action_available_only_for_active_members
400 Action available only for active members
You may not attach an MFA factor to a member that is not active.
Need help?
action_available_only_once_primary_authentication_is_met
400 Action available only once primary authentication is met
You must complete the primary authentication requirements for an organization before completing an MFA flow.
Need help?
action_not_allowed_email_domain_is_claimed
400 Action not allowed email domain is claimed
Members with this email domain are restricted to organizations that have claimed this domain.
Need help?
active_scim_connection_exists
400 Active scim connection exists
Cannot create a new SCIM connection for the specified organization since the organization already has an active SCIM connection. Organizations may only have one active SCIM connection at a time.
Need help?
active_totp_exists
400 Active totp exists
Cannot create a new TOTP for the specified user since the user already has an active TOTP. Users may only have one active TOTP at a time.
Need help?
ad_blocker_detected
400 Ad blocker detected
The request was blocked by an Ad Blocker. Please disable your ad blocker and try the request again.
Need help?
allowed_auth_methods_required_for_restricted
400 Allowed auth methods required for restricted
Allowed auth methods must be set for ‘RESTRICTED’ auth methods
Need help?
allowed_mfa_methods_required_for_restricted
400 Allowed mfa methods required for restricted
Allowed mfa methods must be set for ‘RESTRICTED’ auth methods
Need help?
apple_oauth_config_not_found
400 Apple oauth config not found
The Apple OAuth config was not found.
Need help?
argon_2_key_length_mismatch
400 Argon 2 key length mismatch
The key_length value doesn’t match the length of the provided hash.
Need help?
authorization_endpoint_not_configured_for_project
400 Authorization endpoint not configured for project
The project does not have an authorization endpoint configured. Please configure it in the dashboard.
Need help?
bad_app_bundle_for_stytch_sdk
400 Bad app bundle for stytch sdk
This app bundle ID has not been registered as an allowed app for the Stytch SDK. Please add it here: https://stytch.com/dashboard/sdk-configuration
Need help?
bad_domain_for_stytch_sdk
400 Bad domain for stytch sdk
This website has not been registered as an allowed domain for the Stytch SDK. Please add it here: https://stytch.com/dashboard/sdk-configuration
Need help?
bad_request
400 Bad request
The submitted request is invalid.
Need help?
bad_vertical_for_stytch_sdk
400 Bad vertical for stytch sdk
The credentials used match a different vertical than the one specified in the SDK configuration. Please check if you are using a B2B or B2C project.
Need help?
billing_not_verified
400 Billing not verified
You cannot use this endpoint in the live environment until credit card details are added to your account, but you can try the endpoint in the test environment. Once your billing information is verified, this endpoint can be used in live. Your first 5,000 monthly active users are free every month, but collecting this information helps us prevent abuse of the platform. Please go to billing settings to provide billing information.
Need help?
billing_not_verified_for_email
400 Billing not verified for email
You can only send magic links to emails matching your project’s domain until credit card details are added to your account. Once your billing information is verified, emails can be sent to anyone. Your first 5,000 monthly active users are free every month, but collecting this information helps us prevent abuse of the platform. Please go to billing settings to provide billing information.
Need help?
breached_password
400 Breached password
Password doesn’t meet the API’s strength requirements. A password’s strength could be tested with the password strength check endpoint.
Common Causes
- The password was previously leaked, and the password now appears in the HaveIBeenPwned dataset.
Troubleshooting
- Use the password strength check endpoint endpoint to get actionable feedback on improving the strength of the password string. This feedback can be passed on to the end user via your UI.
Need help?
cannot_add_pem_file_to_non_pem_trusted_token_profile
400 Cannot add pem file to non pem trusted token profile
This trusted token profile does not use public key type PEM and cannot have associated PEM files
Need help?
cannot_assign_default_rbac_role_id
400 Cannot assign default rbac role id
The default role is implicitly assigned to all members in the project and cannot be explicitly assigned.
Need help?
cannot_delete_default_email_template
400 Cannot delete default email template
Cannot delete an email template that is currently set as a default. Please update or unset the default email template setting before deleting this template.
Need help?
cannot_delete_default_sso_connection
400 Cannot delete default sso connection
Please update the default SSO connection setting for this organization to a different SSO connection before deleting.
Need help?
cannot_delete_email
400 Cannot delete email
Cannot delete the last email for a user with a password. This ensures they can complete a password reset.
Need help?
cannot_delete_last_primary_factor
400 Cannot delete last primary factor
You cannot delete the last primary factor (email, phone number, crypto wallet) for a user because that would make their account difficult or impossible to recover. If you want to remove the user from your project, delete the user instead.
Need help?
cannot_delete_last_sso_verification_key
400 Cannot delete last sso verification key
Cannot delete the last verification certificate for a connection. Please pass in another one before deleting this one.
Need help?
cannot_preserve_existing_sessions
400 Cannot preserve existing sessions
preserve_existing_sessions cannot be set to true if attempting to update a member’s email.
Need help?
cannot_reset_password_with_existing_password
400 Cannot reset password with existing password
Cannot reset user’s password using their existing password. This could be because their existing password was part of a data breach or to prevent password squatting. Please reset the password via a session or email reset.
Need help?
cannot_specify_wildcard_with_other_actions
400 Cannot specify wildcard with other actions
If you want to specify wildcard (*) for a resource, do not pass any other actions.
Need help?
cannot_toggle_cross_org_passwords_when_password_in_use
400 Cannot toggle cross org passwords when password in use
Cross-organization passwords setting cannot be updated when a member with an active password exists.
Need help?
cannot_use_webauthn_with_pending_user
400 Cannot use webauthn with pending user
WebAuthn can only be used with active users. To learn more about WebAuthn and user states please see here and here.
Need help?
claimed_email_domains_not_supported
400 Claimed email domains not supported
Claimed email domains are not supported for this project.
Need help?
client_secret_too_long
400 Client secret too long
Client secret is too long. Please make sure you have the correct value.
Need help?
cname_required_to_enable_http_only_cookies
400 Cname required to enable http only cookies
You must have a valid CNAME record to enable HTTP-only cookies. Please add a CNAME record to your DNS configuration.
Need help?
connected_app_already_rotating_secret
400 Connected app already rotating secret
The client is already in a secret rotation flow. Please finish or cancel the current secret rotation flow before starting a new one.
Need help?
connected_app_invalid_redirect_url
400 Connected app invalid redirect url
The redirect URL for this client is invalid.
Need help?
connected_app_misconfigured_client
400 Connected app misconfigured client
The client is misconfigured. Check application logs for additional details.
Need help?
connected_app_not_rotating_secret
400 Connected app not rotating secret
The client is not in a secret rotation flow. Please start a secret rotation flow before calling this endpoint.
Need help?
connected_app_redirect_url_cannot_use_localhost
400 Connected app redirect url cannot use localhost
The redirect URL for this client cannot be localhost. See https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 for more details.
Need help?
connected_app_redirect_url_http_scheme_must_use_loopback
400 Connected app redirect url http scheme must use loopback
The redirect URL for this public client uses an ‘http’ scheme. Only loopback addresses are allowed with ‘http’ schemes.
Need help?
connected_app_redirect_url_must_include_scheme
400 Connected app redirect url must include scheme
The redirect URL for this public client must have a scheme. If you believe this to be in error, please contact support@stytch.com for assistance.
Need help?
connected_app_redirect_url_must_use_http_or_https_scheme
400 Connected app redirect url must use http or https scheme
The redirect URL for this non-public client must use the ‘http’ or ‘https’ schemes.
Need help?
connected_app_redirect_url_must_use_https_scheme
400 Connected app redirect url must use https scheme
The redirect URL for this non-public client must use the ‘https’ scheme. Localhost or loopback addresses are not allowed
Need help?
country_code_allowlist_b2b_whatsapp_not_supported
400 Country code allowlist b2b whatsapp not supported
WhatsApp country code allowlist is not supported for B2B projects.
Need help?
country_code_allowlist_billing_not_verified
400 Country code allowlist billing not verified
Billing is not verified for this project. Country code allowlist cannot be updated until credit card details are added to your account. Collecting this information helps us prevent abuse of the platform. Please see https://stytch.com/dashboard/settings/billing to provide billing information.
Need help?
country_code_allowlist_empty
400 Country code allowlist empty
The country code allowlist cannot be empty as this will block the project from sending SMS / WhatsApp messages.
Need help?
country_code_allowlist_invalid_country_codes
400 Country code allowlist invalid country codes
The country code allowlist contains one or more invalid country codes. Please check that each provided country code follows the Alpha-2 standard here: https://www.iban.com/country-codes.
Need help?
cross_org_passwords_enabled
400 Cross org passwords enabled
Cross-organization passwords are enabled for this project. This endpoint is not valid for projects using cross-organization passwords.
Need help?
cross_org_passwords_not_enabled
400 Cross org passwords not enabled
Cross-organization passwords are not enabled for this project. Please enable them in the dashboard to continue: https://stytch.com/dashboard/password-strength-config.
Need help?
custom_claims_too_large
400 Custom claims too large
Custom claims are too large.
Need help?
default_mfa_member_missing_factor
400 Default mfa member missing factor
Attempting to set a default MFA method for a member that does not have that auth method active.
Need help?
deprecated_endpoint
400 Deprecated endpoint
This endpoint has been deprecated
Need help?
desired_email_deactivated_by_different_member
400 Desired email deactivated by different member
The requested email_address was deactivated for a different member and cannot be used for other members.
Need help?
desired_email_updating_for_different_member
400 Desired email updating for different member
The requested email_address is being verified for a different member and cannot be used for other members at the moment.
Need help?
downstream_carrier_error
400 Downstream carrier error
The downstream carrier returned an error. This could be temporary, please try again. If this issue persists, please contact support.
Need help?
duplicate_custom_hostname_found
400 Duplicate custom hostname found
Duplicate custom hostname found during CNAME creation. A custom hostname can only be used in one project.
Need help?
duplicate_email
400 Duplicate email
A user with the specified email already exists for this project.
Need help?
duplicate_email_for_user
400 Duplicate email for user
The specified email is already tied to this user.
Need help?
duplicate_email_template_vanity_id
400 Duplicate email template vanity id
Email template vanity ID already exists.
Need help?
duplicate_external_sso_connection
400 Duplicate external sso connection
The external SSO connection already exists for this organization.
Need help?
duplicate_m2m_client_id
400 Duplicate m2m client id
The client ID submitted is already in use by another client.
Need help?
duplicate_member_email
400 Duplicate member email
This email already exists for this organization.
Need help?
duplicate_member_external_id
400 Duplicate member external id
A member with the specified external_id already exists for this organization.
Need help?
duplicate_member_phone_number
400 Duplicate member phone number
A member with the specified phone number already exists for this organization.
Need help?
duplicate_member_phone_number_for_member
400 Duplicate member phone number for member
A different phone number is already tied to this member.
Need help?
duplicate_organization
400 Duplicate organization
An organization with the specified name already exists.
Need help?
duplicate_organization_user
400 Duplicate organization user
A user with the specified email already exists for this organization.
Need help?
duplicate_project_user
400 Duplicate project user
A project user for the specified organization user already exists for this project.
Need help?
duplicate_redirect_url
400 Duplicate redirect url
A redirect URL already exists for the provided URL.
Need help?
duplicate_saml_connection
400 Duplicate saml connection
The SAML connection already exists for this organization and IDP.
Need help?
duplicate_saml_response
400 Duplicate saml response
This SAML response has already been seen. Please attempt to log in again.
Need help?
duplicate_webauthn_registration
400 Duplicate webauthn registration
The supplied credential ID already exists for this project.
Need help?
dynamic_client_registration_not_enabled
400 Dynamic client registration not enabled
Dynamic Client Registration is not enabled for this project. Please enable them in the dashboard to continue: https://stytch.com/dashboard/connected-apps.
Need help?
email_jit_provisioning_not_allowed
400 Email jit provisioning not allowed
Email JIT provisioning is not allowed for this organization.
Need help?
email_unverified_for_reactivation
400 Email unverified for reactivation
The email associated with the member id provided for reactivation is unverified, so the member cannot be reactivated.
Need help?
email_updates_available_only_for_active_members
400 Email updates available only for active members
Members may only update their email address if they are active.
Need help?
email_verification_required
400 Email verification required
There is a password linked to this email, but this email has not been verified for this member yet.
Need help?
empty_rbac_resource_id
400 Empty rbac resource id
All resource_ids must be nonempty.
Need help?
empty_rbac_role_id
400 Empty rbac role id
All role_ids must be nonempty.
Need help?
empty_rbac_scope
400 Empty rbac scope
All scopes must be nonempty.
Need help?
event_log_streaming_bad_datadog_config
400 Event log streaming bad datadog config
The Datadog config is invalid. Ensure there is a valid API Key and Site.
Need help?
event_log_streaming_bad_grafana_loki_config
400 Event log streaming bad grafana loki config
The Grafana Loki config is invalid. Ensure there is a valid URL, username, and password.
Need help?
event_log_streaming_invalid_destination_type
400 Event log streaming invalid destination type
The destination type is invalid. Please use one of the following: datadog, grafana_loki.
Need help?
event_log_streaming_invalid_streaming_status
400 Event log streaming invalid streaming status
The streaming status is invalid. Please use one of the following: active, disabled, pending.
Need help?
event_log_streaming_too_many_destinations
400 Event log streaming too many destinations
A project can only have one active event log streaming destination.
Need help?
expired_oauth_response
400 Expired oauth response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_oidc_response
400 Expired oidc response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_saml_response
400 Expired saml response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_totp
400 Expired totp
The TOTP for this user has expired without being verified.
Need help?
external_connection_id_not_found
400 External connection id not found
The provided external_connection_id was not found.
Need help?
external_connection_not_active
400 External connection not active
The provided external_connection_id is not active.
Need help?
external_organization_id_same_as_organization_id
400 External organization id same as organization id
The external_organization_id cannot be the same as the organization_id.
Need help?
failed_saml_response
400 Failed saml response
The user failed to log in to their IDP, or the IDP failed to authenticate the application.
Need help?
forbidden_character_zero_width_space
400 Forbidden character zero width space
Zero width space (U+200B) identified in request, please remove.
Need help?
id_token_expired
400 Id token expired
ID token is expired.
Need help?
id_token_incorrect_audience
400 Id token incorrect audience
ID token’s audience does not match the OAuth configuration’s ID.
Need help?
id_token_invalid
400 Id token invalid
ID token is invalid.
Need help?
id_token_nonce_invalid
400 Id token nonce invalid
The provided nonce does not match the nonce in the ID token.
Need help?
idp_access_token_expired
400 Idp access token expired
The access token is expired.
Need help?
idp_auth_code_expired
400 Idp auth code expired
The authorization code is expired.
Need help?
idp_invalid_access_token_custom_audience
400 Idp invalid access token custom audience
Access Token Custom Audience is invalid, should be less than 255 characters.
Need help?
idp_invalid_access_token_expiry_minutes
400 Idp invalid access token expiry minutes
Access Token Expiry Minutes is invalid, should be between 5 to 1440 minutes.
Need help?
idp_invalid_access_token_jwt_template
400 Idp invalid access token jwt template
Access Token Template Content is invalid, should be less than 255 characters.
Need help?
idp_refresh_token_already_used
400 Idp refresh token already used
The refresh token has already been used.
Need help?
idp_refresh_token_expired
400 Idp refresh token expired
The refresh token is expired.
Need help?
inactive_email
400 Inactive email
The email provided has been marked as inactive by our email provider.
Common Causes
- Our email provider received a hard bounce when previously attempting to deliver an email to this email address.
- This user previously marked an email sent by Stytch as spam.
Troubleshooting
- Confirm with your user that their email address can now successfully receive emails.
- If our email provider previously hit a hard bounce but the email address can now successfully receive emails, you can reactivate it via the User management or Members tab in the Stytch Dashboard.
- If the user previously marked a Stytch email as spam but is now interested in receiving Stytch emails again, please reach out to support@stytch.com so that we can reactivate their email address.
Need help?
indeterminate_sso_connection_for_organization
400 Indeterminate sso connection for organization
The organization owns more than one SSO Connection. Please specify the specific connection to be used.
Need help?
insecure_m2m_client_secret
400 Insecure m2m client secret
The client secret submitted is not secure enough. Please generate a more secure secret.
Need help?
invalid_append_salt
400 Invalid append salt
The append_salt value is not supported because it’s too long.
Need help?
invalid_argon_2_iteration_amount
400 Invalid argon 2 iteration amount
The iteration_amount value is invalid.
Need help?
invalid_argon_2_key_length
400 Invalid argon 2 key length
The key_length value is invalid.
Need help?
invalid_argon_2_memory
400 Invalid argon 2 memory
The memory value is invalid.
Need help?
invalid_argon_2_salt
400 Invalid argon 2 salt
The salt value is an unsupported length.
Need help?
invalid_argon_2_threads
400 Invalid argon 2 threads
The threads value is invalid.
Need help?
invalid_argument
400 Invalid argument
Invalid argument.
Need help?
invalid_audience_saml_response
400 Invalid audience saml response
The audience in the SAML response is incorrect.
Need help?
invalid_authentication_type
400 Invalid authentication type
The authentication type provided in the header of the request is invalid. The Stytch API uses basic authentication. See more about authenticating Stytch API requests here.
Need help?
invalid_authenticator_type
400 Invalid authenticator type
Invalid authenticator type. The valid values are platform and cross-platform.
Need help?
invalid_authorization_header
400 Invalid authorization header
The authorization header provided with the request is invalid.
Common Causes
- HTTP request is missing an Authorization header
- The Authorization header in the HTTP request is not formatted properly
- The Authorization header in the HTTP request has the incorrect credentials
Troubleshooting
- Check the Authorization header in the HTTP request for proper formatting.
- Always use the Basic Auth type in the header.
- Check the project credentials you entered match your API keys in the Dashboard.
Need help?
invalid_authorization_url
400 Invalid authorization url
Please ensure the length of your authorization_url is less than or equal to 255 characters.
Need help?
invalid_base64_scrypt_hash
400 Invalid base64 scrypt hash
The provided hash isn’t a base64 encoded string. Please base64 encode the hash before passing it to this endpoint.
Need help?
invalid_base64_scrypt_salt
400 Invalid base64 scrypt salt
The provided salt isn’t a base64 encoded string. Please base64 encode the salt before passing it to this endpoint.
Need help?
invalid_bcrypt_cost
400 Invalid bcrypt cost
The bcrypt cost value is too high, it must be less than 15. If you need a higher cost parameter, please email support@stytch.com.
Need help?
invalid_bcrypt_hash
400 Invalid bcrypt hash
The bcrypt hash passed is not valid.
Need help?
invalid_callback_id
400 Invalid callback id
The callback URL has an invalid OAuth Callback ID. Please find it in the dashboard at https://stytch.com/dashboard/ and follow the steps there to enter it into the identity provider
Need help?
invalid_captcha_provider_id
400 Invalid captcha provider id
captcha_provider_id format is invalid.
Need help?
invalid_captcha_provider_type
400 Invalid captcha provider type
provider_type should be set to ‘GoogleRecaptchaEnterpriseSilentWeb’, ‘GoogleRecaptchaEnterpriseSilentAndroid’, or ‘GoogleRecaptchaEnterpriseSilentIOS’,.
Need help?
invalid_captcha_threshold
400 Invalid captcha threshold
threshold should be in the range 0 to 1 inclusive.
Need help?
invalid_client_id
400 Invalid client id
Please ensure the length of your client_id is less than or equal to 255 characters.
Need help?
invalid_client_secret
400 Invalid client secret
Please ensure the length of your client_secret is less than or equal to 512 characters.
Need help?
invalid_code
400 Invalid code
Code format is invalid.
Need help?
invalid_connected_app_type
400 Invalid connected app type
Connected Apps must be created with a valid client type. Accepted types are ‘first_party’, ‘first_party_public’, ‘third_party’, and ‘third_party_public’.
Need help?
invalid_connection_for_jit_provisioning
400 Invalid connection for jit provisioning
The SSO connection isn’t allowed to create new users according to the organization’s JIT provisioning settings.
Need help?
invalid_consumer_endpoint
400 Invalid consumer endpoint
This endpoint is only enabled for consumer projects.
Need help?
invalid_default_url
400 Invalid default url
Thanks for trying Stytch! Replace the default URL with your own to get started. If you haven’t already done so, you’ll also need to set your magic_link_urls in the dashboard here: https://stytch.com/dashboard/redirect-urls
Need help?
invalid_discovery_redirect_url
400 Invalid discovery redirect url
discovery_redirect_url is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_display_name
400 Invalid display name
Please ensure the length of your display name is less than or equal to 128 characters.
Need help?
invalid_domain
400 Invalid domain
Invalid domain, ensure that only the domain was provided. Do not include https:// or a port in this value. Visit the link here for more information about valid domains (called RP ID on the site).
Need help?
invalid_email
400 Invalid email
The email address is invalid (i.e. not properly formatted) or missing. Check that the email address is properly formatted and only includes allowed characters.
Need help?
invalid_email_domain
400 Invalid email domain
Email domain is too large. Please contact support if this is a valid email.
Need help?
invalid_email_for_invites
400 Invalid email for invites
The email isn’t valid within the organization’s invite settings.
Need help?
invalid_email_for_jit_provisioning
400 Invalid email for jit provisioning
The email isn’t valid within the organization’s JIT provisioning settings.
Need help?
invalid_email_html
400 Invalid email html
email html is not valid.
Need help?
invalid_email_id
400 Invalid email id
The email_id is invalid (i.e. not properly formatted) or missing. email-test-81bf03a8-86e1-4d95-bd44-bb3495224953 is an example email_id.
Need help?
invalid_email_plaintext
400 Invalid email plaintext
email plaintext is not valid.
Need help?
invalid_email_sandbox
400 Invalid email sandbox
Invalid email. The sandbox@stytch.com email can only be used in the Test environment.
Need help?
invalid_email_subject
400 Invalid email subject
email subject is not valid.
Need help?
invalid_email_template_content
400 Invalid email template content
The email template contains a disallowed phrase. If you think this is an error, please contact support@stytch.com.
Need help?
invalid_email_template_parameters
400 Invalid email template parameters
email plaintext and htmlcontent are both empty.
Need help?
invalid_expiration
400 Invalid expiration
Expiration is invalid, should be between 5 and 10080 minutes.
Need help?
invalid_expiration_otp
400 Invalid expiration otp
expiration_minutes is invalid, should be between 1 and 10 minutes.
Need help?
invalid_from_local_part
400 Invalid from local part
from_local_part format is invalid.
Need help?
invalid_google_hosted_domain_error
400 Invalid google hosted domain error
The Hosted Domain associated with the login did not match the domain of the email given.
Need help?
invalid_hash
400 Invalid hash
hash is invalid.
Need help?
invalid_hash_type
400 Invalid hash type
The hash_type is invalid. Please check here for a list of supported hash types.
Need help?
invalid_id
400 Invalid id
ID format is invalid.
Need help?
invalid_idp_entity_id
400 Invalid idp entity id
Please ensure the length of your idp_entity_id is less than or equal to 255 characters.
Need help?
invalid_idp_sso_url
400 Invalid idp sso url
Please ensure the length of your idp_sso_url is less than or equal to 255 characters.
Need help?
invalid_impersonation_reason
400 Invalid impersonation reason
Impersonation reason must be less than 255 characters.
Need help?
invalid_intermediate_session_token_for_organization
400 Invalid intermediate session token for organization
The intermediate session token is invalid for the requested organization.
Need help?
invalid_invite_redirect_url
400 Invalid invite redirect url
invite_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_ip_address
400 Invalid ip address
ip_address format is invalid.
Need help?
invalid_issuer
400 Invalid issuer
Please ensure the length of your issuer is less than or equal to 128 characters.
Need help?
invalid_jwks_url
400 Invalid jwks url
Please ensure the length of your jwks_url is less than or equal to 255 characters.
Need help?
invalid_locale
400 Invalid locale
locale is invalid.
Need help?
invalid_login_oauth_url
400 Invalid login oauth url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_login_redirect_url
400 Invalid login redirect url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_login_sso_url
400 Invalid login sso url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_m2m_client_scope
400 Invalid m2m client scope
The client scope was invalid. Client scopes must be at most 128 characters long and must not contain spaces, backslashes, or quotes.
Need help?
invalid_m2m_client_status
400 Invalid m2m client status
The client status sent was invalid. Client statuses must be either ‘active’ or ‘disabled’.
Need help?
invalid_md_5_hash
400 Invalid md 5 hash
The MD5 hash passed is not valid.
Need help?
invalid_member_get_fields
400 Invalid member get fields
Please ensure at least one of the following is provided: member_id, email_address.
Need help?
invalid_method_id
400 Invalid method id
The method_id is invalid (i.e. not properly formatted) or missing. email-test-81bf03a8-86e1-4d95-bd44-bb3495224953 is an example method_id.
Need help?
invalid_mfa_default_method
400 Invalid mfa default method
Attempting to set a default MFA method to an invalid value.
Need help?
invalid_microsoft_tenant_type
400 Invalid microsoft tenant type
Only Microsoft Azure Active Directory (AAD) Tenants are permitted to use the Stytch B2B OAuth product. If you are trying to integrate an AAD-B2C account, configure that AAD-B2C tenant as an org-scoped OIDC or SAML connection.
Need help?
invalid_microsoft_user_principal_name
400 Invalid microsoft user principal name
The User Principal Name associated with the login did not have a matching validated domain.
Need help?
invalid_mobile_identifier
400 Invalid mobile identifier
The mobile header sent is invalid.
Need help?
invalid_oauth_allowed_tenants_format
400 Invalid oauth allowed tenants format
Tenants must be in the list of supported OAuth Providers. Supported providers are ‘slack’, ‘hubspot’, and ‘github’. Values must be in a list format.
Need help?
invalid_oauth_provider
400 Invalid oauth provider
We didn’t recognize the OAuth provider name in the request. Check that the argument is the name of a supported OAuth provider.
Need help?
invalid_oauth_tenant_for_jit_provisioning
400 Invalid oauth tenant for jit provisioning
The OAuth Tenant isn’t valid within the organization’s JIT provisioning settings.
Need help?
invalid_organization_allowed_auth_methods
400 Invalid organization allowed auth methods
Allowed auth methods can only be ‘magic_link’, ‘sso’, ‘password’, ‘email_otp’, ‘google_oauth’, ‘microsoft_oauth’, ‘hubspot_oauth’, ‘slack_oauth’, and/or ‘github_oauth’
Need help?
invalid_organization_allowed_mfa_methods
400 Invalid organization allowed mfa methods
Allowed mfa methods can only be ‘sms_otp’ and/or ‘totp’
Need help?
invalid_organization_auth_factor_setting
400 Invalid organization auth factor setting
The value provided isn’t valid. Valid values are ‘NOT_ALLOWED’, ‘RESTRICTED’, or ‘ALL_ALLOWED’.
Need help?
invalid_organization_auth_factor_setting_for_email_jit_provisioning
400 Invalid organization auth factor setting for email jit provisioning
Email JIT Provisioning can only be ‘NOT_ALLOWED’ or ‘RESTRICTED’, never ‘ALL_ALLOWED’
Need help?
invalid_organization_auth_factor_setting_for_oauth_tenant_jit_provisioning
400 Invalid organization auth factor setting for oauth tenant jit provisioning
OAuth Tenant JIT Provisioning can only be ‘NOT_ALLOWED’ or ‘RESTRICTED’, never ‘ALL_ALLOWED’
Need help?
invalid_organization_auth_method_settings
400 Invalid organization auth method settings
Auth methods can only be ‘ALL_ALLOWED’ or ‘RESTRICTED’, never ‘NOT_ALLOWED’
Need help?
invalid_organization_external_id
400 Invalid organization external id
The organization_external_id, if provided, must be non-empty.
Need help?
invalid_organization_id
400 Invalid organization id
organization_id format is invalid.
Need help?
invalid_organization_mfa_factor_setting
400 Invalid organization mfa factor setting
The value provided isn’t valid. Valid values are ‘NOT_ALLOWED’, ‘RESTRICTED’, or ‘ALL_ALLOWED’.
Need help?
invalid_organization_mfa_policy
400 Invalid organization mfa policy
The value provided isn’t valid. Valid values are ‘OPTIONAL’, or ‘REQUIRED_FOR_ALL’.
Need help?
invalid_organization_name
400 Invalid organization name
Organization name cannot be longer than 128 characters.
Need help?
invalid_organization_slug
400 Invalid organization slug
The organization_slug must be at least 2 characters long and may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. At least one character must be alphanumeric.
Need help?
invalid_password_id
400 Invalid password id
password_id format is invalid.
Need help?
invalid_password_reset_redirect_url
400 Invalid password reset redirect url
reset_password_redirect_url is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_password_strength_luds_complexity
400 Invalid password strength luds complexity
The LUDS password complexity should be between 1 and 4, inclusive.
Need help?
invalid_password_strength_luds_length
400 Invalid password strength luds length
The minimum password length should be between 8 and 32, inclusive.
Need help?
invalid_pbkdf_2_algorithm
400 Invalid pbkdf 2 algorithm
The provided PBKDF-2 algorithm is invalid. Valid arguments are ‘sha256’ and ‘sha512’.
Need help?
invalid_pbkdf_2_hash
400 Invalid pbkdf 2 hash
The PBKDF-2 hash passed is not valid.
Need help?
invalid_pbkdf_2_iteration_amount
400 Invalid pbkdf 2 iteration amount
The provided PBKDF-2 iteration_amount value is invalid. Valid range: 512-900000.
Need help?
invalid_pbkdf_2_salt
400 Invalid pbkdf 2 salt
The provided PBKDF-2 salt is invalid.
Need help?
invalid_permission_action
400 Invalid permission action
All actions used in RBAC role permissions must be defined within their respective resource.
Need help?
invalid_permission_resource
400 Invalid permission resource
All resources used in RBAC role permissions must be defined.
Need help?
invalid_phone_number
400 Invalid phone number
The phone number is invalid, i.e. not properly formatted, or missing.
Common Causes
- If you’re accepting the raw input from a user, they may have included an invalid character, i.e. not a digit.
- If the phone number is missing from the call, you may not be passing the input from the user to your backend.
- [WhatsApp] Recipient has not accepted WhatsApp’s new Terms of Service, or is using an unsupported version of the WhatsApp client for their phone.
Troubleshooting
- If you’re accepting the raw input form a user, make sure you’re sanitizing the input and formatting it properly. Many libraries can help with this, like libphonenumber-js.
- Check that the phone number is properly formatted with the E. 164 format, e.g. “+14155551234”
- Check that the phone number only includes allowed characters, i.e. dashes “555-1234” and parentheses “(415)” are not included.
Need help?
invalid_phone_number_country_code
400 Invalid phone number country code
The phone number’s country code is invalid, unsupported, or disabled for your Project.
Common Causes
- SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you’re interested in sending international SMS, please add those countries to your Project’s allowlist via the Dashboard or Programmatic Workspace Actions, and add credit card details to your account.
- Regardless of whether or not you are enabled for international SMS, Stytch does not support sending SMS to countries on our Unsupported countries list.
Troubleshooting
- Make sure that the country code you’ve provided is correctly formatted.
- Make sure that the country is not included in our Unsupported countries list.
- Make sure that your Stytch project has the phone number’s country code added to its allowlist via the Dashboard or Programmatic Workspace Actions.
Need help?
invalid_phone_number_docs
400 Invalid phone number docs
Thanks for trying Stytch! Replace the test phone number with a valid one to start sending one-time passcodes.
Need help?
invalid_phone_number_sandbox
400 Invalid phone number sandbox
Phone number is invalid. The sandbox phone number, +10000000000, can only be used in the Test environment.
Need help?
invalid_phpass_hash_format
400 Invalid phpass hash format
The phpass hash has an incorrect format as it needs to be exactly 34 characters.
Need help?
invalid_phpass_hash_prefix
400 Invalid phpass hash prefix
The phpass hash is invalid as it needs to start with
Need help?
invalid_pkce_code_challenge
400 Invalid pkce code challenge
The PKCE Code Challenge param may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. It must also be between 43 and 128 characters long. Please refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 for details.
Need help?
invalid_pkce_code_verifier
400 Invalid pkce code verifier
The PKCE Code Verifier param may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. It must also be between 43 and 128 characters long. Please refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.1 for details.
Need help?
invalid_prepend_salt
400 Invalid prepend salt
The prepend_salt value is not supported because it’s too long.
Need help?
invalid_project_id
400 Invalid project id
project_id format is invalid.
Need help?
invalid_project_id_authentication
400 Invalid project id authentication
The project ID provided in the basic authentication header is invalid. Please check to make sure the format is correct and there are no trailing whitespaces. To view your project ID please visit the Stytch Dashboard here.
Need help?
invalid_project_name
400 Invalid project name
The project name is invalid.
Need help?
invalid_public_key
400 Invalid public key
Invalid public key. The key is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential
400 Invalid public key credential
Invalid public key credential. Please confirm you’re passing a correctly formatted public key credential.
Need help?
invalid_public_key_credential_invalid_authenticator_data
400 Invalid public key credential invalid authenticator data
Invalid public key credential. The authenticatorData field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_invalid_id
400 Invalid public key credential invalid id
Invalid public key credential. The id field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_invalid_signature
400 Invalid public key credential invalid signature
Invalid public key credential. The signature field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_malformed_attestation_object
400 Invalid public key credential malformed attestation object
Invalid public key credential. The attestationObject field is present but is malformed and cannot be parsed.
Need help?
invalid_public_key_credential_malformed_client_data_json
400 Invalid public key credential malformed client data json
Invalid public key credential. The clientDataJSON field is present but is malformed and cannot be parsed.
Need help?
invalid_public_key_credential_missing_attestation_object_field
400 Invalid public key credential missing attestation object field
Invalid public key credential. The public key credential is missing the attestationObject field.
Need help?
invalid_public_key_credential_missing_authenticator_data_field
400 Invalid public key credential missing authenticator data field
Invalid public key credential. The public key credential is missing the authenticatorData field.
Need help?
invalid_public_key_credential_missing_client_data_json_field
400 Invalid public key credential missing client data json field
Invalid public key credential. The public key credential is missing the clientDataJSON field.
Need help?
invalid_public_key_credential_missing_id_field
400 Invalid public key credential missing id field
Invalid public key credential. The public key credential is missing an id field.
Need help?
invalid_public_key_credential_missing_response_field
400 Invalid public key credential missing response field
Invalid public key credential. The public key credential is missing the response field.
Need help?
invalid_public_key_credential_missing_signature_field
400 Invalid public key credential missing signature field
Invalid public key credential. The public key credential is missing the signature field.
Need help?
invalid_public_token_id
400 Invalid public token id
The public_token used to instantiate the Stytch SDK is invalid. You can find your public_token in the Project ID & API keys section of the Project Overview in the Stytch Dashboard.
Common Causes
- No
public_tokenwas passed in when loading the Stytch SDK. - The
public_tokenpassed was invalid, e.g. it contains quotes, was of an incorrect length or format, etc.
Troubleshooting
- Check that your environment contains your Stytch
public_token. - Check that you’re passing the
public_tokenin via the correct method. You can see how to launch each Stytch SDK by visiting their respective Docs.
Need help?
invalid_rbac_custom_role
400 Invalid rbac custom role
You may not use the pre-defined role names of ‘stytch_member’ or ‘stytch_admin’ in your custom roles.
Need help?
invalid_rbac_role_assignment
400 Invalid rbac role assignment
The role assignment provided is not properly formatted. Make sure both a domain and role_id are included.
Need help?
invalid_rbac_role_id
400 Invalid rbac role id
The role_id provided is not valid for this project’s RBAC policy.
Need help?
invalid_rbac_scope
400 Invalid rbac scope
Scopes cannot contain whitespace, ’\’, or ’“‘
Need help?
invalid_rbac_stytch_role_edit
400 Invalid rbac stytch role edit
You may not edit the role_id or description of the stytch_user, stytch_member, or stytch_admin roles.
Need help?
invalid_recovery_code
400 Invalid recovery code
The recovery_code submitted was invalid.
Need help?
invalid_redirect_url_type
400 Invalid redirect url type
Invalid redirect URL Type. Type should be login, invite, signup, reset_password, or discovery. Only B2B projects can pass discovery.
Need help?
invalid_reply_to_local_part
400 Invalid reply to local part
reply_to_local_part format is invalid.
Need help?
invalid_request
400 Invalid request
Invalid request. Ensure that your project ID exists is passed into the URI path.
Need help?
invalid_request_id
400 Invalid request id
request_id format is invalid.
Need help?
invalid_request_value
400 Invalid request value
Invalid request value, request is required and must have a value.
Need help?
invalid_restricted_email_setting
400 Invalid restricted email setting
If either email_jit_provisioning or email_invites is ‘RESTRICTED’, there must be at least one allowed domain.
Need help?
invalid_restricted_oauth_tenants_setting
400 Invalid restricted oauth tenants setting
There must be at least one allowed OAuth Tenant only if oauth_tenant_jit_provisioning is ‘RESTRICTED’.
Need help?
invalid_restricted_sso_setting
400 Invalid restricted sso setting
If sso_jit_provisioning is ‘RESTRICTED’, there must be at least one allowed connection.
Need help?
invalid_role
400 Invalid role
Role specified is invalid.
Need help?
invalid_saml_metadata_url
400 Invalid saml metadata url
Unable to resolve SAML metadata document. Please ensure that the metadata_url is a valid IdP metadata URL.
Need help?
invalid_saml_response
400 Invalid saml response
The SAML response could not be validated. Please contact support for additional information.
Need help?
invalid_saml_response_email
400 Invalid saml response email
Unable to find a valid email in the SAML response. Check that your SAML connection email attribute mapping matches your provider, or contact support for additional information
Need help?
invalid_saml_response_groups
400 Invalid saml response groups
Unable to find valid groups in the SAML response. Check that your SAML connection groups attribute mapping matches your provider, or contact support for additional information
Need help?
invalid_scim_idp
400 Invalid scim idp
SCIM IDP format is invalid. IDP must be ‘okta’, ‘microsoft-entra’, ‘cyberark’, ‘jumpcloud’, ‘onelogin’, ‘pingfederate’, ‘rippling’ or ‘generic’.
Need help?
invalid_scope
400 Invalid scope
Please make sure that the scopes requested are included in the client.
Need help?
invalid_scope_parameter
400 Invalid scope parameter
scopes is not a recognized parameter. Please use scope instead.
Need help?
invalid_scrypt_n_parameter
400 Invalid scrypt n parameter
The n parameter is invalid. It needs to be greater than 1, a power of 2, and less than or equal to 262,144. If you need a higher n parameter, please email support@stytch.com.
Need help?
invalid_scrypt_parameters
400 Invalid scrypt parameters
The scrypt parameters are too large. The r parameter multiplied by p parameter must be under 2 raised to the 30th power (r * p < 2^30).
Need help?
invalid_scrypt_salt_length
400 Invalid scrypt salt length
The salt value is an unsupported length.
Need help?
invalid_secret_authentication
400 Invalid secret authentication
The secret provided in the basic authentication header is invalid. Please check to make sure the format is correct and there are no trailing whitespaces. To create a new secret for your project or to confirm an existing secret please visit the Stytch Dashboard here.
Need help?
invalid_secret_id
400 Invalid secret id
secret_id format is invalid.
Need help?
invalid_session_duration
400 Invalid session duration
The submitted session duration exceeds the maximum session duration allowed for this project. If this is intentional, please update the maximum duration here: https://stytch.com/dashboard/sdk-configuration
Need help?
invalid_session_duration_minutes
400 Invalid session duration minutes
session_duration_minutes is invalid, should be between 5 to 527040 minutes.
Need help?
invalid_session_fields
400 Invalid session fields
Please ensure exactly one of the following is provided: intermediate_session_token, session_token, session_jwt.
Need help?
invalid_session_id
400 Invalid session id
session_id format is invalid.
Need help?
invalid_session_missing_primary_factor
400 Invalid session missing primary factor
Cannot create a new session without primary factors.
Need help?
invalid_session_token
400 Invalid session token
The session_token format is invalid (i.e. not properly formatted). Stytch will return this error if the session_token or session_jwt is invalid, e.g. malformed, too few characters, too many etc.
Common Causes
- Your backend or frontend is not properly parsing the session value from where you are storing it, e.g. you’re parsing and passing the key and value instead of just the value.
- You are running automated tests with a placeholder value, e.g. “test-123”, for sessions against our API.
Troubleshooting
- Double check your parsing logic for pulling the
session_tokenorsession_jwt. Make sure that you are only pulling the value itself and preserving the full length of each. session_tokens are 44 characters long and may include numbers, letters, and special characters.session_jwts can be arbitrarily long depending upon their contents, and conform to RFC 7519.
Need help?
invalid_session_token_docs
400 Invalid session token docs
The session_token you provided is a sample one from the Docs. Please use a session_token that you received from a /sessions/authenticate request.
Need help?
invalid_sha_1_hash
400 Invalid sha 1 hash
The SHA-1 hash passed is not valid.
Need help?
invalid_sha_512_hash
400 Invalid sha 512 hash
The SHA-512 hash passed is not valid.
Need help?
invalid_signature_saml_response
400 Invalid signature saml response
The signature in the SAML response is incorrect.
Need help?
invalid_signup_oauth_url
400 Invalid signup oauth url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_signup_redirect_url
400 Invalid signup redirect url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_signup_sso_url
400 Invalid signup sso url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_sso_default_connection_id
400 Invalid sso default connection id
SSO Default Connection ID format is invalid
Need help?
invalid_sso_idp
400 Invalid sso idp
SSO IDP format is invalid. IDP must be ‘generic’, ‘okta’, ‘microsoft-entra’, or ‘google-workspace’.
Need help?
invalid_stytch_prefixed_resource
400 Invalid stytch prefixed resource
RBAC resources may not be prefixed with stytch.
Need help?
invalid_subject
400 Invalid subject
The subject provided is invalid.
Need help?
invalid_template_id
400 Invalid template id
template_id format is invalid.
Need help?
invalid_token
400 Invalid token
Token format is invalid.
Need help?
invalid_token_docs
400 Invalid token docs
Thanks for trying Stytch! Replace the test token with a valid one found in a Stytch email to start authenticating users.
Need help?
invalid_token_organization_id_claim
400 Invalid token organization id claim
Token organization_id does not match request organization_id
Need help?
invalid_token_url
400 Invalid token url
Please ensure the length of your token_url is less than or equal to 255 characters.
Need help?
invalid_totp_code
400 Invalid totp code
The totp_code submitted was invalid. The totp_code must be 6 digits long.
Need help?
invalid_totp_id
400 Invalid totp id
totp_id format is invalid.
Need help?
invalid_trusted_auth_token
400 Invalid trusted auth token
Provided trusted auth token is not valid
Need help?
invalid_url
400 Invalid url
URL format is invalid. Common issues include using http instead of https or omitting https://. If including query parameters use as a placeholder value. For example: https://example.com/authenticate?redirect={}
Need help?
invalid_user_agent
400 Invalid user agent
user_agent format is invalid.
Need help?
invalid_user_lock_threshold
400 Invalid user lock threshold
User lock threshold must be inside the range [1, 100]
Need help?
invalid_user_lock_ttl
400 Invalid user lock ttl
User lock TTL value must be inside range [300, 604800]
Need help?
invalid_userinfo_url
400 Invalid userinfo url
Please ensure the length of your userinfo_url is less than or equal to 255 characters.
Need help?
invalid_webauthn_registration_domain
400 Invalid webauthn registration domain
The domain cannot be longer than 255 characters.
Need help?
invalid_webauthn_registration_id
400 Invalid webauthn registration id
webauthn_registration_id format is invalid.
Need help?
invalid_wildcard_action
400 Invalid wildcard action
RBAC actions may not contain the wild character, *.
Need help?
invalid_x509_certificate
400 Invalid x509 certificate
The SSO connection could not be activated because the x509 certificate provided was not valid
Need help?
invalid_xml_from_saml_metadata_url
400 Invalid xml from saml metadata url
The metadata URL contained invalid or malformed XML. Please ensure that it is a valid IdP metadata URL.
Need help?
invalid_xml_saml_response
400 Invalid xml saml response
The SAML response contained invalid or malformed XML.
Need help?
jwt_invalid_audience
400 Jwt invalid audience
An invalid audience was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_invalid_claims
400 Jwt invalid claims
An invalid claim was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_invalid_issuer
400 Jwt invalid issuer
An invalid issuer was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_template_invalid_json
400 Jwt template invalid json
JWT Template did not produce valid JSON output.
Need help?
jwt_template_invalid_tag
400 Jwt template invalid tag
JWT Template contains an invalid tag.
Need help?
jwt_template_mismatched_tag
400 Jwt template mismatched tag
JWT Template contains a mismatched set of tags.
Need help?
live_id_used_in_test_environment
400 Live id used in test environment
Invalid argument sent to Test environment. Looks like you supplied a Live identifier for a request for the Test environment (test.stytch.com). Try sending a request to api.stytch.com instead or using a different identifier.
Need help?
m2m_client_already_rotating_secret
400 M2m client already rotating secret
The client is already in a secret rotation flow. Please finish or cancel the current secret rotation flow before starting a new one.
Need help?
m2m_client_invalid_client_description
400 M2m client invalid client description
M2M Client Description may not be larger than 512 characters.
Need help?
m2m_client_invalid_client_id
400 M2m client invalid client id
M2M Client ID may not be larger than 128 characters.
Need help?
m2m_client_invalid_client_name
400 M2m client invalid client name
M2M Client Name may not be larger than 128 characters.
Need help?
m2m_client_invalid_client_secret
400 M2m client invalid client secret
M2M Client Secret may not be larger than 128 characters.
Need help?
m2m_client_invalid_status
400 M2m client invalid status
M2M Client status must be either ‘active’ or ‘inactive’.
Need help?
m2m_client_not_found
400 M2m client not found
The m2m client requested could not be found.
Need help?
m2m_client_not_rotating_secret
400 M2m client not rotating secret
The client is not in a secret rotation flow. Please start a secret rotation flow before calling this endpoint.
Need help?
m2m_search_expected_array_of_strings
400 M2m search expected array of strings
Expected m2m search filter_value to contain an array of strings.
Need help?
m2m_search_filter_name_must_be_string
400 M2m search filter name must be string
Expected m2m search operand ‘filter_name’ to be a string.
Need help?
m2m_search_filter_name_not_recognized
400 M2m search filter name not recognized
The m2m search operand filter name was not recognized.
Need help?
m2m_search_missing_filter_name
400 M2m search missing filter name
Expected m2m search operand to contain a ‘filter_name’ key.
Need help?
m2m_search_missing_filter_value
400 M2m search missing filter value
Expected m2m search operand to contain a filter_value key.
Need help?
member_cannot_update_their_email_address
400 Member cannot update their email address
The member performing the action cannot update their own email address.
Need help?
member_dashboard_search_disabled
400 Member dashboard search disabled
Member search is temporarily disabled in the dashboard. Please use the API for any member search queries: see https://stytch.com/docs/b2b/api/search-members.
Need help?
member_has_no_active_verified_email
400 Member has no active verified email
The member does not have an active verified email address. Please ensure that the member’s email is verified before proceeding.
Need help?
member_impersonation_not_allowed
400 Member impersonation not allowed
Member cannot be impersonated
Need help?
member_password_not_found
400 Member password not found
Member password not found
Need help?
member_reset_password
400 Member reset password
member must reset their password
Need help?
member_search_cannot_mix_internal_and_external_member_ids
400 Member search cannot mix internal and external member ids
Cannot mix internal and external member ids for this filter
Need help?
member_search_expected_array_of_strings
400 Member search expected array of strings
Expected member search filter_value to contain an array of strings. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_expected_boolean
400 Member search expected boolean
Expected member search filter_value to contain a boolean. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_expected_string
400 Member search expected string
Expected member search filter_value to contain a string. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_filter_name_must_be_string
400 Member search filter name must be string
Expected member search operand filter_name to be a string. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_filter_name_not_recognized
400 Member search filter name not recognized
The member search operand filter_name was not recognized. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_member_email_fuzzy_too_short
400 Member search member email fuzzy too short
Expected member_email_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_member_mfa_phone_number_fuzzy_too_short
400 Member search member mfa phone number fuzzy too short
Expected member_mfa_phone_number_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_filter_name
400 Member search missing filter name
Expected member search operand to contain a filter_name key. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_filter_value
400 Member search missing filter value
Expected member search operand to contain a filter_value key. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_is_breakglass
400 Member search missing is breakglass
Expected member_is_breakglass to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_email_fuzzy
400 Member search missing member email fuzzy
Expected member_email_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_emails
400 Member search missing member emails
Expected member_emails to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_ids
400 Member search missing member ids
Expected member_ids to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_roles
400 Member search missing member roles
Expected member_roles to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_mfa_member_phone_number_fuzzy
400 Member search missing mfa member phone number fuzzy
Expected member_mfa_phone_number_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_mfa_member_phone_numbers
400 Member search missing mfa member phone numbers
Expected member_mfa_phone_numbers to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_oauth_providers
400 Member search missing oauth providers
Expected member_oauth_providers to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_id
400 Member search missing organization id
Expected organization_id to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_slug
400 Member search missing organization slug
Expected organization_slug to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_slug_fuzzy
400 Member search missing organization slug fuzzy
Expected organization_slug_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_password_exists
400 Member search missing password exists
Expected member_password_exists to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_status
400 Member search missing status
Expected status to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_statuses
400 Member search missing statuses
Expected statuses to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_totp_exists
400 Member search missing totp exists
Expected member_totp_exists to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_organization_ids_empty
400 Member search organization ids empty
Expected at least one organization_id to be specified for member search. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_organization_slug_fuzzy_too_short
400 Member search organization slug fuzzy too short
Expected organization_slug_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_session_member_id_mismatch
400 Member session member id mismatch
The provided member session must match the member ID.
Need help?
metadata_invalid_format
400 Metadata invalid format
Metadata field must be a JSON object.
Need help?
metadata_too_large
400 Metadata too large
Metadata field is too large.
Need help?
metadata_too_many_keys
400 Metadata too many keys
Metadata field contains too many keys.
Need help?
migrate_from_external_email_does_not_exist
400 Migrate from external email does not exist
Please ensure that the user and email exist before migrating an external session.
Need help?
migrate_from_external_missing_userinfo
400 Migrate from external missing userinfo
The project is missing the OIDC userinfo endpoint. Please configure one in the Stytch dashboard and try again.
Need help?
migrate_from_external_unexpected_response
400 Migrate from external unexpected response
An error was encountered when querying the external provider’s userinfo endpoint.
Need help?
missing_apple_app_id
400 Missing apple app id
The Apple OAuth config is missing an App ID value.
Need help?
missing_oauth_organization_locator
400 Missing oauth organization locator
Please pass in an organization_id or slug query parameter to indicate which organization to use for login.
Need help?
missing_oauth_refresh_token
400 Missing oauth refresh token
The Identity Provider did not issue a refresh token and the initial access token is expired. Log in using the identity provider again to issue a new set of credentials. See https://stytch.com/docs/b2b/api/get-google-access-token for more information.
Need help?
missing_oidc_csrf_cookie
400 Missing oidc csrf cookie
OIDC callback was missing anti-CSRF cookie. Please try again.
Need help?
missing_oidc_refresh_token
400 Missing oidc refresh token
The Identity Provider did not issue a refresh token and the initial access token is expired. Log in using the identity provider again to issue a new set of credentials.
Need help?
missing_oidc_state_param
400 Missing oidc state param
OIDC callback was missing state form value
Need help?
missing_saml_csrf_cookie
400 Missing saml csrf cookie
SAML POST callback was missing anti-CSRF cookie. Please try again.
Need help?
missing_saml_relay_state
400 Missing saml relay state
SAML POST callback was missing RelayState form value
Need help?
missing_saml_response
400 Missing saml response
SAML POST callback was missing SAMLResponse form value
Need help?
missing_signature_saml_response
400 Missing signature saml response
The signature in the SAML response is missing.
Need help?
missing_sso_connection_locator
400 Missing sso connection locator
Please pass in an organization_id, organization_slug, or connection_id query parameter to indicate which SSO Connection to use for login.
Need help?
must_have_jwks_url_for_trusted_token_profile_with_type_jwk
400 Must have jwks url for trusted token profile with type jwk
This trusted token profile using public key type JWK must have a JWKS url
Need help?
must_have_pem_files_for_trusted_token_profile_with_type_pem
400 Must have pem files for trusted token profile with type pem
This trusted token profile using public key type PEM must have at least one PEM file
Need help?
no_active_recovery_code_backed_factor
400 No active recovery code backed factor
No active authentication factors that are backed by recovery codes were found for the member.
Need help?
no_active_scim_connection
400 No active scim connection
No active SCIM connection exists for this organization.
Need help?
no_active_webauthn_registrations
400 No active webauthn registrations
No active WebAuthn registrations for this user ID and domain. To create one, first hit the WebAuthn register/start endpoint. Complete the registration by subsequently hitting the WebAuthn register endpoint.
Need help?
no_default_discovery_redirect_url_set
400 No default discovery redirect url set
There is no default discovery redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a discovery redirect URL in the request or set a default for this project. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_invite_redirect_url_set
400 No default invite redirect url set
There is no default invite redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a invite redirect URL in the request or set a default for this project. To set invite redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_login_redirect_url_set
400 No default login redirect url set
There is no default login redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a login redirect URL in the request or set a default for this project. To set login redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_signup_redirect_url_set
400 No default signup redirect url set
There is no default signup redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a signup redirect URL in the request or set a default for this project. To set signup redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_deleted_member_found_for_reactivation
400 No deleted member found for reactivation
The member id provided for reactivation does not belong to a deleted member.
Need help?
no_discovery_redirect_url
400 No discovery redirect url
There are no discovery redirect URLs registered. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls. For more information on why this validation is necessary please visit https://stytch.com/docs/b2b/api/url-validation.
Need help?
no_discovery_redirect_urls_set
400 No discovery redirect urls set
Unable to verify the provided discovery_redirect_url. There are no discovery redirect URLs set for this project so we are unable to verify the discovery_redirect_url provided in the request. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_invite_redirect_url
400 No invite redirect url
There are no invite redirect URLs registered. To set invite redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_invite_redirect_urls_set
400 No invite redirect urls set
Unable to verify the provided invite_magic_link_url. There are no invite redirect URLs set for this project so we are unable to verify the invite_magic_link_url provided in the request. To set invite redirect URLs for the project please visit the Dashboard here. For more information on why this validation is necessary please read more here.
Need help?
no_login_redirect_url
400 No login redirect url
There are no login redirect URLs registered. To set login redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_login_redirect_urls_set
400 No login redirect urls set
Unable to verify the provided login_magic_link_url. There are no login redirect URLs set for this project so we are unable to verify the login_magic_link_url provided in the request. To set login redirect URLs for the project please visit the Dashboard here. For more information on why this validation is necessary please read more here.
Need help?
no_match_for_provided_magic_link_url
400 No match for provided magic link url
The magic_link_url in the request did not match any redirect URLs set for the project. Please visit the Stytch Dashboard here to update the redirect URLs for the project. For more information on why this validation is necessary please read more here.
Common Causes
- The provided
magic_link_urlwas not added to the Stytch Dashboard - The provided
magic_link_urlcontents were changed during development, and the Stytch Dashboard was not updated accordingly
Troubleshooting
- Compare provided
magic_link_urlwith values in the Dashboard - Be sure
magic_link_urlis a redirect URL in the Stytch environment you are using. The Test and Live redirect urls are configured separately with the Dashboard.
Need help?
no_match_for_provided_oauth_url
400 No match for provided oauth url
The oauth redirect url in the request did not match any redirect URLs set for this project. Please visit https://stytch.com/dashboard/redirect-urls to update the redirect URLs for this project. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_match_for_provided_sso_url
400 No match for provided sso url
The sso redirect url in the request did not match any redirect URLs set for this project. Please visit https://stytch.com/dashboard/redirect-urls to update the redirect URLs for this project. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_oauth_authorize_member_selector
400 No oauth authorize member selector
Please ensure only one of the following is passed: session_token, session_jwt, or a member_id + organization_id. Exactly one of those values is required to identify the member.
Need help?
no_password_reset_redirect_url
400 No password reset redirect url
There are no password reset redirect URLs registered. To set password reset redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_pending_webauthn_registration
400 No pending webauthn registration
Unable to find a pending registration tied to this user. Please ensure you’ve first hit the WebAuthn register/start endpoint with the supplied user_id.
Need help?
no_session_arguments
400 No session arguments
Please ensure you’re passing exactly one session field.
Need help?
no_session_revoke_arguments
400 No session revoke arguments
Please include a session_id, session_token, session_jwt, or a member_id (if the project is a B2B project). Exactly one of those values is required to revoke a session.