Getting StartedError Codes

Error Codes

All business API endpoints return HTTP 200 uniformly. Success or failure is indicated by the Error.Code field in the response body. Below are common error codes that may be returned by all endpoints. For endpoint-specific error codes, refer to the respective API documentation.

ℹ️

Tencent eSign Open API uses a unified HTTP 200 response pattern. Even when a business error occurs (e.g., parameter validation failure, resource not found), the HTTP status code is still 200. Error information is returned through Response.Error.Code and Response.Error.Message.

Common Error Codes

Error CodeDescription
INVALID_REQUESTInvalid request parameters — check required fields and field formats
UNAUTHORIZEDUnauthenticated or authentication failed
FORBIDDENNo permission to access this resource
NOT_FOUNDResource not found — verify the ID is correct
INTERNAL_ERRORInternal server error — contact support with the RequestId
SERVICE_UNAVAILABLEService temporarily unavailable, please retry later
OPERATION_TIMEOUTOperation timed out, please retry later
OPERATION_FREQUENTToo many requests — reduce call frequency

Authentication Error Codes

Authentication errors do not use HTTP 200. Instead, they follow the OAuth specification and return the corresponding HTTP status code with a different response format:

{
  "error": "invalid_token",
  "error_description": "token is expired"
}
HTTP StatusError CodeDescription
401invalid_tokenBearer Token is invalid, expired, or revoked
403insufficient_scopeToken scope is insufficient to access the requested resource

Open API Business Error Codes

Error CodeDescription
OPENAPI.OPERATOR_USER_ID_REQUIREDMissing X-Operator-User-Id request header
OPENAPI.OPERATOR_USER_NOT_FOUNDUser specified by X-Operator-User-Id not found or not in the current space
FILE.INVALIDInvalid file format
FILE.TOO_LARGEFile size exceeds the limit

Error Handling Recommendations

  1. INVALID_REQUEST — Verify request parameters are complete and correctly formatted, refer to the field descriptions in the API docs
  2. UNAUTHORIZED / invalid_token — The access_token may have expired; re-call the OAuth Token endpoint
  3. FORBIDDEN / insufficient_scope — Confirm the app has permission to access the target resource, check scope configuration
  4. NOT_FOUND — Verify the resource ID is correct and the resource has not been deleted
  5. OPERATION_FREQUENT — Implement a backoff retry strategy (exponential backoff recommended)
  6. INTERNAL_ERROR — Record the RequestId from the response and contact technical support
  7. OPENAPI.OPERATOR_USER_ID_REQUIRED — Add the X-Operator-User-Id header with the operator’s user ID