...
| Error code | Error Message | Description | Example | |||
|---|---|---|---|---|---|---|
700700 | API blocked | This API has been blocked temporarily. Please try again later or contact the system administrators. | Invoke an API which is in the BLOCKED lifecycle state | |||
900800 | Message throttled out | The maximum number of requests that can be made to the API within a designated time period is reached and the API is throttled for the user. | Invoke an API exceeding the tier limit | |||
900801 | Hard limit exceeded | Hard throttle limit has been reached | Invoke an API exceeding the hard throttle limit | |||
900802 | Resource level throttle out | Message is throttled out because resource level has exceeded | Sending/Receiving messages beyond authorized resource level | |||
900803 | Application level throttle out | Message is throttled out because application level is exceeded | Sending/Receiving messages beyond authorized application level | |||
900804 | Subscription level throttled out | Message throttled out due to subscription level throttling limit reached. | Sending/Receiving messages beyond configured throttling limit of subscription level policy. | |||
900805 | Message blocked | Accessing an API which is blocked on user, IP, application, or API Context. | An admin user can block API invocations in real time by user, IP, application, or API context. The API invocation meets the blocked condition. | |||
900806 | Custom policy throttled out | Message throttled out due to exceeding the limit configured through the custom throttling policy rules. | The API invocations meet custom throttle policy rules, exceeding the limits of the configured custom policy. | |||
900807 | Message throttled out | Messaged throttled out because of exceeding the burst control/rate limit (requests per second) in the subscription level policy. | Sending/Receiving messages exceeding the configured burst control/rate limit within second. | |||
900900 | Unclassified authentication failure | An unspecified error has occurred | Backend service for key validation is not accessible when trying to invoke an API | |||
900901 | Invalid credentials | Invalid authentication information provided | 900909 | The subscription to the API is inactive | The status of the API has changed to an inaccessible/unavailable state. | Invoke an . |
900902 | Missing credentials | No authentication information provided | Accessing an API without Authorization: Bearer header | |||
900905 | Incorrect access token type is provided | The access token type used is not supported when invoking the API. The supported access token types are application and user accesses tokens. See Access Tokens. | Invoke an API with application token, where the resource only allows application user tokens | |||
900906 | No matching resource found in the API for the given request | A resource with the name in the request can not be found in the API. | Invoke an API resource that is not available | |||
900907 | The requested API is temporarily blocked | Happens when the API user is blocked. | Invoke API resource with a subscription that has been blocked by the API publisher | |||
900908 | Resource forbidden | The user invoking the API has not been granted access to the required resource. | Invoke an unsubscribed API | |||
| When the access token is invalid or inactive. | |||||
900902 | Missing credentials | No authentication information provided | Accessing an API without Authorization: Bearer header | |||
900905 | Incorrect access token type is provided | The access token type used is not supported when invoking the API. The supported access token types are application and user accesses tokens. See Access Tokens. | Invoke an API with application token, where the resource only allows application user tokens | |||
900906 | No matching resource found in the API for the given request | A resource with the name in the request can not be found in the API. | Invoke an API resource that is not available | |||
900907 | The requested API is temporarily blocked | Happens when the API user is blocked. | Invoke API resource with a subscription that has not yet been approved blocked by the administrator. | |||
900910 | The access token does not allow you to access the requested resource | Can not access the required resource with the provided access token. Check the valid resources that can be accessed with this token. | Invoke API resource with an access token that is not generated to be used with the resource's scope. | |||
102511 | Incomplete payload | The payload sent with the request API publisher | ||||
900908 | Resource forbidden | The user invoking the API has not been granted access to the required resource. | Invoke an unsubscribed API | |||
900909 | The subscription to the API is inactive | The status of the API has changed to an inaccessible/unavailable state. | Invoke an API resource with a subscription that has not yet been approved by the administrator. | |||
900910 | The access token does not allow you to access the requested resource | Can not access the required resource with the provided access token. Check the valid resources that can be accessed with this token. | Invoke API resource with an access token that is not generated to be used with the resource's scope. | |||
102511 | Incomplete payload | The payload sent with the request is too large and the client is unable to keep the connection alive until the payload is completely transferred to the API Gateway | Sending a large PDF file with the POST request |
| Note |
|---|
The error codes |
Sequences error codes
...
Sequences error codes
| Error code | Description |
|---|---|
900901 | Production/sandbox key offered to the API with no production/sandbox endpoint |
400 | Server cannot process the request due to an error in the request sent by the client |
403 | No matching resource found in the API for the given request |
...
| Info | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The HTTP Status Codes and the corresponding error codes from the error responses are given below.
|
...
Start the WSO2 API Manager.
Go to
<API-M_HOME>/repository/deployment/server/synapse-configs/default/sequencesdirectory and create the fileconvert.xmlas follows.Code Block language xml <sequence xmlns="http://ws.apache.org/ns/synapse" name="convert"> <payloadFactory media-type="xml"> <format> <am:fault xmlns:am="http://wso2.org/apimanager"> <am:code>$1</am:code> <am:type>Status report</am:type> <am:message>Runtime Error</am:message> <am:description>$2</am:description> </am:fault> </format> <args> <arg evaluator="xml" expression="$ctx:ERROR_CODE"/> <arg evaluator="xml" expression="$ctx:ERROR_MESSAGE"/> </args> </payloadFactory> <property name="RESPONSE" value="true"/> <header name="To" action="remove"/> <property name="HTTP_SC" value="555" scope="axis2"/> <property name="NO_ENTITY_BODY" scope="axis2" action="remove"/> <property name="ContentType" scope="axis2" action="remove"/> <property name="Authorization" scope="transport" action="remove"/> <property name="Access-Control-Allow-Origin" value="*" scope="transport"/> <property name="Host" scope="transport" action="remove"/> <property name="Accept" scope="transport" action="remove"/> <property name="X-JWT-Assertion" scope="transport" action="remove"/> <property name="messageType" value="application/json" scope="axis2"/> <send/> </sequence>Tip Alternatively, you can use the Source View of the API-M Management Console as follows to edit the synapse configuration:
- Sign in to the Management Console. (
https://<Server Host>:9443/carbon). - Go to Manager -> Source View.
- Copy the content of the sequence in
convert.xml, paste it as a new sequence in the source view and update it.
- Sign in to the Management Console. (
Check the terminal logs to see whether there are issues in the deployment.
If the deployment is successful, you see a message similar to the following in the system logs:Code Block INFO - DependencyTracker Sequence : convert was added to the Synapse configuration successfully INFO - SequenceDeployer Sequence named 'convert' has been deployed from file : <API-M_HOME>/repository/deployment/server/synapse-configs/default/sequences/convert.xml
Include the sequence that you just deployed in a sequence of your choice.
_auth_failure_handler_sequence.Code Block <sequence name="_auth_failure_handler_" xmlns="http://ws.apache.org/ns/synapse"> ... <sequence key="convert"/> <drop/> </sequence>Check the terminal and see whether there are any errors with the
_auth_failure_handler_sequence deployment.
If the deployment is successful, you see a message similar to the following in the system logs:Code Block INFO - DependencyTracker Sequence : _auth_failure_handler_ was added to the Synapse configuration successfully INFO - SequenceDeployer Sequence: _auth_failure_handler_ has been updated from the file: <API-M_HOME>/repository/deployment/server/synapse-configs/default/sequences/_auth_failure_handler_.xml
Invoke the API with the respective criteria in order to trigger the sequence.
In this example, let's view the menu on the PizzaShack API and invoke the API with an incorrect token.Localtabgroup Localtab active true id format-menu title Format Code Block curl -v -H "Authorization: Bearer <Access_Token>" http://localhost:8280/<API_name>/<version>/<context>Localtab id example-menu title Example Code Block curl -k -v -X GET "https://localhost:8243/pizzashack/1.0.0/menu" -H "accept: application/json" -H "Authorization: Bearer fb119e84-9542-3194-93dc-1ddddaaa1111"Localtab id SampleResponse title Sample Response Code Block curl -v -H "Authorization: Bearer <Access_Token>" http://localhost:8280/<API_name>/<version>/<context>Localtab id example-menu title Example Code Block curl -k -v -X GET "https://localhost:8243/pizzashack/1.0.0/menu" -H "accept: application/json" -H "Authorization: Bearer fb119e84-9542-3194-93dc-1ddddaaa1111"Localtab id SampleResponse title Sample Response Code Block > GET /pizzashack/1.0.0/menu HTTP/1.1 > Host: localhost:8243 > User-Agent: curl/7.54.0 > accept: application/json > Authorization: Bearer fb119e84-9542-3194-93dc-1ddddaaa1111 > < HTTP/1.1 555 < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET < Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction < Content-Type: application/json; charset=UTF-8 < Date: Fri, 04 Jan 2019 09:53:56 GMT < Transfer-Encoding: chunked < {"fault":{"code":900901,"type":"Status report","message":"Runtime Error","description":"Invalid Credentials"}}
...
| Fault Sequence | Description | |||
|---|---|---|---|---|
fault.xml | This is the primary fault sequence that gets invoked when an error occurs during the execution of an API resources | |||
main.xml | This sequence is called when the endpoint being called does not exist | |||
_auth_failure_handler.xml | This sequence is called when an API authentication error is encountered | |||
_production_key_error.xml | This sequence is called when a Production key is used to invoke an API that does not have a Production endpoint defined | |||
_sandbox_key_error.xml | This sequence is called when a Sandbox key is used to invoke an API that does not have a Sandbox endpoint defined | |||
_throttle_out_handler.xml | This sequence is called when a given request to an API gets throttled out | |||
_token_fault.xml | This sequence is called when there is an error in invoking the token API | |||
_resource_mismatch_handler.xml | This sequence is called when a matching resource cannot be found by the gateway to the corresponding resource being invoked | _build_.xml |
| _threat_fault_.xml |
dispatchSeq.xml | outDispatchSeq.xml
| This sequence enables sending CORS specific headers when the CORS specific configuration (CORSConfiguration) is enabled in WSO2 API Manager in the <API-M_HOME>/repository/conf/api-manager.xml file. | ||
_threat_fault_.xml | This sequence is called to send error messages with regard to threat detection. | |||
dispatchSeq.xml | This sequence is defined as a default handler for any inbound WebSocket calls. | |||
outDispatchSeq.xml | This sequence is defined to handle any outbound WebSocket calls. |
| Info |
|---|
The default sequences can also be customized as shown in the section above. |