attribute_mismatch
401 Attribute mismatch
Unable to authenticate because attributes on request don’t match stored attributes.
Need help?
cannot_update_trusted_metadata
401 Cannot update trusted metadata
Stytch SDKs cannot update trusted metadata with user-provided values. Trusted metadata can only be updated by direct API integrations. SDKs are only allowed to update untrusted_metadata. Visit our docs to learn more.
Need help?
cname_invalid_for_http_only_cookies
401 Cname invalid for http only cookies
You didn’t provide a valid CNAME with your HTTP-only cookies setting set to ‘ENFORCED’. Consider updating the HTTP-only cookies setting to ‘ENABLED’ or making a request via the project’s configured CNAME.
Need help?
cname_required_for_http_only_cookies
401 Cname required for http only cookies
You may not make a request via the default API URL (‘api.stytch.com’ or ‘test.stytch.com’) with your HTTP-only cookies setting set to ‘ENFORCED’. Consider updating the HTTP-only cookies setting to ‘ENABLED’ or making a request via the project’s configured CNAME.
Need help?
connected_app_consent_revoked
401 Connected app consent revoked
The Connected App’s permission has been revoked. Complete another authorization flow to re-enable access.
Need help?
connected_app_supplied_redirect_url_not_found_in_client
401 Connected app supplied redirect url not found in client
The redirect URL supplied in the request is not registered to the client.
Need help?
endpoint_not_authorized_for_sdk
401 Endpoint not authorized for sdk
The project owner hasn’t authorized the Stytch SDK to call endpoints for this product.
Common Causes
- You haven’t yet configured your Stytch project to allow SDK access to this product.
Troubleshooting
- Enable the product via the Frontend SDK page in the Stytch Dashboard.
- Toggle on the corresponding Enabled methods in the Frontend SDK page.
- If you’re using our WebAuthn product, you’ll also need to enable “Manage user data” via the Frontend SDK page.
Need help?
enterprise_endpoint
401 Enterprise endpoint
Thanks for trying Stytch! We’re glad you’re excited to try our new products, but this one requires approval before using. Please reach out to support@stytch.com if you’re interested.
Need help?
insufficient_factors
401 Insufficient factors
User must be logged in with multiple categories of factors to call this endpoint.
Need help?
oauth_unverified_email
401 Oauth unverified email
The user has not verified their email with the OAuth provider. Please encourage them to verify their email address and try again.
Need help?
oidc_response_unverified_email
401 Oidc response unverified email
The user has not verified their email with the external provider. Please encourage them to verify their email address and try again.
Need help?
session_too_old_to_reset_password
401 Session too old to reset password
The provided session cannot be used to reset a password. It does not have an authentication_factor that was authenticated within the last 5 minutes. Please prompt the user to authenticate again before retrying the endpoint.
Need help?
stale_factors
401 Stale factors
In order to call this endpoint, the user should have authenticated within the last hour. Please reauthenticate and try again.
Need help?
twitter_401
401 Twitter 401
Twitter responded with a 401 Unauthorized error.
Need help?
unable_to_auth_biometric_registration
401 Unable to auth biometric registration
Biometric registration could not be authenticated.
Need help?
unable_to_auth_impersonation_token
401 Unable to auth impersonation token
The impersonation token could not be authenticated.
Need help?
unable_to_auth_magic_link
401 Unable to auth magic link
The magic link could not be authenticated because it was either used or expired.
Common Causes
- A user clicks a magic link they already used before
- A user waits too long to click a magic link that has expired
Troubleshooting
- Send a new magic link to the user
Need help?
unable_to_auth_otp_code
401 Unable to auth otp code
The passcode could not be authenticated because it was either already used or expired. Send another passcode to this user.
Common Causes
- The user may have inadvertently entered the same OTP code twice; either re-using a code they already authenticated or an expired code.
- If you wrapped the
OTPAuthenticatecall in auseEffectand you are using React 18 in StrictMode, you may be double calling the method. See here for more details.
Troubleshooting
- Review your code, and network requests (if using a frontend SDK) to determine if multiple requests are being made.
- Send a new code to the user.
Need help?
unable_to_auth_password_reset_token
401 Unable to auth password reset token
The password reset token could not be authenticated, try sending another password reset email to the user.
Need help?
unable_to_auth_webauthn_registration
401 Unable to auth webauthn registration
WebAuthn registration could not be authenticated.
Need help?
unable_to_authenticate_recovery_code
401 Unable to authenticate recovery code
Unable to authenticate recovery code.
Need help?
unable_to_authenticate_totp
401 Unable to authenticate totp
Unable to authenticate TOTP.
Need help?
unauthorized_action
401 Unauthorized action
Unauthorized action.
Need help?
unauthorized_billing_permissions
401 Unauthorized billing permissions
This action or feature is not supported by your billing tier. Please visit https://stytch.com/dashboard/settings/pricing-plans for more information.
Need help?
unauthorized_credentials
401 Unauthorized credentials
The provided credentials (project_id and secret) were invalid, an incorrect password was provided to an Authenticate Password request, or an invalid/expired session token was included in a request.
Common Causes
- Working with multiple Stytch Projects can result in the
project_idandsecretgetting mixed up. - Improper clearing of revoked session cookies
Troubleshooting
- Compare the
secretandproject_idyou are using the the values in the Stytch Dashboard. - Confirm that the password provided to our Authenticate Password endpoint was correct, or prompt the user to reset their password.
- Confirm the
secretandproject_idare associated within the same project. - Generate a new
secretfor yourproject_idin the Stytch Dashboard. - Ensure that there are no expired/invalid session tokens being included in requests.
Need help?
unauthorized_credentials_homepage
401 Unauthorized credentials homepage
Thanks for trying Stytch! Replace the project ID and secret with your credentials from the developer dashboard to start adding users. To get started, sign up here: https://stytch.com/login
Need help?
unauthorized_project_id_live
401 Unauthorized project id live
Unauthorized credentials. Looks like the project ID supplied in the request was a live project id. Try using a test project id when hitting test.stytch.com.
Need help?
unauthorized_project_id_test
401 Unauthorized project id test
Unauthorized credentials. Looks like the project ID supplied in the request was a test project id. Try using a live project id when hitting stytch.com.
Need help?
unavailable_endpoint
401 Unavailable endpoint
Thanks for trying Stytch! We’re glad you’re excited to try our new products, but this one is still under construction. Please reach out to support@stytch.com if you’re interested.
Need help?
user_unauthenticated
401 User unauthenticated
User must have an active Stytch session to call this method. Have you logged in yet?
Need help?
weak_factor_combination
401 Weak factor combination
This session does not contain a strong combination of factors.