This documentation is for WSO2 API Manager 2.5.0 View documentation for the latest release.
Page Comparison - Error Handling (v.6 vs v.7) - API Manager 2.5.0 - WSO2 Documentation

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added descriptions for missing sequences


Error codeError MessageDescriptionExample
API blockedThis API has been blocked temporarily. Please try again later or contact the system administrators.Invoke an API which is in the BLOCKED lifecycle state
Message throttled out

The maximum number of requests that can be made to the API within a designated time period is reached and the API is throttled for the user.

Invoke an API exceeding the tier limit
Hard limit exceededHard throttle limit has been reachedInvoke an API exceeding the hard throttle limit
900802Resource level throttle outMessage is throttled out because resource level has exceededSending/Receiving messages beyond authorized resource level
900803Application level throttle outMessage is throttled out because application level is exceeded

Sending/Receiving messages beyond authorized application level

900804Subscription level throttled outMessage throttled out due to subscription level throttling limit reached.Sending/Receiving messages beyond configured throttling limit of subscription level policy.
900805Message blockedAccessing an API which is blocked on user, IP, application, or API Context.An admin user can block API invocations in real time by user, IP, application, or API context. The API invocation meets the blocked condition.
900806Custom policy throttled outMessage throttled out due to exceeding the limit configured through the custom throttling policy rules.The API invocations meet custom throttle policy rules, exceeding the limits of the configured custom policy.
900807Message throttled outMessaged throttled out because of exceeding the burst control/rate limit (requests per second) in the subscription level policy.Sending/Receiving messages exceeding the configured burst control/rate limit within second.

Unclassified authentication failure

An unspecified error has occurredBackend service for key validation is not accessible when trying to invoke an API

Invalid credentials

Invalid authentication information providedUsing an older access token after an access token has been renewed.

Missing credentials

No authentication information providedAccessing an API without Authorization: Bearer header

Incorrect access token type is provided

The access token type used is not supported when invoking the API. The supported access token types are application and user accesses tokens. See Access Tokens.

Invoke an API with application token, where the resource only allows application user tokens

No matching resource found in the API for the given request

A resource with the name in the request can not be found in the API.Invoke an API resource that is not available

The requested API is temporarily blocked

Happens when the API user is blocked.Invoke API resource with a subscription that has been blocked by the API publisher

Resource forbidden

The user invoking the API has not been granted access to the required resource.Invoke an unsubscribed API

The subscription to the API is inactive

The status of the API has changed to an inaccessible/unavailable state.Invoke an API resource with a subscription that has not yet been approved by the administrator.

The access token does not allow you to access the requested resource

Can not access the required resource with the provided access token. Check the valid resources that can be accessed with this token.

Invoke API resource with an access token that is not generated to be used with the resource's scope.
102511Incomplete payloadThe payload sent with the request is too large and the client is unable to keep the connection alive until the payload is completely transferred to the API GatewaySending a large PDF file with the POST request


Fault SequenceDescription

This is the primary fault sequence that gets invoked when an error occurs during the execution of an API resources

main.xmlThis sequence is called when the endpoint being called does not exist
_auth_failure_handler.xmlThis sequence is called when an API authentication error is encountered
_production_key_error.xmlThis sequence is called when a Production key is used to invoke an API that does not have a Production endpoint defined
_sandbox_key_error.xmlThis sequence is called when a Sandbox key is used to invoke an API that does not have a Sandbox endpoint defined
_throttle_out_handler.xmlThis sequence is called when a given request to an API gets throttled out
_token_fault.xmlThis sequence is called when there is an error in invoking the token API
_resource_mismatch_handler.xmlThis sequence is called when a matching resource cannot be found by the gateway to the corresponding resource being invoked




This sequence enables sending CORS specific headers when the CORS specific configuration (CORSConfiguration) is enabled in WSO2 API Manager in the <API-M_HOME>/repository/conf/api-manager.xml file.

This sequence is called to send error messages with regard to threat detection.

dispatchSeq.xmlThis sequence is defined as a default handler for any inbound WebSocket calls.
outDispatchSeq.xmlThis sequence is defined to handle any outbound WebSocket calls.

The default sequences can also be customized as shown in the section above.