The API returns standard HTTP success or error status codes for all operations. For errors, the response will include the corresponding error code, a short message describing the cause of the error, and optionally additional fields conveying information specific to that error.

Status codes

code name description
200 OK The request was processed succesfully.
201 created The request was processed successfully, and a new resource instance was created.
400 bad request The API was unable to process the request as it was malformed in some way.
401 unauthorized The API was unable to find valid credentials in the request.
403 forbidden The credentials provided do not have sufficient permissions to perform the request.
404 not found The requested resources cannot be found.
429 too many requests The request has not been processed as a rate limit has been reached.
5xx server error An unexpected error occurred while processing the event.

Error codes


The API was unable to process the body of your request. Make sure the request body is valid JSON.


One or more parameters in your request body did not pass validation checks. This response will include a params attribute with more detail on offending parameters.


Your organisation does not have the configuration required for the API to complete this request. The message will include details on which configuration is missing.


Your organisation, key or current user does not have the required permission scopes to perform this request.


The session you are trying to use for this request has been marked as expired by the API. You must create a new, valid session before proceeding.


The provided credentials were rejected by the external service. Either the source does not exist (i.e. invalid username) or the credentials payload is wrong (such as a wrong password).


The source has been locked by the external service and cannot be accessed by the API until unlocked by the user. The API message will provide instructions on how to do this for the relevant service.


The source you are trying to create a session against has multi-factor authentication (MFA) enable. The API will have triggered the MFA process, and you must provide the code presented during this process on your next session creation attempt.

For more details on the session creation flow, see the service reference for the service you are trying to access.


The source you are trying is to access has 2-step verification (2SV) enabled, a subset of multi-factor authentication (MFA). As part of this response, the API will provide a list of devices it can trigger the 2SV process against; this device will receive the 2SV code which will be needed for the next step in the process.

For more details on the session creation flow, see the service reference for the service you are trying to access.


This is a general task error. Work to get more errors into specific categories is still in progress.

How can we help?

Our support team are here to help!

Our office hours are Monday to Friday, 9 AM to 5 PM GMT. The time is currently 10:12 PM GMT.

We aim to reply to all messages within one working day.

Go to support section › Contact the enterprise team ›
Our awesome support team

Can we improve this article?

We love hearing from users: why not drop us an email, leave a comment, or tweet @reincubate?

© 2008 - 2020 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® is a registered trademark. Privacy policy & terms. We recommend 2FA. Built with in London.