action_available_only_for_active_members
400 Action available only for active members
You may not attach an MFA factor to a member that is not active.
Need help?
action_available_only_once_primary_authentication_is_met
400 Action available only once primary authentication is met
You must complete the primary authentication requirements for an organization before completing an MFA flow.
Need help?
action_not_allowed_email_domain_is_claimed
400 Action not allowed email domain is claimed
Members with this email domain are restricted to organizations that have claimed this domain.
Need help?
active_scim_connection_exists
400 Active scim connection exists
Cannot create a new SCIM connection for the specified organization since the organization already has an active SCIM connection. Organizations may only have one active SCIM connection at a time.
Need help?
active_totp_exists
400 Active totp exists
Cannot create a new TOTP for the specified user since the user already has an active TOTP. Users may only have one active TOTP at a time.
Need help?
ad_blocker_detected
400 Ad blocker detected
The request was blocked by an Ad Blocker. Please disable your ad blocker and try the request again.
Need help?
allowed_auth_methods_required_for_restricted
400 Allowed auth methods required for restricted
Allowed auth methods must be set for ‘RESTRICTED’ auth methods
Need help?
allowed_mfa_methods_required_for_restricted
400 Allowed mfa methods required for restricted
Allowed mfa methods must be set for ‘RESTRICTED’ auth methods
Need help?
apple_oauth_config_not_found
400 Apple oauth config not found
The Apple OAuth config was not found.
Need help?
argon_2_key_length_mismatch
400 Argon 2 key length mismatch
The key_length value doesn’t match the length of the provided hash.
Need help?
authorization_endpoint_not_configured_for_project
400 Authorization endpoint not configured for project
The project does not have an authorization endpoint configured. Please configure it in the dashboard.
Need help?
bad_app_bundle_for_stytch_sdk
400 Bad app bundle for stytch sdk
This app bundle ID has not been registered as an allowed app for the Stytch SDK. Please add it here: https://stytch.com/dashboard/sdk-configuration
Need help?
bad_domain_for_stytch_sdk
400 Bad domain for stytch sdk
This website has not been registered as an allowed domain for the Stytch SDK. Please add it here: https://stytch.com/dashboard/sdk-configuration
Need help?
bad_request
400 Bad request
The submitted request is invalid.
Need help?
bad_vertical_for_stytch_sdk
400 Bad vertical for stytch sdk
The credentials used match a different vertical than the one specified in the SDK configuration. Please check if you are using a B2B or B2C project.
Need help?
billing_not_verified
400 Billing not verified
You cannot use this endpoint in the live environment until credit card details are added to your account, but you can try the endpoint in the test environment. Once your billing information is verified, this endpoint can be used in live. Your first 5,000 monthly active users are free every month, but collecting this information helps us prevent abuse of the platform. Please go to billing settings to provide billing information.
Need help?
billing_not_verified_for_email
400 Billing not verified for email
You can only send magic links to emails matching your project’s domain until credit card details are added to your account. Once your billing information is verified, emails can be sent to anyone. Your first 5,000 monthly active users are free every month, but collecting this information helps us prevent abuse of the platform. Please go to billing settings to provide billing information.
Need help?
breached_password
400 Breached password
Password doesn’t meet the API’s strength requirements. A password’s strength could be tested with the password strength check endpoint.
Common Causes
- The password was previously leaked, and the password now appears in the HaveIBeenPwned dataset.
Troubleshooting
- Use the password strength check endpoint endpoint to get actionable feedback on improving the strength of the password string. This feedback can be passed on to the end user via your UI.
Need help?
cannot_add_pem_file_to_non_pem_trusted_token_profile
400 Cannot add pem file to non pem trusted token profile
This trusted token profile does not use public key type PEM and cannot have associated PEM files
Need help?
cannot_assign_default_rbac_role_id
400 Cannot assign default rbac role id
The default role is implicitly assigned to all members in the project and cannot be explicitly assigned.
Need help?
cannot_delete_default_email_template
400 Cannot delete default email template
Cannot delete an email template that is currently set as a default. Please update or unset the default email template setting before deleting this template.
Need help?
cannot_delete_default_sso_connection
400 Cannot delete default sso connection
Please update the default SSO connection setting for this organization to a different SSO connection before deleting.
Need help?
cannot_delete_email
400 Cannot delete email
Cannot delete the last email for a user with a password. This ensures they can complete a password reset.
Need help?
cannot_delete_last_primary_factor
400 Cannot delete last primary factor
You cannot delete the last primary factor (email, phone number, crypto wallet) for a user because that would make their account difficult or impossible to recover. If you want to remove the user from your project, delete the user instead.
Need help?
cannot_delete_last_sso_verification_key
400 Cannot delete last sso verification key
Cannot delete the last verification certificate for a connection. Please pass in another one before deleting this one.
Need help?
cannot_preserve_existing_sessions
400 Cannot preserve existing sessions
preserve_existing_sessions cannot be set to true if attempting to update a member’s email.
Need help?
cannot_reset_password_with_existing_password
400 Cannot reset password with existing password
Cannot reset user’s password using their existing password. This could be because their existing password was part of a data breach or to prevent password squatting. Please reset the password via a session or email reset.
Need help?
cannot_specify_wildcard_with_other_actions
400 Cannot specify wildcard with other actions
If you want to specify wildcard (*) for a resource, do not pass any other actions.
Need help?
cannot_toggle_cross_org_passwords_when_password_in_use
400 Cannot toggle cross org passwords when password in use
Cross-organization passwords setting cannot be updated when a member with an active password exists.
Need help?
cannot_use_webauthn_with_pending_user
400 Cannot use webauthn with pending user
WebAuthn can only be used with active users. To learn more about WebAuthn and user states please see here and here.
Need help?
claimed_email_domains_not_supported
400 Claimed email domains not supported
Claimed email domains are not supported for this project.
Need help?
client_secret_too_long
400 Client secret too long
Client secret is too long. Please make sure you have the correct value.
Need help?
cname_required_to_enable_http_only_cookies
400 Cname required to enable http only cookies
You must have a valid CNAME record to enable HTTP-only cookies. Please add a CNAME record to your DNS configuration.
Need help?
connected_app_already_rotating_secret
400 Connected app already rotating secret
The client is already in a secret rotation flow. Please finish or cancel the current secret rotation flow before starting a new one.
Need help?
connected_app_invalid_redirect_url
400 Connected app invalid redirect url
The redirect URL for this client is invalid.
Need help?
connected_app_misconfigured_client
400 Connected app misconfigured client
The client is misconfigured. Check application logs for additional details.
Need help?
connected_app_not_rotating_secret
400 Connected app not rotating secret
The client is not in a secret rotation flow. Please start a secret rotation flow before calling this endpoint.
Need help?
connected_app_redirect_url_cannot_use_localhost
400 Connected app redirect url cannot use localhost
The redirect URL for this client cannot be localhost. See https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 for more details.
Need help?
connected_app_redirect_url_http_scheme_must_use_loopback
400 Connected app redirect url http scheme must use loopback
The redirect URL for this public client uses an ‘http’ scheme. Only loopback addresses are allowed with ‘http’ schemes.
Need help?
connected_app_redirect_url_must_include_scheme
400 Connected app redirect url must include scheme
The redirect URL for this public client must have a scheme. If you believe this to be in error, please contact support@stytch.com for assistance.
Need help?
connected_app_redirect_url_must_use_http_or_https_scheme
400 Connected app redirect url must use http or https scheme
The redirect URL for this non-public client must use the ‘http’ or ‘https’ schemes.
Need help?
connected_app_redirect_url_must_use_https_scheme
400 Connected app redirect url must use https scheme
The redirect URL for this non-public client must use the ‘https’ scheme. Localhost or loopback addresses are not allowed
Need help?
country_code_allowlist_b2b_whatsapp_not_supported
400 Country code allowlist b2b whatsapp not supported
WhatsApp country code allowlist is not supported for B2B projects.
Need help?
country_code_allowlist_billing_not_verified
400 Country code allowlist billing not verified
Billing is not verified for this project. Country code allowlist cannot be updated until credit card details are added to your account. Collecting this information helps us prevent abuse of the platform. Please see https://stytch.com/dashboard/settings/billing to provide billing information.
Need help?
country_code_allowlist_empty
400 Country code allowlist empty
The country code allowlist cannot be empty as this will block the project from sending SMS / WhatsApp messages.
Need help?
country_code_allowlist_invalid_country_codes
400 Country code allowlist invalid country codes
The country code allowlist contains one or more invalid country codes. Please check that each provided country code follows the Alpha-2 standard here: https://www.iban.com/country-codes.
Need help?
cross_org_passwords_enabled
400 Cross org passwords enabled
Cross-organization passwords are enabled for this project. This endpoint is not valid for projects using cross-organization passwords.
Need help?
cross_org_passwords_not_enabled
400 Cross org passwords not enabled
Cross-organization passwords are not enabled for this project. Please enable them in the dashboard to continue: https://stytch.com/dashboard/password-strength-config.
Need help?
custom_claims_too_large
400 Custom claims too large
Custom claims are too large.
Need help?
default_mfa_member_missing_factor
400 Default mfa member missing factor
Attempting to set a default MFA method for a member that does not have that auth method active.
Need help?
deprecated_endpoint
400 Deprecated endpoint
This endpoint has been deprecated
Need help?
desired_email_deactivated_by_different_member
400 Desired email deactivated by different member
The requested email_address was deactivated for a different member and cannot be used for other members.
Need help?
desired_email_updating_for_different_member
400 Desired email updating for different member
The requested email_address is being verified for a different member and cannot be used for other members at the moment.
Need help?
downstream_carrier_error
400 Downstream carrier error
The downstream carrier returned an error. This could be temporary, please try again. If this issue persists, please contact support.
Need help?
duplicate_custom_hostname_found
400 Duplicate custom hostname found
Duplicate custom hostname found during CNAME creation. A custom hostname can only be used in one project.
Need help?
duplicate_email
400 Duplicate email
A user with the specified email already exists for this project.
Need help?
duplicate_email_for_user
400 Duplicate email for user
The specified email is already tied to this user.
Need help?
duplicate_email_template_vanity_id
400 Duplicate email template vanity id
Email template vanity ID already exists.
Need help?
duplicate_external_sso_connection
400 Duplicate external sso connection
The external SSO connection already exists for this organization.
Need help?
duplicate_m2m_client_id
400 Duplicate m2m client id
The client ID submitted is already in use by another client.
Need help?
duplicate_member_email
400 Duplicate member email
This email already exists for this organization.
Need help?
duplicate_member_external_id
400 Duplicate member external id
A member with the specified external_id already exists for this organization.
Need help?
duplicate_member_phone_number
400 Duplicate member phone number
A member with the specified phone number already exists for this organization.
Need help?
duplicate_member_phone_number_for_member
400 Duplicate member phone number for member
A different phone number is already tied to this member.
Need help?
duplicate_organization
400 Duplicate organization
An organization with the specified name already exists.
Need help?
duplicate_organization_user
400 Duplicate organization user
A user with the specified email already exists for this organization.
Need help?
duplicate_project_user
400 Duplicate project user
A project user for the specified organization user already exists for this project.
Need help?
duplicate_redirect_url
400 Duplicate redirect url
A redirect URL already exists for the provided URL.
Need help?
duplicate_saml_connection
400 Duplicate saml connection
The SAML connection already exists for this organization and IDP.
Need help?
duplicate_saml_response
400 Duplicate saml response
This SAML response has already been seen. Please attempt to log in again.
Need help?
duplicate_webauthn_registration
400 Duplicate webauthn registration
The supplied credential ID already exists for this project.
Need help?
dynamic_client_registration_not_enabled
400 Dynamic client registration not enabled
Dynamic Client Registration is not enabled for this project. Please enable them in the dashboard to continue: https://stytch.com/dashboard/connected-apps.
Need help?
email_jit_provisioning_not_allowed
400 Email jit provisioning not allowed
Email JIT provisioning is not allowed for this organization.
Need help?
email_unverified_for_reactivation
400 Email unverified for reactivation
The email associated with the member id provided for reactivation is unverified, so the member cannot be reactivated.
Need help?
email_updates_available_only_for_active_members
400 Email updates available only for active members
Members may only update their email address if they are active.
Need help?
email_verification_required
400 Email verification required
There is a password linked to this email, but this email has not been verified for this member yet.
Need help?
empty_rbac_resource_id
400 Empty rbac resource id
All resource_ids must be nonempty.
Need help?
empty_rbac_role_id
400 Empty rbac role id
All role_ids must be nonempty.
Need help?
empty_rbac_scope
400 Empty rbac scope
All scopes must be nonempty.
Need help?
event_log_streaming_bad_datadog_config
400 Event log streaming bad datadog config
The Datadog config is invalid. Ensure there is a valid API Key and Site.
Need help?
event_log_streaming_bad_grafana_loki_config
400 Event log streaming bad grafana loki config
The Grafana Loki config is invalid. Ensure there is a valid URL, username, and password.
Need help?
event_log_streaming_invalid_destination_type
400 Event log streaming invalid destination type
The destination type is invalid. Please use one of the following: datadog, grafana_loki.
Need help?
event_log_streaming_invalid_streaming_status
400 Event log streaming invalid streaming status
The streaming status is invalid. Please use one of the following: active, disabled, pending.
Need help?
event_log_streaming_too_many_destinations
400 Event log streaming too many destinations
A project can only have one active event log streaming destination.
Need help?
expired_oauth_response
400 Expired oauth response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_oidc_response
400 Expired oidc response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_saml_response
400 Expired saml response
Too much time has passed since the login flow started. Please attempt to log in again.
Need help?
expired_totp
400 Expired totp
The TOTP for this user has expired without being verified.
Need help?
external_connection_id_not_found
400 External connection id not found
The provided external_connection_id was not found.
Need help?
external_connection_not_active
400 External connection not active
The provided external_connection_id is not active.
Need help?
external_organization_id_same_as_organization_id
400 External organization id same as organization id
The external_organization_id cannot be the same as the organization_id.
Need help?
failed_saml_response
400 Failed saml response
The user failed to log in to their IDP, or the IDP failed to authenticate the application.
Need help?
forbidden_character_zero_width_space
400 Forbidden character zero width space
Zero width space (U+200B) identified in request, please remove.
Need help?
id_token_expired
400 Id token expired
ID token is expired.
Need help?
id_token_incorrect_audience
400 Id token incorrect audience
ID token’s audience does not match the OAuth configuration’s ID.
Need help?
id_token_invalid
400 Id token invalid
ID token is invalid.
Need help?
id_token_nonce_invalid
400 Id token nonce invalid
The provided nonce does not match the nonce in the ID token.
Need help?
idp_access_token_expired
400 Idp access token expired
The access token is expired.
Need help?
idp_auth_code_expired
400 Idp auth code expired
The authorization code is expired.
Need help?
idp_invalid_access_token_custom_audience
400 Idp invalid access token custom audience
Access Token Custom Audience is invalid, should be less than 255 characters.
Need help?
idp_invalid_access_token_expiry_minutes
400 Idp invalid access token expiry minutes
Access Token Expiry Minutes is invalid, should be between 5 to 1440 minutes.
Need help?
idp_invalid_access_token_jwt_template
400 Idp invalid access token jwt template
Access Token Template Content is invalid, should be less than 255 characters.
Need help?
idp_refresh_token_already_used
400 Idp refresh token already used
The refresh token has already been used.
Need help?
idp_refresh_token_expired
400 Idp refresh token expired
The refresh token is expired.
Need help?
inactive_email
400 Inactive email
The email provided has been marked as inactive by our email provider.
Common Causes
- Our email provider received a hard bounce when previously attempting to deliver an email to this email address.
- This user previously marked an email sent by Stytch as spam.
Troubleshooting
- Confirm with your user that their email address can now successfully receive emails.
- If our email provider previously hit a hard bounce but the email address can now successfully receive emails, you can reactivate it via the User management or Members tab in the Stytch Dashboard.
- If the user previously marked a Stytch email as spam but is now interested in receiving Stytch emails again, please reach out to support@stytch.com so that we can reactivate their email address.
Need help?
indeterminate_sso_connection_for_organization
400 Indeterminate sso connection for organization
The organization owns more than one SSO Connection. Please specify the specific connection to be used.
Need help?
insecure_m2m_client_secret
400 Insecure m2m client secret
The client secret submitted is not secure enough. Please generate a more secure secret.
Need help?
invalid_append_salt
400 Invalid append salt
The append_salt value is not supported because it’s too long.
Need help?
invalid_argon_2_iteration_amount
400 Invalid argon 2 iteration amount
The iteration_amount value is invalid.
Need help?
invalid_argon_2_key_length
400 Invalid argon 2 key length
The key_length value is invalid.
Need help?
invalid_argon_2_memory
400 Invalid argon 2 memory
The memory value is invalid.
Need help?
invalid_argon_2_salt
400 Invalid argon 2 salt
The salt value is an unsupported length.
Need help?
invalid_argon_2_threads
400 Invalid argon 2 threads
The threads value is invalid.
Need help?
invalid_argument
400 Invalid argument
Invalid argument.
Need help?
invalid_audience_saml_response
400 Invalid audience saml response
The audience in the SAML response is incorrect.
Need help?
invalid_authentication_type
400 Invalid authentication type
The authentication type provided in the header of the request is invalid. The Stytch API uses basic authentication. See more about authenticating Stytch API requests here.
Need help?
invalid_authenticator_type
400 Invalid authenticator type
Invalid authenticator type. The valid values are platform and cross-platform.
Need help?
invalid_authorization_header
400 Invalid authorization header
The authorization header provided with the request is invalid.
Common Causes
- HTTP request is missing an Authorization header
- The Authorization header in the HTTP request is not formatted properly
- The Authorization header in the HTTP request has the incorrect credentials
Troubleshooting
- Check the Authorization header in the HTTP request for proper formatting.
- Always use the Basic Auth type in the header.
- Check the project credentials you entered match your API keys in the Dashboard.
Need help?
invalid_authorization_url
400 Invalid authorization url
Please ensure the length of your authorization_url is less than or equal to 255 characters.
Need help?
invalid_base64_scrypt_hash
400 Invalid base64 scrypt hash
The provided hash isn’t a base64 encoded string. Please base64 encode the hash before passing it to this endpoint.
Need help?
invalid_base64_scrypt_salt
400 Invalid base64 scrypt salt
The provided salt isn’t a base64 encoded string. Please base64 encode the salt before passing it to this endpoint.
Need help?
invalid_bcrypt_cost
400 Invalid bcrypt cost
The bcrypt cost value is too high, it must be less than 15. If you need a higher cost parameter, please email support@stytch.com.
Need help?
invalid_bcrypt_hash
400 Invalid bcrypt hash
The bcrypt hash passed is not valid.
Need help?
invalid_callback_id
400 Invalid callback id
The callback URL has an invalid OAuth Callback ID. Please find it in the dashboard at https://stytch.com/dashboard/ and follow the steps there to enter it into the identity provider
Need help?
invalid_captcha_provider_id
400 Invalid captcha provider id
captcha_provider_id format is invalid.
Need help?
invalid_captcha_provider_type
400 Invalid captcha provider type
provider_type should be set to ‘GoogleRecaptchaEnterpriseSilentWeb’, ‘GoogleRecaptchaEnterpriseSilentAndroid’, or ‘GoogleRecaptchaEnterpriseSilentIOS’,.
Need help?
invalid_captcha_threshold
400 Invalid captcha threshold
threshold should be in the range 0 to 1 inclusive.
Need help?
invalid_client_id
400 Invalid client id
Please ensure the length of your client_id is less than or equal to 255 characters.
Need help?
invalid_client_secret
400 Invalid client secret
Please ensure the length of your client_secret is less than or equal to 512 characters.
Need help?
invalid_code
400 Invalid code
Code format is invalid.
Need help?
invalid_connected_app_type
400 Invalid connected app type
Connected Apps must be created with a valid client type. Accepted types are ‘first_party’, ‘first_party_public’, ‘third_party’, and ‘third_party_public’.
Need help?
invalid_connection_for_jit_provisioning
400 Invalid connection for jit provisioning
The SSO connection isn’t allowed to create new users according to the organization’s JIT provisioning settings.
Need help?
invalid_consumer_endpoint
400 Invalid consumer endpoint
This endpoint is only enabled for consumer projects.
Need help?
invalid_default_url
400 Invalid default url
Thanks for trying Stytch! Replace the default URL with your own to get started. If you haven’t already done so, you’ll also need to set your magic_link_urls in the dashboard here: https://stytch.com/dashboard/redirect-urls
Need help?
invalid_discovery_redirect_url
400 Invalid discovery redirect url
discovery_redirect_url is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_display_name
400 Invalid display name
Please ensure the length of your display name is less than or equal to 128 characters.
Need help?
invalid_domain
400 Invalid domain
Invalid domain, ensure that only the domain was provided. Do not include https:// or a port in this value. Visit the link here for more information about valid domains (called RP ID on the site).
Need help?
invalid_email
400 Invalid email
The email address is invalid (i.e. not properly formatted) or missing. Check that the email address is properly formatted and only includes allowed characters.
Need help?
invalid_email_domain
400 Invalid email domain
Email domain is too large. Please contact support if this is a valid email.
Need help?
invalid_email_for_invites
400 Invalid email for invites
The email isn’t valid within the organization’s invite settings.
Need help?
invalid_email_for_jit_provisioning
400 Invalid email for jit provisioning
The email isn’t valid within the organization’s JIT provisioning settings.
Need help?
invalid_email_html
400 Invalid email html
email html is not valid.
Need help?
invalid_email_id
400 Invalid email id
The email_id is invalid (i.e. not properly formatted) or missing. email-test-81bf03a8-86e1-4d95-bd44-bb3495224953 is an example email_id.
Need help?
invalid_email_plaintext
400 Invalid email plaintext
email plaintext is not valid.
Need help?
invalid_email_sandbox
400 Invalid email sandbox
Invalid email. The sandbox@stytch.com email can only be used in the Test environment.
Need help?
invalid_email_subject
400 Invalid email subject
email subject is not valid.
Need help?
invalid_email_template_content
400 Invalid email template content
The email template contains a disallowed phrase. If you think this is an error, please contact support@stytch.com.
Need help?
invalid_email_template_parameters
400 Invalid email template parameters
email plaintext and htmlcontent are both empty.
Need help?
invalid_expiration
400 Invalid expiration
Expiration is invalid, should be between 5 and 10080 minutes.
Need help?
invalid_expiration_otp
400 Invalid expiration otp
expiration_minutes is invalid, should be between 1 and 10 minutes.
Need help?
invalid_from_local_part
400 Invalid from local part
from_local_part format is invalid.
Need help?
invalid_google_hosted_domain_error
400 Invalid google hosted domain error
The Hosted Domain associated with the login did not match the domain of the email given.
Need help?
invalid_hash
400 Invalid hash
hash is invalid.
Need help?
invalid_hash_type
400 Invalid hash type
The hash_type is invalid. Please check here for a list of supported hash types.
Need help?
invalid_id
400 Invalid id
ID format is invalid.
Need help?
invalid_idp_entity_id
400 Invalid idp entity id
Please ensure the length of your idp_entity_id is less than or equal to 255 characters.
Need help?
invalid_idp_sso_url
400 Invalid idp sso url
Please ensure the length of your idp_sso_url is less than or equal to 255 characters.
Need help?
invalid_impersonation_reason
400 Invalid impersonation reason
Impersonation reason must be less than 255 characters.
Need help?
invalid_intermediate_session_token_for_organization
400 Invalid intermediate session token for organization
The intermediate session token is invalid for the requested organization.
Need help?
invalid_invite_redirect_url
400 Invalid invite redirect url
invite_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_ip_address
400 Invalid ip address
ip_address format is invalid.
Need help?
invalid_issuer
400 Invalid issuer
Please ensure the length of your issuer is less than or equal to 128 characters.
Need help?
invalid_jwks_url
400 Invalid jwks url
Please ensure the length of your jwks_url is less than or equal to 255 characters.
Need help?
invalid_locale
400 Invalid locale
locale is invalid.
Need help?
invalid_login_oauth_url
400 Invalid login oauth url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_login_redirect_url
400 Invalid login redirect url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_login_sso_url
400 Invalid login sso url
login_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_m2m_client_scope
400 Invalid m2m client scope
The client scope was invalid. Client scopes must be at most 128 characters long and must not contain spaces, backslashes, or quotes.
Need help?
invalid_m2m_client_status
400 Invalid m2m client status
The client status sent was invalid. Client statuses must be either ‘active’ or ‘disabled’.
Need help?
invalid_md_5_hash
400 Invalid md 5 hash
The MD5 hash passed is not valid.
Need help?
invalid_member_get_fields
400 Invalid member get fields
Please ensure at least one of the following is provided: member_id, email_address.
Need help?
invalid_method_id
400 Invalid method id
The method_id is invalid (i.e. not properly formatted) or missing. email-test-81bf03a8-86e1-4d95-bd44-bb3495224953 is an example method_id.
Need help?
invalid_mfa_default_method
400 Invalid mfa default method
Attempting to set a default MFA method to an invalid value.
Need help?
invalid_microsoft_tenant_type
400 Invalid microsoft tenant type
Only Microsoft Azure Active Directory (AAD) Tenants are permitted to use the Stytch B2B OAuth product. If you are trying to integrate an AAD-B2C account, configure that AAD-B2C tenant as an org-scoped OIDC or SAML connection.
Need help?
invalid_microsoft_user_principal_name
400 Invalid microsoft user principal name
The User Principal Name associated with the login did not have a matching validated domain.
Need help?
invalid_mobile_identifier
400 Invalid mobile identifier
The mobile header sent is invalid.
Need help?
invalid_oauth_allowed_tenants_format
400 Invalid oauth allowed tenants format
Tenants must be in the list of supported OAuth Providers. Supported providers are ‘slack’, ‘hubspot’, and ‘github’. Values must be in a list format.
Need help?
invalid_oauth_provider
400 Invalid oauth provider
We didn’t recognize the OAuth provider name in the request. Check that the argument is the name of a supported OAuth provider.
Need help?
invalid_oauth_tenant_for_jit_provisioning
400 Invalid oauth tenant for jit provisioning
The OAuth Tenant isn’t valid within the organization’s JIT provisioning settings.
Need help?
invalid_organization_allowed_auth_methods
400 Invalid organization allowed auth methods
Allowed auth methods can only be ‘magic_link’, ‘sso’, ‘password’, ‘email_otp’, ‘google_oauth’, ‘microsoft_oauth’, ‘hubspot_oauth’, ‘slack_oauth’, and/or ‘github_oauth’
Need help?
invalid_organization_allowed_mfa_methods
400 Invalid organization allowed mfa methods
Allowed mfa methods can only be ‘sms_otp’ and/or ‘totp’
Need help?
invalid_organization_auth_factor_setting
400 Invalid organization auth factor setting
The value provided isn’t valid. Valid values are ‘NOT_ALLOWED’, ‘RESTRICTED’, or ‘ALL_ALLOWED’.
Need help?
invalid_organization_auth_factor_setting_for_email_jit_provisioning
400 Invalid organization auth factor setting for email jit provisioning
Email JIT Provisioning can only be ‘NOT_ALLOWED’ or ‘RESTRICTED’, never ‘ALL_ALLOWED’
Need help?
invalid_organization_auth_factor_setting_for_oauth_tenant_jit_provisioning
400 Invalid organization auth factor setting for oauth tenant jit provisioning
OAuth Tenant JIT Provisioning can only be ‘NOT_ALLOWED’ or ‘RESTRICTED’, never ‘ALL_ALLOWED’
Need help?
invalid_organization_auth_method_settings
400 Invalid organization auth method settings
Auth methods can only be ‘ALL_ALLOWED’ or ‘RESTRICTED’, never ‘NOT_ALLOWED’
Need help?
invalid_organization_external_id
400 Invalid organization external id
The organization_external_id, if provided, must be non-empty.
Need help?
invalid_organization_id
400 Invalid organization id
organization_id format is invalid.
Need help?
invalid_organization_mfa_factor_setting
400 Invalid organization mfa factor setting
The value provided isn’t valid. Valid values are ‘NOT_ALLOWED’, ‘RESTRICTED’, or ‘ALL_ALLOWED’.
Need help?
invalid_organization_mfa_policy
400 Invalid organization mfa policy
The value provided isn’t valid. Valid values are ‘OPTIONAL’, or ‘REQUIRED_FOR_ALL’.
Need help?
invalid_organization_name
400 Invalid organization name
Organization name cannot be longer than 128 characters.
Need help?
invalid_organization_slug
400 Invalid organization slug
The organization_slug must be at least 2 characters long and may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. At least one character must be alphanumeric.
Need help?
invalid_password_id
400 Invalid password id
password_id format is invalid.
Need help?
invalid_password_reset_redirect_url
400 Invalid password reset redirect url
reset_password_redirect_url is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_password_strength_luds_complexity
400 Invalid password strength luds complexity
The LUDS password complexity should be between 1 and 4, inclusive.
Need help?
invalid_password_strength_luds_length
400 Invalid password strength luds length
The minimum password length should be between 8 and 32, inclusive.
Need help?
invalid_pbkdf_2_algorithm
400 Invalid pbkdf 2 algorithm
The provided PBKDF-2 algorithm is invalid. Valid arguments are ‘sha256’ and ‘sha512’.
Need help?
invalid_pbkdf_2_hash
400 Invalid pbkdf 2 hash
The PBKDF-2 hash passed is not valid.
Need help?
invalid_pbkdf_2_iteration_amount
400 Invalid pbkdf 2 iteration amount
The provided PBKDF-2 iteration_amount value is invalid. Valid range: 512-900000.
Need help?
invalid_pbkdf_2_salt
400 Invalid pbkdf 2 salt
The provided PBKDF-2 salt is invalid.
Need help?
invalid_permission_action
400 Invalid permission action
All actions used in RBAC role permissions must be defined within their respective resource.
Need help?
invalid_permission_resource
400 Invalid permission resource
All resources used in RBAC role permissions must be defined.
Need help?
invalid_phone_number
400 Invalid phone number
The phone number is invalid, i.e. not properly formatted, or missing.
Common Causes
- If you’re accepting the raw input from a user, they may have included an invalid character, i.e. not a digit.
- If the phone number is missing from the call, you may not be passing the input from the user to your backend.
- [WhatsApp] Recipient has not accepted WhatsApp’s new Terms of Service, or is using an unsupported version of the WhatsApp client for their phone.
Troubleshooting
- If you’re accepting the raw input form a user, make sure you’re sanitizing the input and formatting it properly. Many libraries can help with this, like libphonenumber-js.
- Check that the phone number is properly formatted with the E. 164 format, e.g. “+14155551234”
- Check that the phone number only includes allowed characters, i.e. dashes “555-1234” and parentheses “(415)” are not included.
Need help?
invalid_phone_number_country_code
400 Invalid phone number country code
The phone number’s country code is invalid, unsupported, or disabled for your Project.
Common Causes
- SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you’re interested in sending international SMS, please add those countries to your Project’s allowlist via the Dashboard or Programmatic Workspace Actions, and add credit card details to your account.
- Regardless of whether or not you are enabled for international SMS, Stytch does not support sending SMS to countries on our Unsupported countries list.
Troubleshooting
- Make sure that the country code you’ve provided is correctly formatted.
- Make sure that the country is not included in our Unsupported countries list.
- Make sure that your Stytch project has the phone number’s country code added to its allowlist via the Dashboard or Programmatic Workspace Actions.
Need help?
invalid_phone_number_docs
400 Invalid phone number docs
Thanks for trying Stytch! Replace the test phone number with a valid one to start sending one-time passcodes.
Need help?
invalid_phone_number_sandbox
400 Invalid phone number sandbox
Phone number is invalid. The sandbox phone number, +10000000000, can only be used in the Test environment.
Need help?
invalid_phpass_hash_format
400 Invalid phpass hash format
The phpass hash has an incorrect format as it needs to be exactly 34 characters.
Need help?
invalid_phpass_hash_prefix
400 Invalid phpass hash prefix
The phpass hash is invalid as it needs to start with
Need help?
invalid_pkce_code_challenge
400 Invalid pkce code challenge
The PKCE Code Challenge param may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. It must also be between 43 and 128 characters long. Please refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 for details.
Need help?
invalid_pkce_code_verifier
400 Invalid pkce code verifier
The PKCE Code Verifier param may only contain alphanumerics and the reserved characters ’-’, ’.’, ’_’, or ’~’. It must also be between 43 and 128 characters long. Please refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.1 for details.
Need help?
invalid_prepend_salt
400 Invalid prepend salt
The prepend_salt value is not supported because it’s too long.
Need help?
invalid_project_id
400 Invalid project id
project_id format is invalid.
Need help?
invalid_project_id_authentication
400 Invalid project id authentication
The project ID provided in the basic authentication header is invalid. Please check to make sure the format is correct and there are no trailing whitespaces. To view your project ID please visit the Stytch Dashboard here.
Need help?
invalid_project_name
400 Invalid project name
The project name is invalid.
Need help?
invalid_public_key
400 Invalid public key
Invalid public key. The key is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential
400 Invalid public key credential
Invalid public key credential. Please confirm you’re passing a correctly formatted public key credential.
Need help?
invalid_public_key_credential_invalid_authenticator_data
400 Invalid public key credential invalid authenticator data
Invalid public key credential. The authenticatorData field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_invalid_id
400 Invalid public key credential invalid id
Invalid public key credential. The id field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_invalid_signature
400 Invalid public key credential invalid signature
Invalid public key credential. The signature field is present but is malformed and cannot be decoded. The field should be base64 encoded.
Need help?
invalid_public_key_credential_malformed_attestation_object
400 Invalid public key credential malformed attestation object
Invalid public key credential. The attestationObject field is present but is malformed and cannot be parsed.
Need help?
invalid_public_key_credential_malformed_client_data_json
400 Invalid public key credential malformed client data json
Invalid public key credential. The clientDataJSON field is present but is malformed and cannot be parsed.
Need help?
invalid_public_key_credential_missing_attestation_object_field
400 Invalid public key credential missing attestation object field
Invalid public key credential. The public key credential is missing the attestationObject field.
Need help?
invalid_public_key_credential_missing_authenticator_data_field
400 Invalid public key credential missing authenticator data field
Invalid public key credential. The public key credential is missing the authenticatorData field.
Need help?
invalid_public_key_credential_missing_client_data_json_field
400 Invalid public key credential missing client data json field
Invalid public key credential. The public key credential is missing the clientDataJSON field.
Need help?
invalid_public_key_credential_missing_id_field
400 Invalid public key credential missing id field
Invalid public key credential. The public key credential is missing an id field.
Need help?
invalid_public_key_credential_missing_response_field
400 Invalid public key credential missing response field
Invalid public key credential. The public key credential is missing the response field.
Need help?
invalid_public_key_credential_missing_signature_field
400 Invalid public key credential missing signature field
Invalid public key credential. The public key credential is missing the signature field.
Need help?
invalid_public_token_id
400 Invalid public token id
The public_token used to instantiate the Stytch SDK is invalid. You can find your public_token in the Project ID & API keys section of the Project Overview in the Stytch Dashboard.
Common Causes
- No
public_tokenwas passed in when loading the Stytch SDK. - The
public_tokenpassed was invalid, e.g. it contains quotes, was of an incorrect length or format, etc.
Troubleshooting
- Check that your environment contains your Stytch
public_token. - Check that you’re passing the
public_tokenin via the correct method. You can see how to launch each Stytch SDK by visiting their respective Docs.
Need help?
invalid_rbac_custom_role
400 Invalid rbac custom role
You may not use the pre-defined role names of ‘stytch_member’ or ‘stytch_admin’ in your custom roles.
Need help?
invalid_rbac_role_assignment
400 Invalid rbac role assignment
The role assignment provided is not properly formatted. Make sure both a domain and role_id are included.
Need help?
invalid_rbac_role_id
400 Invalid rbac role id
The role_id provided is not valid for this project’s RBAC policy.
Need help?
invalid_rbac_scope
400 Invalid rbac scope
Scopes cannot contain whitespace, ’\’, or ’“‘
Need help?
invalid_rbac_stytch_role_edit
400 Invalid rbac stytch role edit
You may not edit the role_id or description of the stytch_user, stytch_member, or stytch_admin roles.
Need help?
invalid_recovery_code
400 Invalid recovery code
The recovery_code submitted was invalid.
Need help?
invalid_redirect_url_type
400 Invalid redirect url type
Invalid redirect URL Type. Type should be login, invite, signup, reset_password, or discovery. Only B2B projects can pass discovery.
Need help?
invalid_reply_to_local_part
400 Invalid reply to local part
reply_to_local_part format is invalid.
Need help?
invalid_request
400 Invalid request
Invalid request. Ensure that your project ID exists is passed into the URI path.
Need help?
invalid_request_id
400 Invalid request id
request_id format is invalid.
Need help?
invalid_request_value
400 Invalid request value
Invalid request value, request is required and must have a value.
Need help?
invalid_restricted_email_setting
400 Invalid restricted email setting
If either email_jit_provisioning or email_invites is ‘RESTRICTED’, there must be at least one allowed domain.
Need help?
invalid_restricted_oauth_tenants_setting
400 Invalid restricted oauth tenants setting
There must be at least one allowed OAuth Tenant only if oauth_tenant_jit_provisioning is ‘RESTRICTED’.
Need help?
invalid_restricted_sso_setting
400 Invalid restricted sso setting
If sso_jit_provisioning is ‘RESTRICTED’, there must be at least one allowed connection.
Need help?
invalid_role
400 Invalid role
Role specified is invalid.
Need help?
invalid_saml_metadata_url
400 Invalid saml metadata url
Unable to resolve SAML metadata document. Please ensure that the metadata_url is a valid IdP metadata URL.
Need help?
invalid_saml_response
400 Invalid saml response
The SAML response could not be validated. Please contact support for additional information.
Need help?
invalid_saml_response_email
400 Invalid saml response email
Unable to find a valid email in the SAML response. Check that your SAML connection email attribute mapping matches your provider, or contact support for additional information
Need help?
invalid_saml_response_groups
400 Invalid saml response groups
Unable to find valid groups in the SAML response. Check that your SAML connection groups attribute mapping matches your provider, or contact support for additional information
Need help?
invalid_scim_idp
400 Invalid scim idp
SCIM IDP format is invalid. IDP must be ‘okta’, ‘microsoft-entra’, ‘cyberark’, ‘jumpcloud’, ‘onelogin’, ‘pingfederate’, ‘rippling’ or ‘generic’.
Need help?
invalid_scope
400 Invalid scope
Please make sure that the scopes requested are included in the client.
Need help?
invalid_scope_parameter
400 Invalid scope parameter
scopes is not a recognized parameter. Please use scope instead.
Need help?
invalid_scrypt_n_parameter
400 Invalid scrypt n parameter
The n parameter is invalid. It needs to be greater than 1, a power of 2, and less than or equal to 262,144. If you need a higher n parameter, please email support@stytch.com.
Need help?
invalid_scrypt_parameters
400 Invalid scrypt parameters
The scrypt parameters are too large. The r parameter multiplied by p parameter must be under 2 raised to the 30th power (r * p < 2^30).
Need help?
invalid_scrypt_salt_length
400 Invalid scrypt salt length
The salt value is an unsupported length.
Need help?
invalid_secret_authentication
400 Invalid secret authentication
The secret provided in the basic authentication header is invalid. Please check to make sure the format is correct and there are no trailing whitespaces. To create a new secret for your project or to confirm an existing secret please visit the Stytch Dashboard here.
Need help?
invalid_secret_id
400 Invalid secret id
secret_id format is invalid.
Need help?
invalid_session_duration
400 Invalid session duration
The submitted session duration exceeds the maximum session duration allowed for this project. If this is intentional, please update the maximum duration here: https://stytch.com/dashboard/sdk-configuration
Need help?
invalid_session_duration_minutes
400 Invalid session duration minutes
session_duration_minutes is invalid, should be between 5 to 527040 minutes.
Need help?
invalid_session_fields
400 Invalid session fields
Please ensure exactly one of the following is provided: intermediate_session_token, session_token, session_jwt.
Need help?
invalid_session_id
400 Invalid session id
session_id format is invalid.
Need help?
invalid_session_missing_primary_factor
400 Invalid session missing primary factor
Cannot create a new session without primary factors.
Need help?
invalid_session_token
400 Invalid session token
The session_token format is invalid (i.e. not properly formatted). Stytch will return this error if the session_token or session_jwt is invalid, e.g. malformed, too few characters, too many etc.
Common Causes
- Your backend or frontend is not properly parsing the session value from where you are storing it, e.g. you’re parsing and passing the key and value instead of just the value.
- You are running automated tests with a placeholder value, e.g. “test-123”, for sessions against our API.
Troubleshooting
- Double check your parsing logic for pulling the
session_tokenorsession_jwt. Make sure that you are only pulling the value itself and preserving the full length of each. session_tokens are 44 characters long and may include numbers, letters, and special characters.session_jwts can be arbitrarily long depending upon their contents, and conform to RFC 7519.
Need help?
invalid_session_token_docs
400 Invalid session token docs
The session_token you provided is a sample one from the Docs. Please use a session_token that you received from a /sessions/authenticate request.
Need help?
invalid_sha_1_hash
400 Invalid sha 1 hash
The SHA-1 hash passed is not valid.
Need help?
invalid_sha_512_hash
400 Invalid sha 512 hash
The SHA-512 hash passed is not valid.
Need help?
invalid_signature_saml_response
400 Invalid signature saml response
The signature in the SAML response is incorrect.
Need help?
invalid_signup_oauth_url
400 Invalid signup oauth url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_signup_redirect_url
400 Invalid signup redirect url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_signup_sso_url
400 Invalid signup sso url
signup_redirect_url format is invalid. Common issues include using http instead of https or omitting https://.
Need help?
invalid_sso_default_connection_id
400 Invalid sso default connection id
SSO Default Connection ID format is invalid
Need help?
invalid_sso_idp
400 Invalid sso idp
SSO IDP format is invalid. IDP must be ‘generic’, ‘okta’, ‘microsoft-entra’, or ‘google-workspace’.
Need help?
invalid_stytch_prefixed_resource
400 Invalid stytch prefixed resource
RBAC resources may not be prefixed with stytch.
Need help?
invalid_subject
400 Invalid subject
The subject provided is invalid.
Need help?
invalid_template_id
400 Invalid template id
template_id format is invalid.
Need help?
invalid_token
400 Invalid token
Token format is invalid.
Need help?
invalid_token_docs
400 Invalid token docs
Thanks for trying Stytch! Replace the test token with a valid one found in a Stytch email to start authenticating users.
Need help?
invalid_token_organization_id_claim
400 Invalid token organization id claim
Token organization_id does not match request organization_id
Need help?
invalid_token_url
400 Invalid token url
Please ensure the length of your token_url is less than or equal to 255 characters.
Need help?
invalid_totp_code
400 Invalid totp code
The totp_code submitted was invalid. The totp_code must be 6 digits long.
Need help?
invalid_totp_id
400 Invalid totp id
totp_id format is invalid.
Need help?
invalid_trusted_auth_token
400 Invalid trusted auth token
Provided trusted auth token is not valid
Need help?
invalid_url
400 Invalid url
URL format is invalid. Common issues include using http instead of https or omitting https://. If including query parameters use as a placeholder value. For example: https://example.com/authenticate?redirect={}
Need help?
invalid_user_agent
400 Invalid user agent
user_agent format is invalid.
Need help?
invalid_user_lock_threshold
400 Invalid user lock threshold
User lock threshold must be inside the range [1, 100]
Need help?
invalid_user_lock_ttl
400 Invalid user lock ttl
User lock TTL value must be inside range [300, 604800]
Need help?
invalid_userinfo_url
400 Invalid userinfo url
Please ensure the length of your userinfo_url is less than or equal to 255 characters.
Need help?
invalid_webauthn_registration_domain
400 Invalid webauthn registration domain
The domain cannot be longer than 255 characters.
Need help?
invalid_webauthn_registration_id
400 Invalid webauthn registration id
webauthn_registration_id format is invalid.
Need help?
invalid_wildcard_action
400 Invalid wildcard action
RBAC actions may not contain the wild character, *.
Need help?
invalid_x509_certificate
400 Invalid x509 certificate
The SSO connection could not be activated because the x509 certificate provided was not valid
Need help?
invalid_xml_from_saml_metadata_url
400 Invalid xml from saml metadata url
The metadata URL contained invalid or malformed XML. Please ensure that it is a valid IdP metadata URL.
Need help?
invalid_xml_saml_response
400 Invalid xml saml response
The SAML response contained invalid or malformed XML.
Need help?
jwt_invalid_audience
400 Jwt invalid audience
An invalid audience was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_invalid_claims
400 Jwt invalid claims
An invalid claim was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_invalid_issuer
400 Jwt invalid issuer
An invalid issuer was found in the ID token. Please reach out to the application developer for support.
Need help?
jwt_template_invalid_json
400 Jwt template invalid json
JWT Template did not produce valid JSON output.
Need help?
jwt_template_invalid_tag
400 Jwt template invalid tag
JWT Template contains an invalid tag.
Need help?
jwt_template_mismatched_tag
400 Jwt template mismatched tag
JWT Template contains a mismatched set of tags.
Need help?
live_id_used_in_test_environment
400 Live id used in test environment
Invalid argument sent to Test environment. Looks like you supplied a Live identifier for a request for the Test environment (test.stytch.com). Try sending a request to api.stytch.com instead or using a different identifier.
Need help?
m2m_client_already_rotating_secret
400 M2m client already rotating secret
The client is already in a secret rotation flow. Please finish or cancel the current secret rotation flow before starting a new one.
Need help?
m2m_client_invalid_client_description
400 M2m client invalid client description
M2M Client Description may not be larger than 512 characters.
Need help?
m2m_client_invalid_client_id
400 M2m client invalid client id
M2M Client ID may not be larger than 128 characters.
Need help?
m2m_client_invalid_client_name
400 M2m client invalid client name
M2M Client Name may not be larger than 128 characters.
Need help?
m2m_client_invalid_client_secret
400 M2m client invalid client secret
M2M Client Secret may not be larger than 128 characters.
Need help?
m2m_client_invalid_status
400 M2m client invalid status
M2M Client status must be either ‘active’ or ‘inactive’.
Need help?
m2m_client_not_found
400 M2m client not found
The m2m client requested could not be found.
Need help?
m2m_client_not_rotating_secret
400 M2m client not rotating secret
The client is not in a secret rotation flow. Please start a secret rotation flow before calling this endpoint.
Need help?
m2m_search_expected_array_of_strings
400 M2m search expected array of strings
Expected m2m search filter_value to contain an array of strings.
Need help?
m2m_search_filter_name_must_be_string
400 M2m search filter name must be string
Expected m2m search operand ‘filter_name’ to be a string.
Need help?
m2m_search_filter_name_not_recognized
400 M2m search filter name not recognized
The m2m search operand filter name was not recognized.
Need help?
m2m_search_missing_filter_name
400 M2m search missing filter name
Expected m2m search operand to contain a ‘filter_name’ key.
Need help?
m2m_search_missing_filter_value
400 M2m search missing filter value
Expected m2m search operand to contain a filter_value key.
Need help?
member_cannot_update_their_email_address
400 Member cannot update their email address
The member performing the action cannot update their own email address.
Need help?
member_dashboard_search_disabled
400 Member dashboard search disabled
Member search is temporarily disabled in the dashboard. Please use the API for any member search queries: see https://stytch.com/docs/b2b/api/search-members.
Need help?
member_has_no_active_verified_email
400 Member has no active verified email
The member does not have an active verified email address. Please ensure that the member’s email is verified before proceeding.
Need help?
member_impersonation_not_allowed
400 Member impersonation not allowed
Member cannot be impersonated
Need help?
member_password_not_found
400 Member password not found
Member password not found
Need help?
member_reset_password
400 Member reset password
member must reset their password
Need help?
member_search_cannot_mix_internal_and_external_member_ids
400 Member search cannot mix internal and external member ids
Cannot mix internal and external member ids for this filter
Need help?
member_search_expected_array_of_strings
400 Member search expected array of strings
Expected member search filter_value to contain an array of strings. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_expected_boolean
400 Member search expected boolean
Expected member search filter_value to contain a boolean. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_expected_string
400 Member search expected string
Expected member search filter_value to contain a string. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_filter_name_must_be_string
400 Member search filter name must be string
Expected member search operand filter_name to be a string. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_filter_name_not_recognized
400 Member search filter name not recognized
The member search operand filter_name was not recognized. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_member_email_fuzzy_too_short
400 Member search member email fuzzy too short
Expected member_email_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_member_mfa_phone_number_fuzzy_too_short
400 Member search member mfa phone number fuzzy too short
Expected member_mfa_phone_number_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_filter_name
400 Member search missing filter name
Expected member search operand to contain a filter_name key. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_filter_value
400 Member search missing filter value
Expected member search operand to contain a filter_value key. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_is_breakglass
400 Member search missing is breakglass
Expected member_is_breakglass to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_email_fuzzy
400 Member search missing member email fuzzy
Expected member_email_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_emails
400 Member search missing member emails
Expected member_emails to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_ids
400 Member search missing member ids
Expected member_ids to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_member_roles
400 Member search missing member roles
Expected member_roles to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_mfa_member_phone_number_fuzzy
400 Member search missing mfa member phone number fuzzy
Expected member_mfa_phone_number_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_mfa_member_phone_numbers
400 Member search missing mfa member phone numbers
Expected member_mfa_phone_numbers to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_oauth_providers
400 Member search missing oauth providers
Expected member_oauth_providers to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_id
400 Member search missing organization id
Expected organization_id to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_slug
400 Member search missing organization slug
Expected organization_slug to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_organization_slug_fuzzy
400 Member search missing organization slug fuzzy
Expected organization_slug_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_password_exists
400 Member search missing password exists
Expected member_password_exists to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_status
400 Member search missing status
Expected status to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_statuses
400 Member search missing statuses
Expected statuses to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_missing_totp_exists
400 Member search missing totp exists
Expected member_totp_exists to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_organization_ids_empty
400 Member search organization ids empty
Expected at least one organization_id to be specified for member search. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_search_organization_slug_fuzzy_too_short
400 Member search organization slug fuzzy too short
Expected organization_slug_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-members for request schema details and examples.
Need help?
member_session_member_id_mismatch
400 Member session member id mismatch
The provided member session must match the member ID.
Need help?
metadata_invalid_format
400 Metadata invalid format
Metadata field must be a JSON object.
Need help?
metadata_too_large
400 Metadata too large
Metadata field is too large.
Need help?
metadata_too_many_keys
400 Metadata too many keys
Metadata field contains too many keys.
Need help?
migrate_from_external_email_does_not_exist
400 Migrate from external email does not exist
Please ensure that the user and email exist before migrating an external session.
Need help?
migrate_from_external_missing_userinfo
400 Migrate from external missing userinfo
The project is missing the OIDC userinfo endpoint. Please configure one in the Stytch dashboard and try again.
Need help?
migrate_from_external_unexpected_response
400 Migrate from external unexpected response
An error was encountered when querying the external provider’s userinfo endpoint.
Need help?
missing_apple_app_id
400 Missing apple app id
The Apple OAuth config is missing an App ID value.
Need help?
missing_oauth_organization_locator
400 Missing oauth organization locator
Please pass in an organization_id or slug query parameter to indicate which organization to use for login.
Need help?
missing_oauth_refresh_token
400 Missing oauth refresh token
The Identity Provider did not issue a refresh token and the initial access token is expired. Log in using the identity provider again to issue a new set of credentials. See https://stytch.com/docs/b2b/api/get-google-access-token for more information.
Need help?
missing_oidc_csrf_cookie
400 Missing oidc csrf cookie
OIDC callback was missing anti-CSRF cookie. Please try again.
Need help?
missing_oidc_refresh_token
400 Missing oidc refresh token
The Identity Provider did not issue a refresh token and the initial access token is expired. Log in using the identity provider again to issue a new set of credentials.
Need help?
missing_oidc_state_param
400 Missing oidc state param
OIDC callback was missing state form value
Need help?
missing_saml_csrf_cookie
400 Missing saml csrf cookie
SAML POST callback was missing anti-CSRF cookie. Please try again.
Need help?
missing_saml_relay_state
400 Missing saml relay state
SAML POST callback was missing RelayState form value
Need help?
missing_saml_response
400 Missing saml response
SAML POST callback was missing SAMLResponse form value
Need help?
missing_signature_saml_response
400 Missing signature saml response
The signature in the SAML response is missing.
Need help?
missing_sso_connection_locator
400 Missing sso connection locator
Please pass in an organization_id, organization_slug, or connection_id query parameter to indicate which SSO Connection to use for login.
Need help?
must_have_jwks_url_for_trusted_token_profile_with_type_jwk
400 Must have jwks url for trusted token profile with type jwk
This trusted token profile using public key type JWK must have a JWKS url
Need help?
must_have_pem_files_for_trusted_token_profile_with_type_pem
400 Must have pem files for trusted token profile with type pem
This trusted token profile using public key type PEM must have at least one PEM file
Need help?
no_active_recovery_code_backed_factor
400 No active recovery code backed factor
No active authentication factors that are backed by recovery codes were found for the member.
Need help?
no_active_scim_connection
400 No active scim connection
No active SCIM connection exists for this organization.
Need help?
no_active_webauthn_registrations
400 No active webauthn registrations
No active WebAuthn registrations for this user ID and domain. To create one, first hit the WebAuthn register/start endpoint. Complete the registration by subsequently hitting the WebAuthn register endpoint.
Need help?
no_default_discovery_redirect_url_set
400 No default discovery redirect url set
There is no default discovery redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a discovery redirect URL in the request or set a default for this project. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_invite_redirect_url_set
400 No default invite redirect url set
There is no default invite redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a invite redirect URL in the request or set a default for this project. To set invite redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_login_redirect_url_set
400 No default login redirect url set
There is no default login redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a login redirect URL in the request or set a default for this project. To set login redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_default_signup_redirect_url_set
400 No default signup redirect url set
There is no default signup redirect URLs set for this project, so we are unable to redirect the user to the application. Please include a signup redirect URL in the request or set a default for this project. To set signup redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls
Need help?
no_deleted_member_found_for_reactivation
400 No deleted member found for reactivation
The member id provided for reactivation does not belong to a deleted member.
Need help?
no_discovery_redirect_url
400 No discovery redirect url
There are no discovery redirect URLs registered. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls. For more information on why this validation is necessary please visit https://stytch.com/docs/b2b/api/url-validation.
Need help?
no_discovery_redirect_urls_set
400 No discovery redirect urls set
Unable to verify the provided discovery_redirect_url. There are no discovery redirect URLs set for this project so we are unable to verify the discovery_redirect_url provided in the request. To set discovery redirect URLs for this project please visit https://stytch.com/dashboard/redirect-urls. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_invite_redirect_url
400 No invite redirect url
There are no invite redirect URLs registered. To set invite redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_invite_redirect_urls_set
400 No invite redirect urls set
Unable to verify the provided invite_magic_link_url. There are no invite redirect URLs set for this project so we are unable to verify the invite_magic_link_url provided in the request. To set invite redirect URLs for the project please visit the Dashboard here. For more information on why this validation is necessary please read more here.
Need help?
no_login_redirect_url
400 No login redirect url
There are no login redirect URLs registered. To set login redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_login_redirect_urls_set
400 No login redirect urls set
Unable to verify the provided login_magic_link_url. There are no login redirect URLs set for this project so we are unable to verify the login_magic_link_url provided in the request. To set login redirect URLs for the project please visit the Dashboard here. For more information on why this validation is necessary please read more here.
Need help?
no_match_for_provided_magic_link_url
400 No match for provided magic link url
The magic_link_url in the request did not match any redirect URLs set for the project. Please visit the Stytch Dashboard here to update the redirect URLs for the project. For more information on why this validation is necessary please read more here.
Common Causes
- The provided
magic_link_urlwas not added to the Stytch Dashboard - The provided
magic_link_urlcontents were changed during development, and the Stytch Dashboard was not updated accordingly
Troubleshooting
- Compare provided
magic_link_urlwith values in the Dashboard - Be sure
magic_link_urlis a redirect URL in the Stytch environment you are using. The Test and Live redirect urls are configured separately with the Dashboard.
Need help?
no_match_for_provided_oauth_url
400 No match for provided oauth url
The oauth redirect url in the request did not match any redirect URLs set for this project. Please visit https://stytch.com/dashboard/redirect-urls to update the redirect URLs for this project. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_match_for_provided_sso_url
400 No match for provided sso url
The sso redirect url in the request did not match any redirect URLs set for this project. Please visit https://stytch.com/dashboard/redirect-urls to update the redirect URLs for this project. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation
Need help?
no_oauth_authorize_member_selector
400 No oauth authorize member selector
Please ensure only one of the following is passed: session_token, session_jwt, or a member_id + organization_id. Exactly one of those values is required to identify the member.
Need help?
no_password_reset_redirect_url
400 No password reset redirect url
There are no password reset redirect URLs registered. To set password reset redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_pending_webauthn_registration
400 No pending webauthn registration
Unable to find a pending registration tied to this user. Please ensure you’ve first hit the WebAuthn register/start endpoint with the supplied user_id.
Need help?
no_session_arguments
400 No session arguments
Please ensure you’re passing exactly one session field.
Need help?
no_session_revoke_arguments
400 No session revoke arguments
Please include a session_id, session_token, session_jwt, or a member_id (if the project is a B2B project). Exactly one of those values is required to revoke a session.
Need help?
no_signup_redirect_url
400 No signup redirect url
There are no sign-up redirect URLs registered. To set sign-up redirect URLs for this project please visit here. For more information on why this validation is necessary please read more here.
Need help?
no_signup_redirect_urls_set
400 No signup redirect urls set
Unable to verify the provided signup_magic_link_url. There are no sign-up redirect URLs set for this project so we are unable to verify the signup_magic_link_url provided in the request. To set signup redirect URLs for the project please visit the Dashboard here. For more information on why this validation is necessary please read more here.
Need help?
no_sso_connection_exists_for_organization
400 No sso connection exists for organization
The organization does not have any SSO connections configured.
Need help?
no_wildcards_in_live_redirect_url
400 No wildcards in live redirect url
Need help?
not_yet_valid_saml_response
400 Not yet valid saml response
The SAML response is not yet valid. Please attempt to log in again.
Need help?
oauth_access_token_exchange_missing_full_access
400 Oauth access token exchange missing full access
The token used for Access Token exchange was missing the Full Access scope. The Full Access scope is required to call this endpoint.
Need help?
oauth_access_token_exchange_token_invalid_grant
400 Oauth access token exchange token invalid grant
The token used for Access Token exchange must be generated from an ‘authorization_code’ grant.
Need help?
oauth_access_token_exchange_token_too_old
400 Oauth access token exchange token too old
The token used for Access Token exchange is more than five minutes old. A fresh Access Token is required to call this endpoint.
Need help?
oauth_app_not_authorized
400 Oauth app not authorized
You did not authorize this app to perform a signup or login. To use this app, log in again and authorize the required permissions during the login flow. Please reach out to the application developer for more support.
Need help?
oauth_auth_code_error
400 Oauth auth code error
An error was encountered when exchanging the OAuth auth code. Please try again.
Need help?
oauth_creating_redirect_url_error
400 Oauth creating redirect url error
An error was encountered creating a redirect url. Please check your redirect urls and try again.
Need help?
oauth_discovery_flow_callback_error
400 Oauth discovery flow callback error
An error was encountered in the callback of the Discovery OAuth flow. Please try again.
Need help?
oauth_invalid_callback_request
400 Oauth invalid callback request
The OAuth callback request is invalid. Please reach out to the application developer for support.
Need help?
oauth_invalid_scope_requested
400 Oauth invalid scope requested
An invalid scope has been requested. Please check the set of scopes and try again.
Need help?
oauth_invalid_state
400 Oauth invalid state
The OAuth state is invalid. Please reach out to the application developer for support.
Need help?
oauth_non_discovery_flow_callback_error
400 Oauth non discovery flow callback error
An error was encountered in the callback of the OAuth flow. Please try again.
Need help?
oauth_state_mismatch
400 Oauth state mismatch
The state in the cookie doesn’t match with the state in the query parameter. Please retry your login flow. If you continue receiving this error, reach out to the application developer for support.
Need help?
oauth_state_used
400 Oauth state used
The OAuth state value has already been used.
Common Causes
- The user completed the same OAuth flow twice. For example, they completed the OAuth flow, then navigated back in the browser and completed it again.
Troubleshooting
- If the user already has an active Stytch Session, this error can likely be ignored.
- If the user does not have an active Stytch Session, prompt them to try completing the OAuth flow again from the beginning.
Need help?
oauth_tenant_jit_provisioning_not_allowed
400 Oauth tenant jit provisioning not allowed
OAuth Tenant JIT provisioning is not allowed for this organization.
Need help?
oauth_token_exchange_google_missing_information
400 Oauth token exchange google missing information
Provider did not respond with required information during OAuth token exchange, please try again. If the problem persists, please reach out to support.
Need help?
oauth_token_exchange_invalid_client
400 Oauth token exchange invalid client
Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). Please check the client ID and secret of your OAuth configuration.
Need help?
oauth_token_exchange_invalid_request
400 Oauth token exchange invalid request
The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed. Please reach out to support.
Need help?
oauth_token_exchange_invalid_scope
400 Oauth token exchange invalid scope
The scopes requested were invalid. Please check the scopes you are requesting and try again.
Need help?
oauth_token_exchange_microsoft_expired_secret
400 Oauth token exchange microsoft expired secret
Expired client secret provided. Ensure the secret in your OAuth configuration is up to date. You may need to add a new secret in your Microsoft Azure portal.
Need help?
oauth_token_exchange_microsoft_invalid_secret
400 Oauth token exchange microsoft invalid secret
Invalid client secret provided. Ensure the secret in your OAuth configuration is the client secret value, not the client secret ID.
Need help?
oauth_token_exchange_unauthorized_client
400 Oauth token exchange unauthorized client
The authenticated client is not authorized to use this authorization grant type. Please check your settings and try again. If the problem persists, please reach out to support.
Need help?
oidc_auth_code_error
400 Oidc auth code error
An error was encountered when exchanging the OIDC auth code. Please reach out to the application developer for support.
Need help?
oidc_connection_authorization_url_invalid_format
400 Oidc connection authorization url invalid format
The authorization_url provided in the request body is invalid. Please check to make sure the format is correct.
Need help?
oidc_connection_authorization_url_required
400 Oidc connection authorization url required
OIDC connections need an authorization_url before going into active status
Need help?
oidc_connection_client_id_required
400 Oidc connection client id required
OIDC connections need a client_id before going into active status
Need help?
oidc_connection_client_secret_required
400 Oidc connection client secret required
OIDC connections need a client_secret before going into active status
Need help?
oidc_connection_issuer_required
400 Oidc connection issuer required
OIDC connections need an issuer before going into active status
Need help?
oidc_connection_issuer_url_invalid_format
400 Oidc connection issuer url invalid format
The issuer provided in the request body is not a valid url. Please check to make sure the format is correct.
Need help?
oidc_connection_jwks_url_invalid_format
400 Oidc connection jwks url invalid format
The jwks_url provided in the request body is invalid. Please check to make sure the format is correct.
Need help?
oidc_connection_jwks_url_required
400 Oidc connection jwks url required
OIDC connections need a jwks_url before going into active status
Need help?
oidc_connection_token_url_invalid_format
400 Oidc connection token url invalid format
The token_url provided in the request body is invalid. Please check to make sure the format is correct.
Need help?
oidc_connection_token_url_required
400 Oidc connection token url required
OIDC connections need a token_url before going into active status
Need help?
oidc_connection_userinfo_url_invalid_format
400 Oidc connection userinfo url invalid format
The userinfo_url provided in the request body is invalid. Please check to make sure the format is correct.
Need help?
oidc_csrf_cookie_mismatch
400 Oidc csrf cookie mismatch
OIDC callback failed anti-CSRF cookie detection. Please try again.
Need help?
oidc_invalid_callback_request
400 Oidc invalid callback request
The OIDC callback request is invalid. Please reach out to the application developer for support.
Need help?
oidc_invalid_userinfo
400 Oidc invalid userinfo
An error was encountered when querying the OIDC userinfo. Please reach out to the application developer for support.
Need help?
oidc_prompt_none_must_be_exclusive
400 Oidc prompt none must be exclusive
If ‘none’ is used as a value for the ‘prompt’ parameter, then it must be the only value.
Need help?
oidc_response_email_missing
400 Oidc response email missing
The information provided in the ID token and userinfo did not include a email.
Need help?
oidc_response_name_missing
400 Oidc response name missing
The information provided in the ID token and userinfo did not include a name.
Need help?
oidc_response_subject_mismatch
400 Oidc response subject mismatch
The subject claims provided in the ID token and userinfo did not match.
Need help?
oidc_response_subject_missing
400 Oidc response subject missing
The information provided in the ID token and userinfo did not include a subject.
Need help?
oidc_user_not_assigned_to_app_in_idp
400 Oidc user not assigned to app in idp
The user is not assigned to the app in the IDP.
Need help?
operation_restricted_by_organization_auth_methods
400 Operation restricted by organization auth methods
The requested operation is not allowed by your organization’s allowed auth methods.
Need help?
operation_restricted_by_organization_mfa_methods
400 Operation restricted by organization mfa methods
The requested operation is not allowed by your organization’s allowed mfa methods.
Need help?
organization_external_id_already_used
400 Organization external id already used
The provided organization_external_id is already used in another organization.
Need help?
organization_logo_url_too_long
400 Organization logo url too long
organization_logo_url length exceeds our maximum of 512 characters.
Need help?
organization_name_includes_banned_words
400 Organization name includes banned words
organization_name includes a banned word.
Need help?
organization_name_missing
400 Organization name missing
organization_name is a required argument to create an organization.
Need help?
organization_search_allowed_domain_fuzzy_too_short
400 Organization search allowed domain fuzzy too short
Expected allowed_domain_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_expected_array_of_strings
400 Organization search expected array of strings
Expected organization search filter_value to contain an array of strings. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_expected_boolean
400 Organization search expected boolean
Expected organization search filter_value to contain a boolean. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_expected_string
400 Organization search expected string
Expected organization search filter_value to contain a string. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_filter_name_must_be_string
400 Organization search filter name must be string
Expected organization search operand filter_name to be a string. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_filter_name_not_recognized
400 Organization search filter name not recognized
The organization search operand filter_name was not recognized. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_member_email_fuzzy_too_short
400 Organization search member email fuzzy too short
Expected member_email_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_allowed_domain_fuzzy
400 Organization search missing allowed domain fuzzy
Expected allowed_domain_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_allowed_domains
400 Organization search missing allowed domains
Expected allowed_domains to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_claimed_email_domains
400 Organization search missing claimed email domains
Expected claimed_email_domains to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_filter_name
400 Organization search missing filter name
Expected organization search operand to contain a filter_name key. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_filter_value
400 Organization search missing filter value
Expected organization search operand to contain a filter_value key. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_has_active_sso_connection
400 Organization search missing has active sso connection
Expected has_active_sso_connection to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_member_email_fuzzy
400 Organization search missing member email fuzzy
Expected member_email_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_member_emails
400 Organization search missing member emails
Expected member_emails to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_organization_ids
400 Organization search missing organization ids
Expected organization_ids to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_organization_name_fuzzy
400 Organization search missing organization name fuzzy
Expected organization_name_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_organization_slug_fuzzy
400 Organization search missing organization slug fuzzy
Expected organization_slug_fuzzy to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_organization_slugs
400 Organization search missing organization slugs
Expected organization_slugs to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_missing_sso_connection_id
400 Organization search missing sso connection id
Expected sso_connection_id to be passed in the search request but it was not. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_organization_name_fuzzy_too_short
400 Organization search organization name fuzzy too short
Expected organization_name_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_search_organization_slug_fuzzy_too_short
400 Organization search organization slug fuzzy too short
Expected organization_slug_fuzzy to have a length of at least 3 but it was too short. Please see https://stytch.com/docs/b2b/api/search-organizations for request schema details and examples.
Need help?
organization_settings_claimed_domain_too_common
400 Organization settings claimed domain too common
Common domains such as gmail.com are not allowed as claimed domains.
Need help?
organization_settings_disposable_domain
400 Organization settings disposable domain
Disposable domains are not allowed as allowed domains.
Need help?
organization_settings_domain_too_common
400 Organization settings domain too common
Common domains such as gmail.com are not allowed as allowed domains.
Need help?
organization_settings_duplicate_claimed_domain
400 Organization settings duplicate claimed domain
Please ensure that there are no duplicate domains in the claimed_email_domains list.
Need help?
organization_settings_duplicate_domain
400 Organization settings duplicate domain
Please ensure that there are no duplicate domains in the allowed_domains list.
Need help?
organization_settings_invalid_claimed_domain
400 Organization settings invalid claimed domain
Please ensure that all values in claimed_email_domains are valid domains.
Need help?
organization_settings_invalid_domain
400 Organization settings invalid domain
Please ensure that all values in allowed_domains are valid domains.
Need help?
organization_slug_already_used
400 Organization slug already used
The provided organization_slug is already used in another organization.
Need help?
password_already_exists
400 Password already exists
User already has a password associated with it. Please use the password reset endpoint to update the password if needed.
Need help?
password_does_not_match
400 Password does not match
email already has a password associated with it which does not match the one provided here.
Need help?
password_validation_timeout
400 Password validation timeout
Password validation timed out. Possible causes include an excessively long password or a high volume of requests.
Need help?
passwords_incompatible_with_sdk_config
400 Passwords incompatible with sdk config
The passwords product is incompatible with opaque errors in the project SDK configuration. Please change the configuration in the dashboard to continue: https://stytch.com/dashboard/sdk-configuration.
Need help?
pbkdf_2_key_length_mismatch
400 Pbkdf 2 key length mismatch
The provided PBKDF-2 key_length does not match the length of the decoded hash.
Need help?
pending_totp_exists
400 Pending totp exists
Cannot create a new TOTP for the specified user since the user has a pending TOTP that has not yet expired. Please try creating a new TOTP for the user once the pending one has expired or delete the pending TOTP before attempting to create a new one.
Need help?
pkce_did_not_expect_code_verifier
400 Pkce did not expect code verifier
This flow was started without a code_challenge but the authentication call includes a code_verifier.
Need help?
pkce_expected_code_verifier
400 Pkce expected code verifier
This flow was started using a code_challenge but the authentication call is missing the corresponding code_verifier.
Need help?
pkce_mismatch
400 Pkce mismatch
The submitted code_verifier does not match the code_challenge sent at the start of the flow.
Need help?
pkce_required_for_idp_authorization_flow
400 Pkce required for idp authorization flow
Stytch requires native or mobile applications, as well as public clients, to use PKCE for all flows involving redirects. Please supply a code_challenge with the request.
Need help?
pkce_required_for_native_callback
400 Pkce required for native callback
One of the callback URLs supplied is for a native or mobile application. Stytch requires native or mobile applications to use PKCE for all flows involving redirects. Please supply a code_challenge with the request.
Need help?
private_key_too_long
400 Private key too long
Private key is too long. Please make sure you have the correct value.
Need help?
project_has_no_public_tokens
400 Project has no public tokens
Project has no public_tokens. Please create one in the Dashboard at https://stytch.com/dashboard/api-keys.
Need help?
public_connected_apps_do_not_have_secrets
400 Public connected apps do not have secrets
Public Connected Apps do not have secrets.
Need help?
public_key_missing
400 Public key missing
Public key missing from request
Need help?
public_token_required
400 Public token required
public_token is required.
Need help?
query_params_do_not_match
400 Query params do not match
The magic_link_url in the request provided query parameters that did not match any redirect URLs set on the Stytch Dashboard for the project. Please visit the Stytch Dashboard here to make any necessary updates. For more information on why this validation is necessary please read more here.
Need help?
rbac_action_duplicate
400 Rbac action duplicate
There is a duplicate action in your RBAC policy. Please remove it. Actions are case insensitive.
Need help?
rbac_action_too_long
400 Rbac action too long
The action name provided was too long. Actions must be less than 100 characters.
Need help?
rbac_cannot_delete_attribute_used_in_org_policy
400 Rbac cannot delete attribute used in org policy
The resource or action being deleted is being used in a custom role permission in an Organization’s RBAC policy. Remove the attribute from the relevant Organization RBAC policies before removing it from the Project RBAC policy.
Need help?
rbac_description_too_long
400 Rbac description too long
The description provided was too long. Descriptions must be less than 500 characters.
Need help?
rbac_domain_too_common
400 Rbac domain too common
Common domains such as gmail.com are not allowed in rbac_email_implicit_role_assignments.
Need help?
rbac_invalid_domain
400 Rbac invalid domain
Please ensure that all domains in rbac_email_implicit_role_assignments are valid domains.
Need help?
rbac_org_custom_roles_only
400 Rbac org custom roles only
Organization RBAC policies are only allowed to set custom roles. Resources, actions, and scopes must be created on the Project’s RBAC policy.
Need help?
rbac_permission_missing_actions
400 Rbac permission missing actions
All permissions must have at least one action.
Need help?
rbac_reserved_scope
400 Rbac reserved scope
There is a reserved scope in your RBAC policy. Please remove it. Reserved scopes include ‘openid’, ‘profile’, ‘email’, ‘phone’, ‘offline_access’, ‘full_access’.
Need help?
rbac_resource_duplicate
400 Rbac resource duplicate
There is a duplicate resource ID in your RBAC policy. Please remove it. Resource IDs are case insensitive.
Need help?
rbac_resource_id_too_long
400 Rbac resource id too long
The resource_id provided was too long. Resource IDs must be less than 100 characters.
Need help?
rbac_resource_missing_actions
400 Rbac resource missing actions
All resources must have at least one action.
Need help?
rbac_role_duplicate
400 Rbac role duplicate
There is a duplicate role ID in your RBAC policy. Please remove it. Role IDs are case insensitive.
Need help?
rbac_role_id_too_long
400 Rbac role id too long
The role_id provided was too long. Role IDs must be less than 100 characters.
Need help?
rbac_role_missing_permissions
400 Rbac role missing permissions
All roles must have at least one permission.
Need help?
rbac_scope_duplicate
400 Rbac scope duplicate
There is a duplicate scope in your RBAC policy. Please remove it. Scopes are case insensitive.
Need help?
rbac_scope_missing_permissions
400 Rbac scope missing permissions
All scopes must have at least one permission.
Need help?
rbac_scope_too_long
400 Rbac scope too long
The scope provided was too long. Scopes must be less than 100 characters.
Need help?
reactivation_email_belongs_to_another_member
400 Reactivation email belongs to another member
The email that belongs to the intended member for reactivation is in use by another member within the organization.
Need help?
recovery_code_used_as_totp_code
400 Recovery code used as totp code
The totp_code submitted was invalid. Based on the format of the submitted value it looks like a recovery_code was entered instead. To authenticate a recovery code please use the /v1/totps/recover endpoint. You can read more here: https://stytch.com/docs/api/totp-recover.
Need help?
redirect_url_cannot_use_protocol
400 Redirect url cannot use protocol
Redirect URLs are not allowed to use this protocol. Please use a different protocol for your native application. If you believe this to be in error, please contact support@stytch.com for assistance.
Need help?
redirect_url_must_use_https
400 Redirect url must use https
Redirect URLs for web applications must use HTTPS unless redirecting to localhost. Please change the protocol to HTTPS.
Need help?
redirect_url_with_query_param_placeholder_cannot_be_default
400 Redirect url with query param placeholder cannot be default
Redirect URLs with query param placeholders () cannot be set as a default redirect URL.
Need help?
redirect_url_with_wildcard_cannot_be_default
400 Redirect url with wildcard cannot be default
Need help?
required_custom_email_domain
400 Required custom email domain
a custom email domain is required for custom html emails.
Need help?
requires_active_sso_connection
400 Requires active sso connection
The provided SSO connection is missing required fields, please see either https://stytch.com/docs/b2b/api/update-saml-connection or https://stytch.com/docs/b2b/api/update-oidc-connection and update the connection with all required fields to promote the connection to active.
Need help?
reserved_claims_in_custom_claims
400 Reserved claims in custom claims
Cannot use a reserved claim as one of your custom claims.
Need help?
reset_password
400 Reset password
User must reset their password through the password reset endpoint. This occurs if a user’s credentials appeared in the HaveIBeenPwned dataset or the user used email based authentication (e.g. Magic Links, Google OAuth) without previously verified their email address. The password reset ensures that the user is the legitimate owner of the mail address. This stops malicious actors from abusing the compromised credentials or attempting to pre-hijack account by setting a password for an email.
Need help?
retired_email_missing_email_identifiers
400 Retired email missing email identifiers
You must provide one of email_id or email_address in the request.
Need help?
retired_member_email
400 Retired member email
This email has been deactivated in response to a change from an upstream identity provider or due to updating a member’s email address. Please contact your IT Admin for assistance.
Need help?
saml_certificate_mismatch
400 Saml certificate mismatch
The signature in the SAML response is incorrect. The certificate contained in the response did not match the certificate registered for this connection.
Need help?
saml_connection_attribute_mapping_missing_groups_key
400 Saml connection attribute mapping missing groups key
You may not add group implicit role assignments to your SAML connection until there is a ‘groups’ key in the connection’s attribute mapping.
Need help?
saml_connection_attribute_mapping_required
400 Saml connection attribute mapping required
SAML connections need an attribute mapping before going into active status
Need help?
saml_connection_email_mapping_required
400 Saml connection email mapping required
SAML Connection attribute mapping is missing the ‘email’ field
Need help?
saml_connection_idp_sso_url_invalid_format
400 Saml connection idp sso url invalid format
The idp_sso_url provided in the request body is invalid. Please check to make sure the format is correct.
Need help?
saml_connection_idp_sso_url_not_https
400 Saml connection idp sso url not https
The idp_sso_url provided in the request body does not use HTTPS.
Need help?
saml_connection_idp_sso_url_required
400 Saml connection idp sso url required
SAML connections need an idp_sso_url before going into active status
Need help?
saml_connection_metadata_invalid_format
400 Saml connection metadata invalid format
Could not successfully parse the metadata URL supplied
Need help?
saml_connection_name_mapping_required
400 Saml connection name mapping required
SAML Connection attribute mapping is missing either the ‘full_name’ or both the ‘first_name’ and ‘last_name’ fields
Need help?
saml_connection_no_nested_keys_in_attribute_mapping
400 Saml connection no nested keys in attribute mapping
SAML Connection attribute mapping cannot have nested mappings
Need help?
saml_csrf_cookie_mismatch
400 Saml csrf cookie mismatch
SAML POST callback failed anti-CSRF cookie detection. Please try again.
Need help?
saml_group_role_assignment_does_not_contain_member_group
400 Saml group role assignment does not contain member group
SAML group role assignment requires a member group.
Need help?
saml_idp_initiated_auth_disabled
400 Saml idp initiated auth disabled
IDP initiated auth attempted when IDP initiated auth is not enabled for this connection.
Need help?
saml_signing_private_key_format_not_supported
400 Saml signing private key format not supported
signing_private_key format not supported, we only support PKCS#1 private keys.
Need help?
saml_signing_private_key_invalid
400 Saml signing private key invalid
signing_private_key format invalid, please ensure you’re passing in a valid PKCS#1 private key.
Need help?
scim_connection_not_rotating_token
400 Scim connection not rotating token
Bearer token rotation has not been started for this connection. Please start a token rotation flow before calling this endpoint.
Need help?
scim_group_role_assignment_does_not_contain_group_id
400 Scim group role assignment does not contain group id
SCIM group role assignment requires a group id.
Need help?
scim_group_role_assignment_group_does_not_exist
400 Scim group role assignment group does not exist
SCIM group role assignment contains group ID that does not exist in the organization.
Need help?
scrypt_key_length_mismatch
400 Scrypt key length mismatch
The key_length value doesn’t match the length of the provided hash.
Need help?
search_invalid_status_filter
400 Search invalid status filter
status should be set to ‘active’, ‘pending’, ‘invited’, or ‘deleted’.
Need help?
search_timeout
400 Search timeout
Search timed out. Please try using a more specific search query
Need help?
secondary_factor_not_found
400 Secondary factor not found
If you wish to attach a new MFA factor to a member who already has an active MFA factor, you must pass in a session token or session JWT with a valid secondary factor.
Need help?
session_must_have_at_least_one_active_factor
400 Session must have at least one active factor
The provided session has no active factors and has been revoked.
Need help?
session_not_mutable
400 Session not mutable
Attempting to extend or add a factor to an immutable session. The session is considered immutable due to it containing an immutable auth factor.
Need help?
signature_is_incorrect_size
400 Signature is incorrect size
The signature is the incorrect size in bytes.
Need help?
signature_missing
400 Signature missing
Signature missing from request
Need help?
sso_connection_custom_domain_mismatch
400 Sso connection custom domain mismatch
Unable to resolve disparities between the HTTP request’s Host, the SSO Connection’s custom domain (if set), and any active CNAME records for the project. Please ensure a valid domain is being used to initiate the SSO flow.
Need help?
sso_connection_organization_mismatch
400 Sso connection organization mismatch
The SAML Connection requested exists, but belongs to a different organization.
Need help?
sso_discovery_incompatible_with_sdk_config
400 Sso discovery incompatible with sdk config
The SSO discovery product is incompatible with opaque errors in the project SDK configuration. Please change the configuration in the dashboard to continue: https://stytch.com/dashboard/sdk-configuration.
Need help?
sso_multiple_connections_found
400 Sso multiple connections found
Multiple matching connections found for the given issuer. For the SSO gateway callback, issuers must uniquely map to a single connection.
Need help?
sso_verification_key_not_found
400 Sso verification key not found
The verification certificate could not be found. Please pass in a valid, active verification certificate.
Need help?
stytch_claims_in_custom_claims
400 Stytch claims in custom claims
Cannot use https://stytch.com/session as a custom claim.
Need help?
test_id_used_in_live_environment
400 Test id used in live environment
Invalid argument sent to Live environment. Looks like you supplied a Test identifier inside a request for the Live environment (api.stytch.com). Try sending the request to test.stytch.com instead or using a different identifier.
Need help?
third_party_clients_cannot_use_full_access
400 Third party clients cannot use full access
The Full Access scope can only be granted to First Party clients.
Need help?
third_party_clients_require_consent_for_offline_access
400 Third party clients require consent for offline access
Offline Access consent can only be bypassed by First Party clients.
Need help?
token_missing_organization_id_claim
400 Token missing organization id claim
Token does not contain organization_id claim
Need help?
too_many_connected_apps
400 Too many connected apps
Too many clients have been created for this project
Need help?
too_many_domains
400 Too many domains
Maximum number of domains exceeded. Can only have a maximum of 100.
Need help?
too_many_email_templates
400 Too many email templates
You have reached the maximum number of email templates for this project. Please delete an email template before creating a new one.
Need help?
too_many_encryption_certificates
400 Too many encryption certificates
The provided connection_id has reached the maximum allowed encryption certificates. The maximum is 5. Please delete a certificate before adding a new one.
Need help?
too_many_m2m_client_scopes
400 Too many m2m client scopes
Too many scopes were attached to the client. A maximum of 1000 scopes is allowed.
Need help?
too_many_oauth_organization_locators
400 Too many oauth organization locators
Please pass in at most one of organization_id or slug query parameter to indicate which organization to use for login.
Need help?
too_many_pem_files_for_trusted_token_profile
400 Too many pem files for trusted token profile
This trusted token profile has too many PEM files. Please remove one to add more.
Need help?
too_many_projects
400 Too many projects
You have reached the maximum number of projects for your workspace. Please delete a project before creating a new one.
Need help?
too_many_public_tokens
400 Too many public tokens
You have reached the maximum number of public tokens for this project. Please delete a public token before creating a new one.
Need help?
too_many_redirect_urls
400 Too many redirect urls
You have reached the maximum number of redirect URLs for this project. Please delete a redirect URL before creating a new one.
Need help?
too_many_roles
400 Too many roles
RBAC policies contain too many roles.
Need help?
too_many_secrets
400 Too many secrets
You have reached the maximum number of secrets for this project. Please delete a secret before creating a new one.
Need help?
too_many_session_arguments
400 Too many session arguments
Please include at most one of session_token, session_jwt, or intermediate_session_token in an authenticate request, not multiple.
Need help?
too_many_session_revoke_arguments
400 Too many session revoke arguments
Please ensure only one of the following is passed: session_id, session_token, session_jwt, or a member_id (if the project is a B2B project). Exactly one of those values is required to revoke a session.
Need help?
too_many_sso_connection_locators
400 Too many sso connection locators
Please pass in at most one of organization_id, organization_slug, or connection_id query parameter to indicate which SSO Connection to use for login.
Need help?
too_many_sso_connections
400 Too many sso connections
The provided organization_id has reached the maximum allowed SSO connections. The maximum is 5 SSO connections per protocol.
Need help?
too_many_sso_verification_certificates
400 Too many sso verification certificates
The provided connection_id has reached the maximum allowed verification certificates. The maximum is 5. Please delete a certificate before updating a new one.
Need help?
too_many_trusted_token_profiles_for_project
400 Too many trusted token profiles for project
This project has too many trusted token profiles. Please remove one to add more.
Need help?
totp_code_used_as_recovery_code
400 Totp code used as recovery code
The recovery_code submitted was invalid. Based on the format of the submitted value it looks like a totp_code was entered instead. To authenticate a totp code please use the /v1/totps/authenticate endpoint. You can read more here: https://stytch.com/docs/api/totp-authenticate.
Need help?
trusted_token_profile_cannot_have_multiple_external_ids
400 Trusted token profile cannot have multiple external ids
Trusted token profile attribute mapping cannot multiple external ID attribute mappings.
Need help?
trusted_token_profile_incorrect_external_id_mapping
400 Trusted token profile incorrect external id mapping
Trusted token profile has the wrong external ID attribute mapping for this project vertical.
Need help?
trusted_token_profile_invalid_request
400 Trusted token profile invalid request
Trusted token profile is missing a required field.
Need help?
unable_to_authorize_oauth_provider
400 Unable to authorize oauth provider
Unable to authorize request to this OAuth provider. Please check the client ID and secret of your OAuth configuration.
Need help?
unable_to_delete_email_suppression
400 Unable to delete email suppression
The messaging server returned a non-positive response while trying to delete this suppression.
Need help?
unable_to_delete_last_public_token
400 Unable to delete last public token
Cannot delete the last public_token for a project. Please create another public_token before deleting this one.
Need help?
unable_to_parse_session_jwt
400 Unable to parse session jwt
Unable to parse session JWT
Need help?
unable_to_refresh_oauth_token
400 Unable to refresh oauth token
Unable to refresh OAuth token. The token may have expired, or the user may have revoked access to the application. Please authorize the application again.
Need help?
unable_to_refresh_oidc_token
400 Unable to refresh oidc token
Unable to refresh OIDC token. The token may have expired, or the user may have revoked access to the application. Please authorize the application again.
Need help?
unable_to_register_webauthn_registration
400 Unable to register webauthn registration
The WebAuthn registration could not be registered.
Need help?
unable_to_represent_custom_claims_json
400 Unable to represent custom claims json
Unable to represent custom claims as a JSON map.
Need help?
unauthorized_client
400 Unauthorized client
Please check that the client_id and client_secret are correct, and that the client exists and is active.
Need help?
unsolicited_oidc_response
400 Unsolicited oidc response
We do not recognize the state in the OIDC response.
Need help?
unsolicited_saml_response
400 Unsolicited saml response
We do not recognize the InResponseTo ID in the SAML response.
Need help?
unsubscribed_phone_number
400 Unsubscribed phone number
User has unsubscribed. User must resubscribe by texting ‘START’ before messages can be sent.
Need help?
unsupported_grant_type
400 Unsupported grant type
Unsupported grant type. Note that the grant_type parameter must be equal to client_credentials in order for the request to succeed.
Need help?
weak_password
400 Weak password
Password doesn’t meet the API’s strength requirements. A password’s strength could be tested with the password strength check endpoint.
Common Causes
Troubleshooting
- Use the password strength check endpoint endpoint to get actionable feedback on improving the strength of the password string. This feedback can be passed on to the end user via your UI.
Need help?
wrong_stack_live
400 Wrong stack live
Wrong endpoint, try hitting test.stytch.com instead.
Need help?
wrong_stack_test
400 Wrong stack test
Wrong endpoint, try hitting api.stytch.com instead.
Need help?
xml_validation_saml_unknown_error
400 Xml validation saml unknown error
Unable to validate SAML Response.