Error Codes

MojoAuth API Error Codes

The MojoAuth API uses standardized error codes to help you identify and resolve issues. Each error includes a specific code, message, and description to guide troubleshooting.

Error Response Format

All API errors follow this JSON structure:

{  "error_code": 900,  "message": "Invalid Email Address",  "description": "Email address format is invalid." }

Authentication & Authorization Errors

CodeMessageDescription
1004Bad Request MethodPlease check your request method.
904API Key RequiredAPI key is required to process this request.
905Invalid API KeyThe provided API key is invalid.
906API Secret RequiredAPI secret is required to process this request.
907Invalid API SecretValid API secret is required to process this request.
908Access Token RequiredAccess token is required to process this request.
909Invalid Access TokenThe access token is invalid or malformed.
922Refresh Token RequiredRefresh token is required to continue.
923Invalid Refresh TokenThe refresh token is invalid or expired.

Email Validation Errors

CodeMessageDescription
900Invalid Email AddressThe email address format is invalid.
901Email RequiredEmail address is required to process this request.
921Email Domain Not AllowedAccess for this email address is restricted.
1004Business Email RequiredA work or business email address is required for sign up.
1148Email Profile Not FoundThe specified email address is not linked to any profile.
1160User Not FoundThe user account does not exist.

OTP & Magic Code Errors

CodeMessageDescription
902Magic Code RequiredMagic code is required to continue.
910Invalid Magic CodeThe magic code is invalid or expired.
911Invalid Email OTPThe email OTP is invalid or expired.
912OTP RequiredOTP is required to continue.
913Invalid OTPThe OTP is incorrect or expired.
915Email OTP ExpiredThe email OTP has expired.
1155Invalid Verification OTPThe email verification OTP is invalid.
1156Verification OTP Used or InvalidThe email verification OTP has already been used or is invalid.
1157Verification OTP ExpiredThe email verification OTP has expired.

State Management Errors

CodeMessageDescription
912State ID RequiredThe state ID is required to continue the request.
914Invalid Session StateThe authentication session state is invalid.
924State ID ExpiredThe state ID has expired.
1171Invalid State ParameterThe state parameter in the authentication response is invalid or expired.
1194Invalid Session StateThe session state is invalid or malformed.

Phone Authentication Errors

CodeMessageDescription
915Phone OTP ExpiredThe phone OTP has expired.
916Phone OTP Not SentUnable to send OTP to the phone number.
917Phone Configuration MissingPhone authentication configuration is missing.
918Required Field MissingA required field is missing from the request.
919Invalid Phone NumberThe phone number format is invalid.

CAPTCHA Errors

CodeMessageDescription
902CAPTCHA Token RequiredCAPTCHA token is required for this request.
903CAPTCHA Validation FailedCAPTCHA verification failed.
1186CAPTCHA RequiredCAPTCHA verification is required to continue.

Passkey/WebAuthn Errors

CodeMessageDescription
904Passkey Identifier RequiredPasskey identifier is required to continue.
1100Invalid Passkey Credential IDThe passkey credential ID is invalid.
1103Passkey List Fetch FailedFailed to fetch the passkey list.
1128Passkey Flag RequiredPasskey flag is required for the logged in user.
1131Invalid Passkey RequestThe passkey authentication request is invalid.
1132Passkey Assertion FailedThe passkey assertion failed to validate.
1133Credential ID RequiredPasskey credential ID is required.
1134Invalid Credential IDThe passkey credential ID is invalid.
1135Passkey Credential ID RequiredPasskey credential ID is required.
1136Passkey User Identifier RequiredUser identifier is required to check passkey status.
1137Invalid Passkey RequestThe passkey authentication request is invalid.
1138Passkey Assertion FailedThe passkey assertion failed to validate.
1140Invalid IdentifierThe passkey identifier is invalid or does not exist in the records.
1145Passkey Initialization FailedThe passkey could not be initialized.
1146Invalid Passkey RequestThe passkey authentication request is invalid.
1147Passkey Not LinkedThe passkey is not associated with an account.
1195Passkey Registration FailedThe passkey registration request failed.
1196Invalid Passkey Registration SessionThe passkey registration session is invalid or malformed.
1197Passkey Registration Credential Creation FailedFailed to create the passkey registration credential.
1198Passkey Login Credential Creation FailedFailed to create the passkey login credential.
1199Passkey Login Session Save FailedFailed to save the passkey login session.

Social Provider Errors

CodeMessageDescription
925Invalid ProviderThe provider name or ID is invalid.
1106Provider UnavailableSocial login access is currently unavailable.
1107Provider Not ConfiguredThis identity provider is not configured.
1108Provider Not SupportedThis identity provider is not supported.
1109Social Provider Not ConfiguredThis social identity provider is not configured.
1141Invalid Google TokenThe Google JWT token is not valid.
1142Invalid Google Token IssuerThe Google JWT token issuer is invalid.
1143Invalid Google Token AudienceThe Google JWT token audience is not valid.
1144Google Token ExpiredThe Google JWT token has expired.
1193Facebook Access Token RequiredFacebook access token is required to proceed.

OIDC/OAuth Errors

CodeMessageDescription
1102Invalid Redirect URLThe redirect URL is not configured or invalid.
1110Redirect URL MissingRedirect URL is not defined or whitelisted in the dashboard.
1126Invalid Callback URLThe callback URL format is invalid.
1127OAuth Identifier MissingOAuth identifier is required in the callback URL.
1172OIDC Provider Not FoundThe custom OIDC provider configuration was not found.
1173Token Exchange FailedThe authorization code could not be exchanged for tokens.
1174Invalid ID TokenThe ID token is invalid or could not be verified.
1175Invalid TokenThe user info endpoint request failed due to an invalid or expired token.
1176Authentication ErrorThe identity provider returned an error during authentication.
1177Invalid RequestThe redirect_uri value does not match any registered redirect URIs for the client.
1178Unauthorized ClientThe client is not authorized to request authentication using this method.
1179Access DeniedThe request was denied by the resource owner or authorization server.
1180Invalid ScopeThe requested scope is invalid, unknown, or malformed.
1183Invalid RequestThe request is missing a required parameter, includes an unsupported parameter, or is otherwise malformed.
1184Discovery FailedFailed to fetch OpenID Provider configuration from the discovery endpoint.
1185JWKS Fetch FailedFailed to fetch or parse the JSON Web Key Set (JWKS) from the provider.
1187JWKS Configuration ErrorJWKS configuration not found or invalid.
1192JWKS RSA Key Parse ErrorFailed to parse the JWKS RSA key.

Password Management Errors

CodeMessageDescription
1150Invalid Verification TokenThe reset password verification token is invalid.
1151Verification Link ExpiredThe verification link has expired.
1152Verification Link UsedThe verification link has already been used.
1154Weak PasswordThe password does not meet strength requirements.
1158Reset Password Link InvalidThe reset password link is invalid or has already been used.
1159Verification Link ExpiredThis verification link has expired and is no longer valid.
1161Password Too ShortThe password must be at least 10 characters long.
1162Password Too LongThe password must not exceed 72 characters.
1164Password Not ConfiguredThis account does not have a password set.
1165Invalid PasswordThe password credential is invalid.
1167Invalid TokenThe provided token is invalid.

User Management Errors

CodeMessageDescription
1104User Profile Update FailedFailed to update the user profile.
1139User Not FoundNo user found with the provided identifier.
1149Account InactiveThe account is not active.
1153User Not FoundThe user account does not exist.
1163Invalid User IDThe user ID is not valid or does not exist.
1166User Fetch FailedUnable to retrieve user details.

Rate Limiting & System Errors

CodeMessageDescription
1000Request Not CompletedUnable to complete the request.
1001Bad Request MethodPlease check your request method.
1002Page Not FoundPlease check your request URL.
1003Too Many RequestsYou have exceeded the allowed API request limit.
1168Invalid MFA Access TokenThe MFA access token is invalid.
1169MFA ErrorAn error occurred with multi-factor authentication.
1170Default SMTP Usage Limit ReachedYou have reached the limit for sending emails via default SMTP.
1181Server ErrorThe authorization server encountered an error and could not process the request.
1182Service Temporarily UnavailableThe authorization server is temporarily unable to handle the request.
1188Authentication FailedAuthentication could not be completed due to an unexpected error.
1189Access Token Save FailedFailed to save the access token.

Configuration Errors

CodeMessageDescription
920Template Execution FailedEmail/SMS template execution was unsuccessful.
1105Session State Token Creation FailedFailed to create the session state token.
1129Domain Not ConfiguredThe domain is not configured for this project.
1130Invalid Project IDThe project ID is invalid.
1135JSON Body RequiredThis request requires a JSON body.

Magic Link Errors

CodeMessageDescription
1190Magic Link Parse FailedFailed to parse the magic link.
1191Magic Link Validation FailedThe magic link is invalid or has expired.

HTTP Status Code Mapping

Most errors map to standard HTTP status codes:

  • 400 Bad Request: Invalid parameters, malformed requests
  • 401 Unauthorized: Invalid credentials, expired tokens
  • 403 Forbidden: Access denied, account restrictions
  • 404 Not Found: Resource not found
  • 429 Too Many Requests: Rate limiting, usage limits exceeded
  • 500 Internal Server Error: System errors
  • 503 Service Unavailable: Temporary service issues

Debugging Tips

Common Resolution Steps

  1. Authentication Errors (904, 905, 907):

    • Verify API keys in dashboard
    • Check environment variables
    • Ensure keys match the correct environment

  2. Email Format Errors (900):

    • Validate email on client-side
    • Use proper email validation regex
    • Trim whitespace from input

  3. Rate Limiting (1003):

    • Implement exponential backoff
    • Add request queuing
    • Monitor usage patterns

  4. Token Errors (908, 909, 923):

    • Check token expiration
    • Implement refresh token flow
    • Verify token storage

  5. Provider Errors (925, 1106-1109):

    • Check social provider configuration
    • Verify callback URLs
    • Test provider connectivity

Getting Help

If you encounter persistent errors:

  1. Check the Dashboard: Verify your configuration in the MojoAuth dashboard
  2. Review Logs: Check both client-side and server-side logs
  3. Test Environment: Try reproducing the error in a test environment
  4. Contact Support: Reach out with error codes and context

For additional support:

Last updated: October 2025