Unable to authenticate because attributes on request don't match stored attributes.
401 errors
attribute_mismatch
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "attribute_mismatch",
"error_message": "Unable to authenticate because attributes on request don't match stored attributes.",
"error_url": "https://stytch.com/docs/api/errors/401#attribute_mismatch"
}
cannot_update_trusted_metadata
Stytch SDKs cannot update trusted metadata with user-provided values. Trusted metadata can only be updated by direct API integrations. SDKs are only allowed to update untrusted_metadata. Visit our docs to learn more.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "cannot_update_trusted_metadata",
"error_message": "Stytch SDKs cannot update trusted metadata with user-provided values. Trusted metadata can only be updated by direct API integrations. SDKs are only allowed to update untrusted_metadata. Visit our docs to learn more.",
"error_url": "https://stytch.com/docs/api/errors/401#cannot_update_trusted_metadata"
}
endpoint_not_authorized_for_sdk
The project owner hasn’t authorized the Stytch SDK to call endpoints for this product.
Common causes
You haven’t yet configured your Stytch project to allow SDK access to this product.
Troubleshooting steps
Enable the product via the SDK configuration tab in the Stytch Dashboard.
If you’re using our WebAuthn product, you’ll also need to enable “Manage user data” via the SDK configuration tab.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "endpoint_not_authorized_for_sdk",
"error_message": "The project owner has not authorized the SDK to call this endpoint. Please enable it in the dashboard to continue: https://stytch.com/dashboard/sdk-configuration.",
"error_url": "https://stytch.com/docs/api/errors/401#endpoint_not_authorized_for_sdk"
}
enterprise_endpoint
Thanks for trying Stytch! We're glad you're excited to try our new products, but this one requires approval before using. Please reach out to support@stytch.com if you're interested.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "enterprise_endpoint",
"error_message": "Thanks for trying Stytch! We're glad you're excited to try our new products, but this one requires approval before using. Please reach out to support@stytch.com if you're interested.",
"error_url": "https://stytch.com/docs/api/errors/401#enterprise_endpoint"
}
insufficient_factors
User must be logged in with multiple categories of factors to call this endpoint.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "insufficient_factors",
"error_message": "User must be logged in with multiple categories of factors to call this endpoint.",
"error_url": "https://stytch.com/docs/api/errors/401#insufficient_factors"
}
oauth_unverified_email
The user has not verified their email with the OAuth provider. Please encourage them to verify their email address and try again.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "oauth_unverified_email",
"error_message": "The user has not verified their email with the OAuth provider. Please encourage them to verify their email address and try again.",
"error_url": "https://stytch.com/docs/api/errors/401#oauth_unverified_email"
}
oidc_response_unverified_email
The user has not verified their email with the external provider. Please encourage them to verify their email address and try again.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "oidc_response_unverified_email",
"error_message": "The user has not verified their email with the external provider. Please encourage them to verify their email address and try again.",
"error_url": "https://stytch.com/docs/api/errors/401#oidc_response_unverified_email"
}
session_too_old_to_reset_password
The provided session cannot be used to reset a password. It does not have an authentication_factor that was authenticated within the last 5 minutes. Please prompt the user to authenticate again before retrying the endpoint.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "session_too_old_to_reset_password",
"error_message": "The provided session cannot be used to reset a password. It does not have an authentication_factor that was authenticated within the last 5 minutes. Please prompt the user to authenticate again before retrying the endpoint.",
"error_url": "https://stytch.com/docs/api/errors/401#session_too_old_to_reset_password"
}
stale_factors
In order to call this endpoint, the user should have authenticated within the last hour. Please reauthenticate and try again.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "stale_factors",
"error_message": "In order to call this endpoint, the user should have authenticated within the last hour. Please reauthenticate and try again.",
"error_url": "https://stytch.com/docs/api/errors/401#stale_factors"
}
twitter_401
Twitter responded with a 401 Unauthorized error.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "twitter_401",
"error_message": "Twitter responded with a 401 Unauthorized error.",
"error_url": "https://stytch.com/docs/api/errors/401#twitter_401"
}
unable_to_auth_biometric_registration
Biometric registration could not be authenticated.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_auth_biometric_registration",
"error_message": "Biometric registration could not be authenticated.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_auth_biometric_registration"
}
unable_to_auth_magic_link
The magic link could not be authenticated because it was either used or expired.
Common causes
A user clicks a magic link they already used before
A user waits too long to click a magic link that has expired
Troubleshooting steps
Send a new magic link to the user
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_auth_magic_link",
"error_message": "The magic link could not be authenticated because it was either already used or expired. Send another magic link to this user.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_auth_magic_link"
}
unable_to_auth_otp_code
The passcode could not be authenticated because it was either already used or expired. Send another passcode to this user.
Common causes
The user may have inadvertently entered the same OTP code twice; either re-using a code they already authenticated or an expired code.
If you wrapped the OTPAuthenticate call in a useEffect and you are using React 18 in StrictMode, you may be double calling the method. See here for more details.
Troubleshooting steps
Review your code, and network requests (if using a frontend SDK) to determine if multiple requests are being made.
Send a new code to the user.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_auth_otp_code",
"error_message": "The passcode could not be authenticated because it was either already used or expired. Send another passcode to this user.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_auth_otp_code"
}
unable_to_auth_password_reset_token
The password reset token could not be authenticated, try sending another password reset email to the user.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_auth_password_reset_token",
"error_message": "The password reset token could not be authenticated, try sending another password reset email to the user.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_auth_password_reset_token"
}
unable_to_auth_webauthn_registration
WebAuthn registration could not be authenticated.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_auth_webauthn_registration",
"error_message": "WebAuthn registration could not be authenticated.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_auth_webauthn_registration"
}
unable_to_authenticate_recovery_code
Unable to authenticate recovery code.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_authenticate_recovery_code",
"error_message": "Unable to authenticate recovery code.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_authenticate_recovery_code"
}
unable_to_authenticate_totp
Unable to authenticate TOTP.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unable_to_authenticate_totp",
"error_message": "Unable to authenticate TOTP.",
"error_url": "https://stytch.com/docs/api/errors/401#unable_to_authenticate_totp"
}
unauthorized_action
Unauthorized action.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_action",
"error_message": "Unauthorized action.",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_action"
}
unauthorized_billing_permissions
This action or feature is not supported by your billing tier. Please visit https://stytch.com/dashboard/settings/pricing-plans for more information.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_billing_permissions",
"error_message": "This action or feature is not supported by your billing tier. Please visit https://stytch.com/dashboard/settings/pricing-plans for more information.",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_billing_permissions"
}
unauthorized_credentials
The provided credentials (project_id and secret) were invalid, or an incorrect password was provided to an Authenticate Password request.
Common causes
Working with multiple Stytch projects results in the project_id and secret getting mixed up
Troubleshooting steps
Compare the secret and project_id you are using the the values in the Stytch dashboard.
Confirm that the password provided to our Authenticate Password endpoint was correct, or prompt the user to reset their password
Confirm the secret and project_id are associated within the same project
Generate a new secret for your project_id in the Stytch dashboard
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_credentials"
}
unauthorized_credentials_homepage
Thanks for trying Stytch! Replace the project ID and secret with your credentials from the developer dashboard to start adding users. To get started, sign up here: https://stytch.com/login
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials_homepage",
"error_message": "Thanks for trying Stytch! Replace the project ID and secret with your credentials from the developer dashboard to start adding users. To get started, sign up here: https://stytch.com/login",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_credentials_homepage"
}
unauthorized_project_id_live
Unauthorized credentials. Looks like the project ID supplied in the request was a live project id. Try using a test project id when hitting test.stytch.com.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_project_id_live",
"error_message": "Unauthorized credentials. Looks like the project ID supplied in the request was a live project id. Try using a test project id when hitting test.stytch.com.",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_project_id_live"
}
unauthorized_project_id_test
Unauthorized credentials. Looks like the project ID supplied in the request was a test project id. Try using a live project id when hitting stytch.com.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_project_id_test",
"error_message": "Unauthorized credentials. Looks like the project ID supplied in the request was a test project id. Try using a live project id when hitting stytch.com.",
"error_url": "https://stytch.com/docs/api/errors/401#unauthorized_project_id_test"
}
user_unauthenticated
User must have an active Stytch session to call this method. Have you logged in yet?
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "user_unauthenticated",
"error_message": "User must have an active Stytch session to call this method. Have you logged in yet?",
"error_url": "https://stytch.com/docs/api/errors/401#user_unauthenticated"
}
weak_factor_combination
This session does not contain a strong combination of factors.
Error
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "weak_factor_combination",
"error_message": "This session does not contain a strong combination of factors.",
"error_url": "https://stytch.com/docs/api/errors/401#weak_factor_combination"
}