HTTP Error Codes

API Gateway

Release Notes and Announcements

Release Notes

Announcements

[Important] API Gateway Product Sales Discontinuation Announcement

[March 1, 2024] Security Management Notice for the Use of Default Domain Name in API Gateway

[August 15, 2022] Billing of Public Network Outbound Traffic from API Gateway to Backend Services

Product Introduction

Regions and Availability Zones

Purchase Guide (Discontinued)

Billing Overview

Instance Specifications

Shared Instance Billing

Dedicated Instance Billing

Billing Rule

Refund

Resource Pack Billing

Billing Rule

Refund

Payment Overdue

Getting Started

Step 1. Get the Access Permission

Step 2. Create a Service

Step 3. Create an API with Mock as the Backend Type

Step 4. Publish the Service

Step 5. Create a Plugin and Bind It to the API

Step 6. Debug the API

Operation Guide

Instance Management

Instance Parameter Configuration

Service Management

Binding Service to VPC

Migrating Service from Shared Instance to Dedicated Instance

Creating API

API Creation Overview

Creating APIs Connecting to the Public URL/IP Backend

Creating APIs Connecting to the VPC Resource Backend

Creating APIs Connecting to the SCF Backend

Creating API for Interconnecting Backend with COS

Creating APIs Connecting to the Mock Backend

Creating APIs Connecting to the TSF Backend

Importing APIs

API Management

Debugging General APIs

Debugging Microservice APIs

Compressing Responses

Base64 Encoding

Calling API

Calling Key Pair Authentication API

Authentication-Free API

Release and Access

Overview

Service Release and Deactivation

Service Access

Environment Version Switch

Custom Domain Name and Certificate

Configuring Custom Domain Name

Usage Plan

Overview

Working with a Usage Plan

Traffic Control

Backend Upstream

VPC Upstream

Verification and Security

Overview

Application-Enabled Authentication Method

Authentication-Free Mode

OAuth2.0

CAM Policy

Log Statistics

View Log Analysis

Exporting Service Logs

Viewing Operation Logs

Shipping to CLS

Access Monitoring

Viewing Monitoring Charts

Viewing API Statistics

Monitoring Metrics

API Doc Generator

Application Management

Permission Management

Precautions

Private IP Ranges and Public VIPs of API Gateway Regions

Plugin Usage

Overview

IP Access Control

Basic Traffic Throttling

Parameter Traffic Throttling

Practical Tutorial

Making Serverless Service Available quickly through API Gateway

Integrating WAF to API Gateway for Security Protection

Accessing Resources in IDC via API Gateway Dedicated Instance

Quick Access to TEM Application via API Gateway

Integrating ECDN to API Gateway for Acceleration

API Gateway Providing the Access Capability for TKE

Migrating from Region A to Region B

Development Guide

Serverless Framework

Overview

Installing Serverless Framework

Creating and Deploying API Gateway Service

Importing APIs

Defining APIs

Sample for Importing APIs

Generating Application Authentication Signature

Quick Service Deletion Tool

Uploading Files

Serverless Multi-File Upload Processing

Structures Passed by API Gateway to Backend

API Documentation

Making API Requests

Plugin APIs

DescribeAllPluginApis

Application APIs

DescribeApiAppBindApisStatus

DescribeApiAppsStatus

DescribeApiBindApiAppsStatus

DescribeApiForApiApp

DescribeServiceForApiApp

ModifyApiApp

UnbindApiApp

UpdateApiAppKey

Other APIs

DescribeInstancesNetworkConfig

CreateUpstream

DeleteUpstream

DescribeUpstreamBindApis

DescribeUpstreams

ModifyUpstream

DescribeExclusiveInstanceRegions

Usage Plan APIs

DemoteServiceUsagePlan

DescribeUsagePlan

DescribeUsagePlanEnvironments

DescribeUsagePlanSecretIds

DescribeUsagePlansStatus

IP Policy APIs

DescribeIPStrategyApisStatus

DescribeIPStrategysStatus

ModifyIPStrategy

UnBindIPStrategy

Custom Domain Name APIs

BindSubDomain

DeleteServiceSubDomainMapping

DescribeServiceSubDomainMappings

DescribeServiceSubDomains

API Document APIs

OpenAPI APIs

Key APIs

DescribeApiKeysStatus

Log APIs

Service APIs

DescribeServiceEnvironmentList

DescribeServiceEnvironmentReleaseHistory

DescribeServiceReleaseVersion

DescribeServiceUsagePlan

DescribeServicesStatus

Throttling Policy APIs

DescribeApiEnvironmentStrategy

DescribeServiceEnvironmentStrategy

ModifyApiEnvironmentStrategy

ModifyServiceEnvironmentStrategy

Documentation and SDK APIs

GenerateApiDocument

Data Types

Error Codes

Legacy Features

Key Pair Authentication

Key Management

Key Pair Authentication

Java (Key Pair Authentication)

Go (Key Pair Authentication)

Python (Key Pair Authentication)

JavaScript (Key Pair Authentication)

PHP (Key Pair Authentication)

C++ (Key Pair Authentication)

Erlang (Key Pair Authentication)

Signature generation instructions

FAQs

Service Level Agreement

Glossary

DocumentationAPI GatewayFAQsHTTP Error Codes

HTTP Error Codes

Download PDF

Last updated: 2023-12-22 10:10:46

HTTP Error Codes

Last updated: 2023-12-22 10:10:46

Download PDF

What are the common errors when API Gateway is called?
When you call API Gateway, you may encounter the following common HTTP error codes:
Frontend errors:
Error Code
Log Message
Description
401
HMAC apikey is invalid for API.
APIKey is not bound to this API.
401
HMAC signature cannot be verified, a valid x-date header is required for   HMAC Authentication.
HMAC authentication does not include x-date in the header, or the HMAC value is invalid.
401
HMAC signature cannot be verified, the x-date header is out of date for   HMAC Authentication.
The x-date timestamp timed out. It is 900s by default.
401
HMAC signature cannot be verified, a valid date or x-date header is   required.
If there is no x-date, the header must contain date.
401
HMAC id or signature missing.
The ID or signature field is missing in Authorization.
401
HMAC do not support multiple HTTP header.
A header with multiple values is not supported.
401
HMAC signature cannot be verified, a valid xxx header is required.
xxx header is missing in the request.
401
HMAC algorithm xxx not supported.
HMAC algorithm does not support xxx, which currently supports HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
401
HMAC authorization format error.
Incorrect Authorization format.
401
HMAC authorization headers is invalidate.
Authorization lacks sufficient parameters. For more information, please see Key Pair Authentication - Eventually Delivered Content.
401
HMAC signature cannot be verified.
Unable to verify the signature, possibly because the APIKey cannot be recognized. This usually happens if the APIKey is not bound to this service or API.
401
HMAC signature does not match.
The signature does not match.
401
Oauth call authentication server fail.
Failed to call the authentication server.
401
Oauth found no related Oauth api.
As the associated Oauth authentication API is not found, the id_token cannot be verified.
401
Oauth miss Oauth id_token.
The id_token is missing in the request.
401
Oauth signature cannot be verified, a validate authorization header is required.
Authentication header missing.
401
Oauth authorization header format error.
Incorrect Oauth header format.
401
Oauth found no authorization header.
Authentication header not found.
401
Oauth found no id_token.
id_token not found.
401
Oauth id_token verify error.
JWT-formatted id_token verification failed.
403
Found no validate usage plan.
No corresponding usage plan found. Access denied. (This error may occur if the usage plan feature is enabled.)
403
Cannot identify the client IP address, unix domain sockets are not   supported.
Unable to identify the source IP.
403
Endpoint IP address is not allowed.
The backend IP is not allowed to access.
403
Get xxx params fail.
An error occurred while getting parameters from the request.
403
need header Sec-WebSocket-Key.
The Sec-WebSocket-Key header is missing in the actual request, which will be checked for APIs configured with WebSocket.
403
need header Sec-WebSocket-Version.
The Sec-WebSocket-Version header is missing in the actual request, which will be checked for APIs configured with WebSocket.
403
header xxx is required.
The xxx header is missing in the actual request.
403
path variable xxx is required.
The {xxx} path variable is configured but does not match the actual request path.
403
querystring xxx is required.
The xxx querystring is missing in the actual request.
403
req content type need application/x-www-form-urlencoded.
Requests with the body parameter must be in form format.
403
body param xxx is required.
The xxx body parameter is missing in the actual request.
404
Not found micro service with key.
No corresponding microservice found.
404
Not Found Host.
The request should have the host field, whose value should be the server's domain name in string type.
404
Get Host Fail.
The value of the host field in the request is not in string type.
404
Could not support method.
This request method type is not supported.
404
There is no api match host[$host].
Request server domain name/address not found.
404
There is no api match env_mapping[$env_mapping].
The env_mapping field after the custom domain name is incorrect.
404
There is no api match default env_mapping[$env_mapping].
The value of the env_mapping field after the default domain name should be test/prepub/release.
404
There is no api match uri[$uri].
The API that matches the URI is not found in the service corresponding to the request address.
404
Not allow use HTTPS protocol or Not allow use HTTP protocol.
The service corresponding to the requested address does not support the HTTP protocol type.
404
Found no api.
The request did not match an API.
405
Method Not Allowed.
HTTP request method not allowed
426
Not allow use HTTPS protocol.
HTTPS protocol not allowed.
426
Not allow use HTTPS protocol.
HTTP protocol not allowed.
426
Not allow use HTTPS protocol.
xxx protocol not allowed.
429
API rate limit exceeded.
The request rate limit is exceeded. The current rate can be viewed through the request header.
429
API quota exceeded.
The configuration quota is exceeded. Remaining quota can be viewed through the request header.
429
req is cross origin, api $uri need open cors flag on qcloud   apigateway.
This is a cross-origin request, but the corresponding API has not enabled cross-origin access.
481
API config error.
API configuration error.
481
TSF config error.
TSF configuration error.
481
Get location of micro service info fail.
Microservice name and namespace are not configured to get location.
481
Only support the map_from like method.req.{path}.{}.
Microservice name and namespace are configured to get location, but the location format is invalid.
481
Found no valid cors config.
CORS configuration error.
481
Oauth public key error.
Public key certificate configuration error.
481
Oauth id_token location forbidden.
Forbidden id_token storage location.
481
Oauth found no oauth config.
Oauth configuration not found.
481
Oauth found no public key.
Public key not found.
481
Mock config error.
Mock configuration error.
499
Client closed connetion.
The client closed connection.
Backend errors:
Error Code
Log Message
Description
500
Error occurred during query params.
An error occurred while querying parameters.
500
Internal Server Error.
1. Other APIGW internal logic error. 
2. If the API is proxy type, accessing the backend address without access permission will also cause this error.
502
Bad Gateway.
Backend service connection error. Possible reasons: 
1. The backend denied the service, and the 502 error occurred for all requests. 
2. 2.Backend load was too high, and the 502 error occurred for some requests.
504
Gateway Time-out.
Backend server connection timed out.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Error Code	Log Message	Description
401	HMAC apikey is invalid for API.	`APIKey` is not bound to this API.
401	HMAC signature cannot be verified, a valid x-date header is required for HMAC Authentication.	HMAC authentication does not include `x-date` in the header, or the HMAC value is invalid.
401	HMAC signature cannot be verified, the x-date header is out of date for HMAC Authentication.	The `x-date` timestamp timed out. It is 900s by default.
401	HMAC signature cannot be verified, a valid date or x-date header is required.	If there is no `x-date`, the header must contain `date`.
401	HMAC id or signature missing.	The ID or signature field is missing in `Authorization`.
401	HMAC do not support multiple HTTP header.	A header with multiple values is not supported.
401	HMAC signature cannot be verified, a valid xxx header is required.	xxx header is missing in the request.
401	HMAC algorithm xxx not supported.	HMAC algorithm does not support xxx, which currently supports HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
401	HMAC authorization format error.	Incorrect `Authorization` format.
401	HMAC authorization headers is invalidate.	`Authorization` lacks sufficient parameters. For more information, please see Key Pair Authentication - Eventually Delivered Content.
401	HMAC signature cannot be verified.	Unable to verify the signature, possibly because the `APIKey` cannot be recognized. This usually happens if the `APIKey` is not bound to this service or API.
401	HMAC signature does not match.	The signature does not match.
401	Oauth call authentication server fail.	Failed to call the authentication server.
401	Oauth found no related Oauth api.	As the associated Oauth authentication API is not found, the `id_token` cannot be verified.
401	Oauth miss Oauth id_token.	The `id_token` is missing in the request.
401	Oauth signature cannot be verified, a validate authorization header is required.	Authentication header missing.
401	Oauth authorization header format error.	Incorrect Oauth header format.
401	Oauth found no authorization header.	Authentication header not found.
401	Oauth found no id_token.	`id_token` not found.
401	Oauth id_token verify error.	JWT-formatted `id_token` verification failed.
403	Found no validate usage plan.	No corresponding usage plan found. Access denied. (This error may occur if the usage plan feature is enabled.)
403	Cannot identify the client IP address, unix domain sockets are not supported.	Unable to identify the source IP.
403	Endpoint IP address is not allowed.	The backend IP is not allowed to access.
403	Get xxx params fail.	An error occurred while getting parameters from the request.
403	need header Sec-WebSocket-Key.	The `Sec-WebSocket-Key` header is missing in the actual request, which will be checked for APIs configured with WebSocket.
403	need header Sec-WebSocket-Version.	The `Sec-WebSocket-Version` header is missing in the actual request, which will be checked for APIs configured with WebSocket.
403	header xxx is required.	The xxx header is missing in the actual request.
403	path variable xxx is required.	The `{xxx}` path variable is configured but does not match the actual request path.
403	querystring xxx is required.	The xxx querystring is missing in the actual request.
403	req content type need application/x-www-form-urlencoded.	Requests with the `body` parameter must be in form format.
403	body param xxx is required.	The xxx body parameter is missing in the actual request.
404	Not found micro service with key.	No corresponding microservice found.
404	Not Found Host.	The request should have the `host` field, whose value should be the server's domain name in string type.
404	Get Host Fail.	The value of the `host` field in the request is not in string type.
404	Could not support method.	This request method type is not supported.
404	There is no api match host[$host].	Request server domain name/address not found.
404	There is no api match env_mapping[$env_mapping].	The `env_mapping` field after the custom domain name is incorrect.
404	There is no api match default env_mapping[$env_mapping].	The value of the `env_mapping` field after the default domain name should be `test/prepub/release`.
404	There is no api match uri[$uri].	The API that matches the URI is not found in the service corresponding to the request address.
404	Not allow use HTTPS protocol or Not allow use HTTP protocol.	The service corresponding to the requested address does not support the HTTP protocol type.
404	Found no api.	The request did not match an API.
405	Method Not Allowed.	HTTP request method not allowed
426	Not allow use HTTPS protocol.	HTTPS protocol not allowed.
426	Not allow use HTTPS protocol.	HTTP protocol not allowed.
426	Not allow use HTTPS protocol.	xxx protocol not allowed.
429	API rate limit exceeded.	The request rate limit is exceeded. The current rate can be viewed through the request header.
429	API quota exceeded.	The configuration quota is exceeded. Remaining quota can be viewed through the request header.
429	req is cross origin, api $uri need open cors flag on qcloud apigateway.	This is a cross-origin request, but the corresponding API has not enabled cross-origin access.
481	API config error.	API configuration error.
481	TSF config error.	TSF configuration error.
481	Get location of micro service info fail.	Microservice name and namespace are not configured to get location.
481	Only support the map_from like method.req.{path}.{}.	Microservice name and namespace are configured to get location, but the location format is invalid.
481	Found no valid cors config.	CORS configuration error.
481	Oauth public key error.	Public key certificate configuration error.
481	Oauth id_token location forbidden.	Forbidden `id_token` storage location.
481	Oauth found no oauth config.	Oauth configuration not found.
481	Oauth found no public key.	Public key not found.
481	Mock config error.	Mock configuration error.
499	Client closed connetion.	The client closed connection.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha