In this section we'll cover some common errors that may occur with the APIs and some basic troubleshooting steps you can do to correct the errors

• 401 - Unauthorized
• 403 - Forbidden
• 400 - Bad Request
• 404 - Not Found
• 429 - Too Many Requests
• 500 - Internal Server error
• 502 - Bad Gateway
• 503 - Service Unavailable

4XX Errors

401 "Unauthorized"

• There is an error in the “client_id” or “client_secret” values within the authentication request
  • Validate client_id and client_secret values
    • Re-create the credentials in your respective Admin portal if they can’t be validated
• The token time has expired as it is only valid for 1 hour (3600 seconds)
  • Request a new token and validate functionality in a subsequent request
• The Authorization name/value pair is missing from the header
• A required header parameter and value is missing
  • Validate the X-Partner-ID or X-Tenant-ID and values are correct and present in relevant headers

Example 401 error responses:
{
"errorCode": "oauth.invalid_client_secret",
"message": "Unauthorized",
"trackingId": "197a2922-65e4-4548-a0a1-79a13b12c8fc"
}

{
"error": "Unauthorized",
"correlationId": "cdf74ec9-4697-42ee-b57f-67e9d67bbe07",
"requestId": "0ca2e378-cf62-4267-abe7-c683e2d6006b"
}

403 “Forbidden”

• The customer is requesting a tenant from a different partner account, The customer is a term customer and does not have Partner Assistance enabled, or the account is a trial account.
  • Validate the X-Parter-ID supplied in the header matches the authorized account
  • The X-Partner-ID is the ID returned from the “WHO AM I” API request
    • Execute the who am I request and use the returned ID in the header of subsequent requests
    • Confirm Partner assistance is enabled for the customer in Partner Dashboard
    • Confirm the account type in Partner Dashboard is not a trial accounnt

Example 403 error responses
{
"error": "Forbidden",
"correlationId": "2e9690fe-70d8-41c5-acd3-20be9dda0e3b",
"requestId": "ac1eb5a2-4d11-479b-a80d-1f2562b59adf",
"createdAt": "2020-01-14T16:29:46.556Z",
"message": "Access Denied"
}

400 “Bad Request”

• There is a missing or erroneous comma, parenthesis, or quote in the RAW JSON
  • Mock request in Postman to determine which

Example 400 error responses
{
"error": "BadRequest",
"correlationId": "3f466bb4-0323-419f-9b6b-246395bae96e",
"requestId": "13ca2e37-3aeb-4873-81f8-3bf0dfc6b174"
}

404 “Not Found”

• The unique ID of the object is not found in the system
  • Validate if the customer has already deleted or actioned the item or if there is a typo with the UUID

Example 404 error responses
{
"error": "resourceNotFound",
"correlationId": "49628b7a-f977-4fb5-8105-33905fda14c0",
"requestId": "2e5319c9-b106-4fc9-bc98-d0cad687260a"
}

429 ”Too many requests”

• This is a result of exceeding our rate limiting or spike arrest policy.
  • Please follow the request intervals in our Rate Limiting guide

5XX Errors

The below is a list of errors that typically mean a Sophos system error.

500 Internal Server Error

• There was an unknown error processing the API call.

502 Bad Gateway

• The website responding to the API request is unavailable.
  • This may be due to maintenance or temporary overload.

503 Service Unavailable

• The service implementing the API is unavailable. It could be a temporary error that resolves itself.

Steps for resolution of 5XX errors

• Check if there are there any current Sophos Central service warnings or outages
  • If the error is persistent and are repeatable, please raise a Technical Support case with Sophos Central Support, including the following information:
     Subject: New API 5xx error
     JSON or Raw/Curl output of your full query.
     JSON output of the full response returned.
     How often the failure is occurring