API conventions
Prove Platform APIs follow consistent API conventions. The API responses follow these conventions:- Optional fields that have no values aren’t returned.
- JSON maps that have no values aren’t returned.
- JSON arrays that have no values aren’t returned.
HTTP status codes
The following table has a list of the HTTP status codes returned by the Prove services:Code | Definition | Description |
---|---|---|
200 | OK | The request completed successfully. |
400 | Bad Request | There was a problem with the submitted request. |
401 | Unauthorized | The request lacks valid authentication credentials for the target resource. Check for no missing chars or whitespace. Validate that you are calling the correct environment such as US or EU and Production or Sandbox. |
403 | Forbidden | The client doesn’t have permission to access the target resource. |
404 | Not Found | The server didn’t find anything matching the Request-URI. |
500 | Internal Server Error | The server encountered an unexpected condition preventing it from fulfilling the request. Retry the request, and if the problem persists, contact Prove support. |
API error codes
When a Prove API encounters a request error, the JSON response object includes acode
field and a message
field to give further context.
This table has a list of the API error codes:
Error Code | Description | Resolution Path |
---|---|---|
8000 | Internal Error | The server encountered an unexpected condition preventing it from fulfilling the request. Retry the request, and if the problem persists, contact Prove support. |
8001 | Malformed Request | Ensure the request is valid JSON, is under 4 KB in size, and correct any invalid parameters. The API specifies invalid parameters and includes the reason in the message field. |
8002 | Unauthorized Request | The request lacks valid authentication credentials for the target resource. Ensure you used the correct credentials. |
8003 | Step Called Out of Order | The request called an endpoint out of order. Check the next field for the proper endpoint to call. |
8007 | Sandbox User Not Found | Only use test user information as input for requests unless otherwise specified in the test cases. |
8008 | Invalid Correlation ID | Check the Correlation ID for errors. The Correlation ID is unique per session. |
8009 | Sandbox Test User Access Denied | Your current product credentials can’t access the test user. Ensure you’re using test users with the matching Prove solution credentials. |
8010 | Unauthorized for Country | This can mean one of two things:
|
8011 | Identity Not Found | No identity exists for the provided Identity ID. |
Retry behavior after errors
When an HTTP status code other than 200 returns, you can fix and retry the request. If you retry a request that resulted in 200, you receive an HTTP 403 code with eitherstep called out of order
or correlation ID is expired or invalid
. Prove prevents retries to ensure proper behavior and mitigate issues with replay attacks.