Sign up unsuccessful due to failed security validations.",
"longMessage": "Sign up unsuccessful due to failed security validations. Please refresh the page to try again or reach out to support for more assistance.",
"code": "captcha_missing_token"
}
{
"shortMessage": "CAPTCHA not enabled",
"longMessage": "You attempted to complete a CAPTCHA, but they are not enabled. If this issue persists, please contact support.",
"code": "captcha_not_enabled"
}
{
"shortMessage": "email link sign up cannot be completed",
"longMessage": "Email link sign up cannot be completed because it originates from a different client",
"code": "sign_up_email_link_not_same_client"
}
{
"shortMessage": "Sign up forbidden",
"longMessage": "Access to this sign up is forbidden",
"code": "resource_forbidden"
}
{
"shortMessage": "Sign-ups restricted",
"longMessage": "New sign-ups are currently restricted.",
"code": "sign_up_mode_restricted"
}
{
"shortMessage": "Sign-ups restricted with waitlist",
"longMessage": "Sign-ups are currently unavailable. Join the waitlist, and you will be notified when access becomes available.",
"code": "sign_up_restricted_waitlist"
}
SignUpNotFound returns an API error where no sign up could be found with
the requested ID.
{
"shortMessage": "Sign up not found",
"longMessage": "No sign up was found with id <id>",
"code": "resource_not_found"
}Sms
DevMonthlySMSLimitExceeded signifies an error when an SMS sending attempt is made while the development limit has already been reached
{
"shortMessage": "Development monthly SMS limit exceeded",
"longMessage": "Operation cannot be completed because the monthly limit for SMS messages in development (%d) has been reached.",
"code": "dev_monthly_sms_limit_exceeded",
"meta": "{\"limit\"}"
}
{
"shortMessage": "Sending SMS failed",
"longMessage": "Sending SMS failed. Please contact support or try again later.",
"code": "sms_send_error"
}Ticket
{
"shortMessage": "ticket has expired",
"longMessage": "This ticket has expired and cannot be used anymore.",
"code": "ticket_expired_code"
}
{
"shortMessage": "ticket is invalid",
"longMessage": "This ticket is invalid. Make sure you're using a valid ticket generated by Clerk.",
"code": "ticket_invalid_code"
}Totp
{
"shortMessage": "invalid TOTP secret",
"longMessage": "The TOTP secret is invalid, please provide a valid one base32 encoded",
"code": "invalid_totp_secret_code"
}
TOTPAlreadyEnabled signifies an error when a user attempts to enable TOTP, but it’s already enabled.
{
"shortMessage": "TOTP already enabled",
"longMessage": "TOTP is already enabled on your account",
"code": "totp_already_enabled"
}Urls
{
"shortMessage": "Invalid URL scheme",
"longMessage": "Please provide a URL with one of the following schemes: <schemes>",
"code": "invalid_url_scheme",
"meta": {
"name": "paramname"
}
}User Lockout
{
"shortMessage": "Account locked",
"longMessage": "Your account is locked. You will be able to try again in <timeRemaining>. For more information, please contact <support>.",
"code": "user_locked"
}
{
"shortMessage": "Account locked",
"longMessage": "Your account is locked. For more information, please contact <support>.",
"code": "user_locked"
}User Settings
{
"shortMessage": "forbidden",
"longMessage": "Resource forbidden",
"code": "resource_forbidden"
}
{
"shortMessage": "not found",
"longMessage": "Resource not found",
"code": "resource_not_found"
}Users
{
"shortMessage": "no password set",
"longMessage": "This user does not have a password set for their account",
"code": "no_password_set"
}
{
"shortMessage": "password required",
"longMessage": "Settings for this instance require a password to be set. Cannot remove the user's password.",
"code": "password_required"
}
{
"shortMessage": "deprecated feature",
"longMessage": "Password is not a valid parameter and can only be updated via /v1/me/change_password",
"code": "updating_user_password_deprecated"
}
UserBanned signifies an error when a user is banned
{
"shortMessage": "User banned",
"longMessage": "You have been banned. If you think this was by mistake, please contact support.",
"code": "user_banned"
}
{
"shortMessage": "create organization not enabled",
"longMessage": "Organization creation is not enabled for this user",
"code": "user_create_organization_not_enabled"
}
{
"shortMessage": "delete self not enabled",
"longMessage": "Self deletion is not enabled for this user",
"code": "user_delete_self_not_enabled"
}
UserNotFound signifies an error when no user is found with userID
{
"shortMessage": "not found",
"longMessage": "No user was found with id <userID>",
"code": "resource_not_found"
}
{
"shortMessage": "user quota exceeded",
"longMessage": "You have reached your limit of %d users. <maxAllowed>",
"code": "user_quota_exceeded"
}Verification
VerificationAlreadyVerified signifies an error when verification has already been verified
{
"shortMessage": "already verified",
"longMessage": "This verification has already been verified.",
"code": "verification_already_verified"
}
{
"shortMessage": "Too many verification code requests",
"longMessage": "Too many verification code requests. Please wait at least 30 seconds to receive your code before trying again.",
"code": "verification_code_too_many_requests"
}
VerificationExpired signifies an error when verification has expired
{
"shortMessage": "expired",
"longMessage": "This verification has expired. You must create a new one.",
"code": "verification_expired"
}
VerificationFailed signifies an error when verification fails
{
"shortMessage": "failed",
"longMessage": "Too many failed attempts. You have to try again with the same or another method.",
"code": "verification_failed"
}
VerificationInvalidLinkToken means that the provided JWT token from the
link cannot be parsed.
{
"shortMessage": "invalid link token",
"longMessage": "Verification link token is invalid",
"code": "verification_link_token_invalid"
}
VerificationInvalidLinkTokenSource means that the provided JWT token from
the link has an invalid source type.
{
"shortMessage": "invalid link token source",
"longMessage": "Verification link token source is invalid",
"code": "verification_link_token_source_invalid"
}
VerificationInvalidStrategy signifies an error when the given strategy is not valid for current verification
{
"shortMessage": "has invalid strategy",
"longMessage": "The strategy is not valid for the current verification.",
"code": "verification_strategy_invalid"
}
VerificationLinkTokenExpired means that the provided JWT token from the
link has expired.
{
"shortMessage": "expired link token",
"longMessage": "Verification link token has expired",
"code": "verification_link_token_expired"
}
VerificationMissing signifies an error when the verification is missing
{
"shortMessage": "is missing",
"longMessage": "This strategy requires verification preparation before attempting to validate it.",
"code": "verification_missing"
}
VerificationNotSent signifies an error when verification email was not sent
{
"shortMessage": "not sent",
"longMessage": "You need to send a verification code before attempting to verify.",
"code": "verification_not_sent"
}
VerificationUnknownStatus signifies an unexpected error when unknown verification status is found
{
"shortMessage": "Unknown verification status",
"longMessage": "Found unknown verification status <status>",
"code": "verification_status_unknown"
}Waitlist
{
"shortMessage": "Waitlist not accepting entries",
"longMessage": "The waitlist is not accepting new entries at this time. Please try again later.",
"code": "waitlist_not_accepting_entries"
}