API Error Codes Reference
This comprehensive guide consolidates all error codes across the Candescent API platform. Refer to this guide to troubleshoot API responses and implement robust error handling in your application.
Overview
Candescent APIs return structured error responses in the following format:
{
"code": "ERROR_CODE",
"message": "Human-readable error description"
}
Error codes follow a consistent naming convention:
- Prefix: Indicates the API service (e.g.,
ACC_, TXN_, CMN_)
- Number: Unique identifier within the service
Quick Navigation
| Category | Prefix | Description |
|---|
| Authentication | CMN_ | OAuth token and common gateway errors |
| Customer Management | ISR_, UXU_, Registration codes | Registration and access, profile and status, and contact information errors |
| Core Banking | ACC_, TXN_, BAS_, BIS_ | Accounts, transactions, banking activities, and images errors |
| Business Banking | BBS-, BBE- | Registration, profile, and entitlements errors |
| Money Movement | REC_, TFR_ | Recipients and Transfers errors |
| Alerts And Notifications | PRMSYS_, PRMVAL_, PRMAPS_ | System alerts, institution alerts, templates, institution and user preferences, notification channels, and history and events errors (Notification channels often use HTTP status only) |
| Documents And Preferences | DSC_, UXESTMT_ | Institution disclosures, user disclosures, and electronic statements errors |
| Customer Campaigns | 1000, 2000, HTTP status | Experience groups, jobs, promotion suite, and audience errors |
| MX | — | Users, data, and widgets errors; see MX API reference |
Authentication Errors
Authentication APIs return common errors used across all Candescent services.
OAuth V1 and V2 (CMN_) Errors
| Code | Message | HTTP Status |
|---|
| CMN_90000 | Internal server error | 500 |
| CMN_90001 | Internal server error - Cross Talk | 500 |
| CMN_90002 | Quota limit violation | 500 |
| CMN_90003 | Spike limit violation | 500 |
| CMN_90004 | Invalid client credentials | 401 |
| CMN_90005 | Header institutionId is invalid or Form param institution_user_id is invalid | 400 |
| CMN_90006 | Not authorized to access this resource | 400 |
| CMN_90007 | Invalid grant type | 400 |
| CMN_90008 | Header transactionId is invalid | 400 |
| CMN_90009 | Access blocked | 400 |
| CMN_90010 | Header is invalid | 400 |
| CMN_90011 | Request is invalid | 400 |
| CMN_90012 | Request is invalid - Scopes | 400 |
| CMN_90013 | Username is invalid | 400 |
| CMN_90014 | Password is invalid | 400 |
| CMN_90015 | Invalid user credentials | 401 |
| CMN_90016 | Invalid user | 400 |
| CMN_90017 | Request contains non printable ASCII characters | 400 |
| CMN_90018 | Invalid token | 401 |
| CMN_90019 | Error creating token | 500 |
| CMN_90020 | App cannot authorize itself | 400 |
| CMN_90021 | Invalid client configuration | 400 |
Customer Management Errors
Customer Management APIs return errors related to registration and access, profile and status, and contact information errors.
Registration and Access Errors
Registration Errors:
| Code | Message | HTTP Status |
|---|
| 20006 | Invalid input (member number, channel TPV_API, name length, SSN, etc.) | 400 |
| 26201 | LoginID is already taken | 400 |
| 26214 | Too many destinations passed | 400 |
| 26330 | Registration already in progress (duplicate request) | 409 |
| 26331 | User is already registered | 409 |
| 26340 | Could not create record in database | 400 |
| 220001 | SSN is not 9 digits | 400 |
| 220002 | First name exceeds 39 characters | 400 |
| 220003 | Last name exceeds 39 characters | 400 |
| 220005 | Middle name exceeds 39 characters | 400 |
| 220006 | Email exceeds 64 characters | 400 |
| 220007 | Postal code not found | 400 |
| 220008 | City not found | 400 |
| 220009 | State not found or invalid length (US: 2 chars) | 400 |
| 220010 | Street/Address1 missing or exceeds 128 characters | 400 |
| 220011 | Country not found | 400 |
| 220012 | Mother's maiden name missing or exceeds 128 characters | 400 |
| 220013 | Invalid date of birth format | 400 |
| 220014 | Phone number is missing | 400 |
| 220015 | Invalid LoginID (6–256 chars, allowed @$*_-=.!~, no spaces) | 400 |
| 220016 | LoginID cannot match member number | 400 |
| 220018 | Invalid password | 400 |
| 220019 | Login must be within preconfigured range | 400 |
Reset Password and Unlock User (UXU_) Errors:
| Code | Message | HTTP Status |
|---|
| UXU_10001 | Invalid JWT token | 400 |
| UXU_10002 | Required role not present in JWT token | 403 |
| UXU_10003 | JWT token has expired | 400 |
| UXU_10004 | JWT token does not contain institution id | 400 |
| UXU_10005 | Required Authorization header is missing | 400 |
| UXU_10006 | Required Correlation Id header is missing | 400 |
| UXU_10007 | Correlation Id is not a GUID | 400 |
| UXU_10008 | Invalid IP address in the header | 400 |
| UXU_10009 | Invalid Authorization in the header | 400 |
| UXU_10010 | JWT token does not contain institution customers id | 400 |
| UXU_10011 | JWT token institution customers id not matching path param | 400 |
| UXU_10012 | Invalid path param | 400 |
| UXU_10013 | Invalid path | 400 |
| UXU_10014 | Invalid query param | 400 |
| UXU_13001 | Combined firstname, middleName, lastname exceeds 39 chars | 400 |
| UXU_13002 | Invalid user password | 400 |
| UXU_13003 | Login Id is already taken | 400 |
| UXU_13004 | You are already a registered user | 400 |
| UXU_13005 | Invalid Date Format | 400 |
| UXU_13006 | Soft failure, contact institution | 400 |
| UXU_13007 | Login id and Member number can't be the same | 400 |
| UXU_13008 | Member number/username is already registered | 409 |
| UXU_13009 | Error while registering user | 400 |
| UXU_30001 | Error interacting with the service | 503 |
| UXU_30002 | Error interacting with the external service | 503 |
| UXU_88888 | No entitled customers found | 404 |
| UXU_88889 | Contact method Id not found | 400 |
| UXU_88890 | Institution customer id not found | 400 |
| UXU_88891 | Host phone postal address not found | 400 |
| UXU_99998 | Internal server error | 500 |
| UXU_99999 | Cannot handle this request — check URL, body and parameters | 400 |
Profile and Status Errors
FI Customer Errors:
| Code | Message | HTTP Status |
|---|
| USER_ERROR | Bad Request - Invalid fiCustomerIdType | 400 |
| APP_ERROR | Unauthorized Access | 401 |
| APP_ERROR | FICustomer does not exist | 404 |
| SYSTEM_ERROR | Internal server error | 500 |
| SYSTEM_ERROR | Circuit breaker open or throttle limit reached | 503 |
Institution User and User Status (ISR_) Errors:
| Code | Message | HTTP Status |
|---|
| ISR_10001 | InstitutionUser not found | 400 |
| ISR_10002 | Primary InstitutionUser not found | 400 |
| ISR_10009 | Error processing OData expression | 400 |
| ISR_10010 | The CIF number is required, but was not found | 500 |
| ISR_10032 | Invalid request | 500 |
| ISR_11007 | Invalid path param | 400 |
| ISR_11008 | Invalid query param | 400 |
| ISR_23004 | Error interacting with host | 500 |
| ISR_88888 | Internal validation error | 500 |
| ISR_99999 | Internal server error | 500 |
Customer Profile (UXU_) Errors:
| Code | Message | HTTP Status |
|---|
| UXU_10001 | Invalid JWT token | 400 |
| UXU_10002 | Required role not present in JWT token | 403 |
| UXU_10003 | JWT token has expired | 400 |
| UXU_10004 | JWT token does not contain institution id | 400 |
| UXU_10005 | Required Authorization header is missing | 400 |
| UXU_10006 | Required Correlation Id header is missing | 400 |
| UXU_10007 | Correlation Id is not a GUID | 400 |
| UXU_10008 | Invalid IP address in the header | 400 |
| UXU_10009 | Invalid Authorization in the header | 400 |
| UXU_10010 | JWT token does not contain institution customers id | 400 |
| UXU_10011 | JWT token institution customers id not matching path param | 400 |
| UXU_10012 | Invalid path param | 400 |
| UXU_10013 | Invalid path | 400 |
| UXU_10014 | Invalid query param | 400 |
| UXU_30001 | Error interacting with the service | 503 |
| UXU_30002 | Error interacting with the external service | 503 |
| UXU_88888 | No entitled customers found | 404 |
| UXU_88890 | Institution customer id not found | 400 |
| UXU_99998 | Internal server error | 500 |
| UXU_99999 | Cannot handle this request — check URL, body and parameters | 400 |
| Code | Message | HTTP Status |
|---|
| UXU_10001 | Invalid JWT token | 400 |
| UXU_10002 | Required role not present in JWT token | 403 |
| UXU_10003 | JWT token has expired | 400 |
| UXU_10004 | JWT token does not contain institution id | 400 |
| UXU_10005 | Required Authorization header is missing | 400 |
| UXU_10006 | Required Correlation Id header is missing | 400 |
| UXU_10007 | Correlation Id is not a GUID | 400 |
| UXU_10008 | Invalid IP address in the header | 400 |
| UXU_10009 | Invalid Authorization in the header | 400 |
| UXU_10010 | JWT token does not contain institution customers id | 400 |
| UXU_10011 | JWT token institution customers id not matching path param | 400 |
| UXU_10012 | Invalid path param | 400 |
| UXU_10013 | Invalid path | 400 |
| UXU_10014 | Invalid query param | 400 |
| UXU_30001 | Error interacting with the service | 503 |
| UXU_30002 | Error interacting with the external service | 503 |
| UXU_88888 | No entitled customers found | 404 |
| UXU_88889 | Contact method Id not found | 400 |
| UXU_88890 | Institution customer id not found | 400 |
| UXU_88891 | Host phone postal address not found | 400 |
| UXU_99998 | Internal server error | 500 |
| UXU_99999 | Cannot handle this request — check URL, body and parameters | 400 |
Core Banking Errors
Core Banking APIs return errors related to accounts, transactions, banking activities, and banking images.
Accounts
List Accounts and Get Account by ID (ACC_) Errors
| Code | Message | HTTP Status |
|---|
| ACC_00002 | Given password is invalid | 401 |
| ACC_00003 | The account is invalid for summary display | 500 |
| ACC_00004 | The account is hidden | 500 |
| ACC_00005 | Error processing filter expression | 400 |
| ACC_00006 | 'From' Account restricted for transfer | 500 |
| ACC_00007 | 'To' Account restricted for transfer | 500 |
| ACC_00008 | Invalid 'From' account status for transfer | 500 |
| ACC_00009 | Invalid 'To' account status for transfer | 500 |
| ACC_00010 | 'From' Account has zero or negative balance | 500 |
| ACC_00011 | Validation Error | 400 |
| ACC_00012 | Data not found | 404 |
| ACC_00014 | The CIF number is required, but was not found | 500 |
| ACC_00015 | InstitutionId provided is invalid or blank | 400 |
| ACC_00016 | InstitutionUserType provided is invalid or blank | 400 |
| ACC_00017 | InstitutionCustomerId provided is invalid or blank | 400 |
| ACC_00018 | InstitutionId from Query param and JWT do not match | 400 |
| ACC_00019 | InstitutionUserType from Query param and JWT do not match | 400 |
| ACC_00020 | InstitutionCustomerId from Query param and JWT do not match | 400 |
| ACC_00021 | UserId provided is invalid or blank | 400 |
| ACC_00022 | UserId from Query param and JWT do not match | 400 |
| ACC_00023 | InstitutionUserId provided is invalid or blank | 400 |
| ACC_00024 | InstitutionUserId from Query param and JWT do not match | 400 |
| ACC_00025 | InstitutionUserRole provided is invalid or blank | 400 |
| ACC_00026 | InstitutionUserRole from Query param and JWT do not match | 400 |
| ACC_00101 | User not found | 404 |
| ACC_00113 | Update nickname feature is not enabled | 403 |
| ACC_00114 | Nickname field should not be empty | 400 |
| ACC_00115 | Nick name update is disabled for Joint Accounts | 403 |
| ACC_00116 | NickName length in request is greater than configured maximum length or Database column length | 400 |
| ACC_00117 | Host update is done but exception occurred while updating the database | 500 |
| ACC_00118 | Host update is done but exception occurred while inserting record to database | 500 |
| ACC_00119 | Hide/show account feature is not enabled | 403 |
| ACC_00201 | Account type ATYP not present in the account data | 500 |
| ACC_00202 | Format error in generating formatted account id with mask configuration | 500 |
| ACC_00203 | No USR value present in the Host Data | 500 |
| ACC_00204 | ACHTYP is configuared as BLANK in FI config file | 500 |
| ACC_00205 | ANUM information not provided by FI HOST | 500 |
| ACC_00206 | No formatted account was produced by configuration | 500 |
| ACC_00207 | Requested account type not found in FI configuration validAccountTypes | 500 |
| ACC_00208 | MICR value not provided by FI host | 500 |
| ACC_00209 | CIID Format configuration error | 500 |
| ACC_00210 | EnableFormatter is not true for ACHTYPE CIID for FI | 500 |
| ACC_00211 | Valid account types not set for Institution | 500 |
| ACC_00300 | Utility DB is not available | 500 |
| ACC_00408 | BB User is missing User Id in the request | 400 |
| ACC_00410 | A location is required for BB users | 400 |
| ACC_00500 | Requested service or feature is switched off | 500 |
| ACC_00501 | Couchbase System is unavailable | 500 |
| ACC_00600 | ServiceType parameter is invalid. Valid values are IB/BB | 400 |
| ACC_00601 | Invalid JWT token | 401 |
| ACC_00602 | Unauthorized access | 401 or 403 |
| ACC_00702 | Subuser Id is empty | 400 |
| ACC_00704 | InstitutionId is invalid or its incorrectly configured | 500 |
| ACC_00705 | Member number is not valid. | 500 |
| ACC_88888 | Internal validation error. | 500 |
| ACC_99988 | Server can only handle JSON request. Other media types are not supported | 415 |
| ACC_99989 | RequestBody size exceeds limit. | 400 |
| ACC_99990 | Client error | 400 |
| ACC_99991 | Request callingAppId header is too long | 400 |
| ACC_99992 | One or more request query params are invalid or not provided. | 400 |
| ACC_99993 | Server cannot handle this request | 500 |
| ACC_99994 | Invalid query param | 400 |
| ACC_99995 | Request should only contain printable ASCII characters | 400 |
| ACC_99996 | Request header is too long | 500 |
| ACC_99997 | Request transactionId header is too long | 400 |
| ACC_99998 | Request is missing a transactionId header | 400 |
| ACC_99999 | Error in Accounts Service | 500 |
List Accounts (Legacy) Errors
| Code | Type | Message | HTTP Status |
|---|
| 10001 | SYSTEM_ERROR | Internal System Error. | 500 |
| 10002 | SYSTEM_ERROR | Connection Error. | 500 |
| 10003 | SYSTEM_ERROR | Configuration Error. | 500 |
| 10006 | SYSTEM_ERROR | Output validation error occurred | 500 |
| 20009 | APP_ERROR | PrincipalEndUser:Data not found. | 404 |
| 25002 | USER_ERROR | User Id or password is invalid | 500 |
| 25099 | USER_ERROR | Required HTTP Headers were not found | 400 |
| 25134 | SYSTEM_ERROR | Alt_mem_number required but not found in database | 500 |
| 25401 | APP_ERROR | Account type ATYP not present in the account data. | 500 |
| 25502 | APP_ERROR | Account formatter error | 500 |
| 25503 | APP_ERROR | No USR value present in the Host Data | 500 |
| 25504 | APP_ERROR | ACHTYP is configuared as BLANK in FI config file | 500 |
| 25505 | APP_ERROR | ANUM information not provided by FI host | 500 |
| 25506 | APP_ERROR | No formatted account was produced by configuration | 500 |
| 25507 | APP_ERROR | Requested account type not found in FI configuration validAccountTypes | 500 |
| 25518 | APP_ERROR | MICR value not provided by FI host | 500 |
| 25519 | APP_ERROR | CIID Format configuration error | 500 |
| 25520 | APP_ERROR | EnableFormatter is not true for ACHTYPE CIID in Fi config | 500 |
| 25555 | APP_ERROR | Requested service or feature is switched off | 500 |
| 25612 | APP_ERROR | Response from entitlements service is not successful | 500 |
| 25615 | SYSTEM_ERROR | Entitlement Service is temporarily unavailable | 500 |
| 25618 | USER_ERROR | Subuser auth ID is empty | 500 |
| 25619 | APP_ERROR | Mismatch of the data between the requested resource and response returning | 500 |
| 25665 | APP_ERROR | Extern format is not enabled/Invalid extern format | 500 |
| 25673 | APP_ERROR | HTTP Response from BB Entitlements Service is not successful | 500 |
| 25674 | SYSTEM_ERROR | BB Entitlement Service is temporarily unavailable | 500 |
| 25679 | APP_ERROR | The user is not entitled for view account(s) | 500 |
| 25690 | USER_ERROR | BB User is missing Auth ID Request Header | 500 |
| 25693 | APP_ERROR | Invalid User Type Header for Business Banking User | 500 |
| 25694 | APP_ERROR | Invalid User Type Header for IB User | 500 |
| 25722 | SYSTEM_ERROR | HTTP Response from Business Customer Service is not successful | 500 |
| 25723 | SYSTEM_ERROR | Business Customer Service is temporarily unavailable | 500 |
| 25736 / 25737 | USER_ERROR | Invalid member number | 500 |
| 28001 | SYSTEM_ERROR | Circuit Breaker HardTrip configuration set to true in FI config file | 503 |
| 28002 | SYSTEM_ERROR | Circuit Breaker Status is Open | 503 |
| 28003 | SYSTEM_ERROR | Incoming requests count exceeded configured Semaphore count | 503 |
| 50000 | SYSTEM_ERROR | Internal error in downstream | 500 |
| Host Code | - | Host Message | 500 |
Retrieve Customer Accounts with Transactions (UXU_) Errors
| Code | Message | HTTP Status |
|---|
| UXU_10002 | Required role not present in JWT token | 403 |
| UXU_10003 | JWT token has expired | 400 |
| UXU_10004 | JWT token is invalid, does not contain institution id | 400 |
| UXU_10005 | Required Authorization header is missing | 400 |
| UXU_10006 | Required Correlation Id header is missing | 400 |
| UXU_10007 | Correlation Id is not a GUID | 400 |
| UXU_10008 | Invalid IP address in the header | 400 |
| UXU_10009 | Invalid Authorization in the header | 400 |
| UXU_10010 | JWT token is invalid, does not contain institution customers id | 400 |
| UXU_10011 | JWT token institution customers id is not matching customer id path param | 400 |
| UXU_30001 | Error interacting with the service | 500 or 503 |
| UXU_30002 | Error interacting with the external service | 500 or 503 |
| UXU_88888 | No entitled customers found | 404 |
Transactions (TXN_) Errors
| Code | Message | HTTP Status |
|---|
| TXN_10001 | The date(s) provided could not be parsed, or represented an invalid range. | 400 |
| TXN_10002 | Request is missing a transactionId header | 400 |
| TXN_10003 | Request should only contain printable ASCII characters | 400 |
| TXN_10004 | Request transactionId header is too long | 400 |
| TXN_10005 | Invalid query param | 400 |
| TXN_10006 | A valid institution customer id is required for business users. | 400 |
| TXN_10007 | A valid account id is required. | 400 |
| TXN_10008 | Request header is too long | 500 |
| TXN_10009 | Request callingAppId header is too long | 400 |
| TXN_10010 | One or more query params are invalid or blank | 400 |
| TXN_10011 | The authorization for this request does not allow for one or more attributes to be passed as parameters | 400 |
| TXN_11001 | Full authentication was not provided in the request. | 401 |
| TXN_11002 | The authentication token that was sent in the request is invalid. | 401 |
| TXN_11003 | The authentication provided does not authorize this request. | 403 |
| TXN_11004 | Unauthorized access | 403 |
| TXN_20001 | Transaction history is not enabled for this account. | 400 |
| TXN_20002 | This user is not entitled to see transaction history for this account. | 400 |
| TXN_20003 | Transactions for this account are available on an external site. | 400 |
| TXN_20004 | The CIF number is required, but was not found | 400 |
| TXN_20005 | Error processing filter expression | 400 |
| TXN_20006 | Error processing pagination expression | 400 |
| TXN_88888 | Internal validation error. | 500 |
| TXN_90000 | Server cannot handle this request | 400, 404, or 500 |
| TXN_99988 | Server can only handle JSON request. Other media types are not supported | 415 |
| TXN_99990 | Client error | 400 |
| TXN_99999 | Server error. | 500 |
Banking Activities (BAS_) Errors
| Code | Message | HTTP Status Code |
|---|
| BAS_10001 | The given start date must be earlier than end Date. | 400 |
| BAS_10002 | The given start date must be within last three months. | 400 |
| BAS_10003 | BigTable connection failed. | 500 |
| BAS_10004 | BigTable rows could not be read. | 500 |
| BAS_10005 | Invalid arguments passed in the request; Failed to read HTTP message | 400 |
| BAS_10006 | Http Message not readable | 400 |
| BAS_10007 | NOT EQUAL and LIKE criterias not supported at this time. | 400 |
| BAS_10008 | Additional filters condition and sub filter condition cannot be the same. | 400 |
| BAS_10009 | Invalid UserType requested. | 400 |
| BAS_10010 | Invalid UserIdType requested. | 400 |
| BAS_10011 | UserIdType must be present if userId is given. | 400 |
| BAS_10012 | Invalid EventType requested. | 400 |
| BAS_10021 | BigTable Query is invalid. | 400 |
| BAS_10022 | Row key is unexpectedly empty. | 400 |
| BAS_10101 | Full authentication was not provided in the request. | 401 or 403 |
| BAS_10102 | Authentication token sent in the request is invalid. | 401 |
| BAS_10103 | The authentication provided does not authorize this request. | 400 |
| BAS_10104 | The jwt token is invalid. | 401 |
| BAS_10105 | Unauthorized access. | 400 |
| BAS_10201 | Request should only contain printable ASCII characters | 400 |
| BAS_10202 | transactionId header is too long | 400 |
| BAS_10203 | One or more header values are invalid | 400 |
| BAS_10204 | Invalid Request body | 400 |
| BAS_10205 | One or more header values are too long | 400 |
| BAS_10206 | nextPageToken is invalid | 400 |
| BAS_10207 | Requested method type is invalid | 400 |
| BAS_99999 | Internal server error | 500 |
Images (BIS_) Errors
| Code | Message | HTTP Status |
|---|
| BIS_00001 | Could not retrieve check image. Date out of range or expired. | 400 |
| BIS_00002 | Could not retrieve requested image(s). Date out of range or expired. | 400 |
| BIS_00003 | The date provided could not be parsed or represented an invalid date. | 400 |
| BIS_00004 | Image type cannot be null or empty. | 400 |
| BIS_00005 | Image type is not supported. | 400 |
| BIS_00006 | Account type is not supported for check image. | 400 |
| BIS_00007 | Account types configured for requested image(s) at FI level are invalid. | 400 |
| BIS_00008 | Transaction types configured for requested image(s) at FI level are invalid. | 400 |
| BIS_00009 | Transaction image number is invalid or contains non-numeric characters. | 400 |
| BIS_00010 | Transaction date cannot be null for requested image(s). | 400 |
| BIS_00011 | Account id cannot be null or empty. | 400 |
| BIS_00012 | Card Number cannot be null or empty. | 400 |
| BIS_00012 | Image identifier cannot be null for requested image(s). | 400 |
| BIS_00013 | Request is missing a transactionId header | 400 |
| BIS_00014 | Request should only contain printable ASCII characters. | 400 |
| BIS_00015 | One of the query parameter length is greater than max length. | 400 |
| BIS_00016 | Request transactionId header is too long. | 400 |
| BIS_00017 | Invalid query param. | 400 |
| BIS_00018 | Start date or end date cannot be null for statement images. | 400 |
| BIS_00019 | The start date cannot be after the end date. | 400 |
| BIS_00020 | A location is required for BB users. | 400 |
| BIS_00021 | BB user is missing user id in the request. | 400 |
| BIS_00022 | The date cannot be null or empty. | 400 |
| BIS_00023 | Request header is too long. | 400 |
| BIS_00024 | Request callingAppId header is too long. | 400 |
| BIS_00025 | One or more query params are invalid or blank | 400 |
| BIS_00026 | The authorization for this request does not allow for one or more attributes to be passed as parameters | 400 |
| BIS_10000 | Client error. Banking images request could not be completed. | 400 |
| BIS_10001 | Full authentication was not provided in the request. | 401 |
| BIS_10002 | The authentication token that was sent in the request is invalid. | 401 |
| BIS_10003 | The authentication provided does not authorize this request. | 403 |
| BIS_10004 | InstitutionCustomers not available in JWT. | 403 |
| BIS_10005 | Unauthorized access. | 401 or 403 |
| BIS_20001 | Check image retrieval was not successful. | 500 |
| BIS_20002 | No statements available for users | 200 (warning) |
| BIS_20007 | Error interacting with FICDS Statement Image service. | 200 (warning) |
| BIS_20008 | No transaction found for the requested image. | 404 |
| BIS_20009 | Account in the request not available | 404 |
| BIS_20022 | User not found. | 404 |
| BIS_20023 | HTTP Response from BB Service is not successful | 500 |
| BIS_30000 | Check image feature is not enabled for this FI. | 400 |
| BIS_30001 | Image retrieval is turned off for this account. | 400 |
| BIS_30002 | Image(s) retrieval is turned off for this FI. | 400 |
| BIS_30004 | Data not found. | 404 |
| BIS_30005 | User is not entitled to view online statements. | 400 or 401 |
| BIS_30006 | Entitlements or account response is blank. | 400 |
| BIS_88888 | Internal validation error. | 500 |
| BIS_90000 | Server cannot handle this request. | 500 |
| BIS_99988 | Server can only handle JSON request. Other media types are not supported | 415 |
| BIS_99999 | Server error. Banking images request could not be completed. | 500 |
Business Banking Errors
Business Banking APIs returns errors related to registration, profile, and entitlements.
Registration (BBS_) Errors
| Code | Message | HTTP Status |
|---|
| BBS-40095 | Invalid tinNumber | 400 |
| BBS-40095 | Invalid confirmationNumber | 400 |
| BBS-40095 | Invalid institutionId | 400 |
| BBS-40150 | Invalid JWT | 401 |
| BBS-40151 | Invalid roles or entitlements | 403 |
| BBS-40153 | Unexpected server error | 500 |
| BBS-40154 | Business registration not found | 404 |
Profile (BBS_) Errors
| Code | Message | HTTP Status |
|---|
| BBS-40095 | Invalid tinNumber | 400 |
| BBS-40095 | Invalid searchType | 400 |
| BBS-40095 | Invalid institutionId | 400 |
| BBS-40147 | Business details not found | 400 |
| BBS-40150 | Invalid JWT | 401 |
| BBS-40151 | Invalid roles or entitlements | 403 |
| BBS-40153 | Unexpected server error | 500 |
Entitlements (BBE_) Errors
| Code | Message | HTTP Status |
|---|
| BBE-41107 | Error in retrieving institution user | 500 |
| BBE-41108 | Invalid JWT | 401 |
| BBE-41109 | Invalid roles or entitlements | 403 |
| BBE-41110 | Required request parameter 'businessId' not present | 400 |
| BBE-41111 | Unexpected server error | 500 |
Money Movement Errors
Money Movement APIs return errors related to recipients and transfers.
Recipients (REC_) Errors
| Code | Message | HTTP Status |
|---|
| REC_10005 | User not found at host | 400 |
| REC_10006 | Invalid passcode | 400 |
| REC_10007 | Invalid account | 400 |
| REC_10008 | Test lucky transfer failed | 500 |
| REC_10009 | Invalid query param | 400 |
| REC_11001 | Full authentication was not provided in the request | 401 |
| REC_11002 | The authentication token is invalid | 401 |
| REC_11003 | The authentication does not authorize this request | 403 |
| REC_11004 | InstitutionId is invalid or incorrectly configured | 400 |
| REC_12001 | Request should only contain printable ASCII characters | 400 |
| REC_12002 | Request is missing a transactionId header | 400 |
| REC_12003 | Request transactionId header is too long | 400 |
| REC_12004 | Required fields are not provided or not valid | 400 |
| REC_12005 | Request cannot be blank | 400 |
| REC_12006 | Recipient id cannot be blank | 400 |
| REC_12007 | Provider type cannot be blank | 400 |
| REC_12008 | Invalid provider type | 400 |
| REC_12009 | Invalid email | 400 |
| REC_12010 | Recipient ids from request and URL do not match | 400 |
| REC_12011 | Request field length exceeds max length | 400 |
| REC_12012 | Account type is not from the list of allowed types | 400 |
| REC_12013 | Sender account id cannot be blank | 400 |
| REC_12014 | Request header is too long | 400 |
| REC_12015 | Some fields in the request body are not supported for the configured provider type | 400 |
| REC_13001 | This recipient already exists | 400 |
| REC_13002 | This recipient nickname already exists | 400 |
| REC_14001 | Recipient not added to the database successfully | 500 |
| REC_14002 | Recipient not deleted successfully | 500 |
| REC_14003 | Error while fetching recipients from database | 500 |
| REC_14004 | Recipient not found | 400 |
| REC_14005 | Error while updating recipient information | 400, 401, or 500 |
| REC_22001 | Internal validation error | 500 |
| REC_99997 | Client error | 400 |
| REC_99998 | Server cannot handle this request | 400, 404, or 405 |
| REC_99999 | Server error | 500 |
Transfers (TFR_) Errors
| Code | Message | HTTP Status |
|---|
| TFR_10000 | Client error. Transfer could not be completed | 400 |
| TFR_10001 | Server error. Transfer could not be completed | 500 |
| TFR_10002 | Invalid institution id | 400 |
| TFR_10003 | The From account does not exist or could not be retrieved | 400 |
| TFR_10004 | The To account does not exist or could not be retrieved | 400 |
| TFR_10005 | An unacceptable transfer type was provided for this transfer | 400 |
| TFR_10006 | Contributions to a prior year cannot be scheduled | 400 |
| TFR_10007 | A start date must be provided, and must be after today | 400 |
| TFR_10008 | An end date after the start date must be provided and must yield at least one execution | 400 |
| TFR_10009 | The number of executions is required for the given life type (positive integer ≤ 99) | 400 |
| TFR_10010 | The provided frequency requires a valid day or set of days to execute on | 400 |
| TFR_10011 | The provided schedule requires a life type | 400 |
| TFR_10012 | The provided schedule requires a valid frequency | 400 |
| TFR_10013 | Loan overpayment cannot be scheduled | 400 |
| TFR_10014 | SRTs are not enabled for this institution | 400 |
| TFR_10015 | Loan overpayment is not enabled for this institution | 400 |
| TFR_10016 | Loan overpayment options are not configured for this institution | 400 |
| TFR_10017 | Loan overpayment options for this institution could not be processed | 400 |
| TFR_10018 | Loan overpayment is not allowed for the To account | 400 |
| TFR_10019 | Loan overpayment option is not allowed for the To account | 400 |
| TFR_10020 | The transfer amount is required | 400 |
| TFR_10021 | The transfer amount is invalid | 400 |
| TFR_10022 | The transfer amount exceeds the From account balance | 400 |
| TFR_10023 | The From User is required | 400 |
| TFR_10024 | The To User is required | 400 |
| TFR_10025 | The From account is restricted from making a transfer | 400 |
| TFR_10026 | The To account is restricted from receiving a transfer | 400 |
| TFR_10027 | The From account has an invalid status and cannot be used to make a transfer | 400 |
| TFR_10028 | The To account has an invalid status and cannot be used to receive a transfer | 400 |
| TFR_10029 | The From account and To account cannot be the same | 400 |
| TFR_10030 | The RegE confirmation message could not be created | 400 |
| TFR_10031 | The transfer amount must equal the To account loan payment amount | 400 |
| TFR_10032 | The transfer amount must be less than or equal to the To account loan payment amount | 400 |
| TFR_10033 | The transfer amount must be greater than or equal to the To account loan payment amount | 400 |
| TFR_10034 | Invalid query param | 400 |
| TFR_10035 | Request should only contain printable ASCII characters | 400 |
| TFR_10036 | Request is missing a transactionId header | 400 |
| TFR_10037 | Request transactionId header is too long | 400 |
| TFR_10038 | The To account prior year eligible contribution amount is missing, zero, or negative | 400 |
| TFR_10039 | The transfer amount exceeds the prior year eligible contribution amount | 400 |
| TFR_10040 | The To account eligible contribution amount is missing, zero, or negative | 400 |
| TFR_10041 | The transfer amount exceeds the eligible contribution amount | 400 |
| TFR_10042 | Memo is not enabled for this institution | 400 |
| TFR_10043 | Memo exceeds maximum length allowed | 400 |
| TFR_10044 | Memo contains an invalid character | 400 |
| TFR_10045 | Transfers From the institution owned account transfer type is not enabled | 400 |
| TFR_10046 | Transfers To the institution owned account transfer type is not enabled | 400 |
| TFR_10047 | The institution owned account is not properly configured for this institution | 400 |
| TFR_10048 | The cross TIN transfer type was set incorrectly | 400 |
| TFR_10050 | Recipient transfers not allowed | 400 |
| TFR_10051 | Recipient not found | 400 |
| TFR_10052 | Recipient transfers to the requested account type not allowed | 400 |
| TFR_10053 | Invalid to account type in validate recipient transfer request | 400 |
| TFR_10054 | Invalid to passcode in validate recipient transfer request | 400 |
| TFR_10056 | The request body could not be parsed; ensure required fields and valid values | 400 |
| TFR_10057 | Business banking user not found | 400 |
| TFR_10058 | The fromAccountId field is required | 400 |
| TFR_10059 | The toAccountId field is required | 400 |
| TFR_10060 | The CIF number is required, but was not found | 401 |
| TFR_10061 | Request callingAppId header is too long | 400 |
| TFR_10062 | The provided schedule is invalid for the life type and frequency | 400 |
| TFR_10063 | An incorrect number of days was provided for the given frequency | 400 |
| TFR_10064 | Test transfers cannot be scheduled | 400 |
| TFR_10065 | Request header is too long | 400 |
| TFR_10066 | Transfer id is required | 400 |
| TFR_10067 | Transfer ids from request and URL do not match | 400 |
| TFR_10068 | Unauthorized access | 403 |
| TFR_11001 | Full authentication was not provided in the request | 401 |
| TFR_11002 | The authentication token is invalid | 401 |
| TFR_11003 | The authentication does not authorize this request | 403 |
Alerts And Notifications Errors
Alerts and Notifications APIs return errors related to system alerts, institution alerts, templates, institution and user preferences, notification channels, and history and events
System Alert, Institution Alert, Templates Errors
System (PRMSYS_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMSYS_10001 | Cross talk / concurrency error occurred | 400 |
| PRMSYS_10002 | Malformed input data | 400 |
| PRMSYS_10003 | Unknown application error occurred | 400 |
| PRMSYS_10004 | Error occurred while validating JWT token | 400 |
| PRMSYS_10005 | Resource of name already exists | 204 |
| PRMSYS_10006 | Requested resource of identifier doesn't exist | 400 |
| PRMSYS_10007 | Resource of identifier already exists | 400 |
| PRMSYS_10008 | Requested resource of name doesn't exist | 400 |
| PRMSYS_10015 | Required attribute missing | 400 |
| PRMSYS_10016 | Non Printable ASCII character detected | 400 |
Validation (PRMVAL_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMVAL_10001 | Path parameter doesn't match request body value | 400 |
| PRMVAL_10002 | Invalid value for field | 400 |
| PRMVAL_10003 | Invalid institution | 400 |
| PRMVAL_10005 | Invalid channel type | 400 |
| PRMVAL_10006 | Invalid alert type | 400 |
| PRMVAL_10007 | Field is required | 400 |
| PRMVAL_10008 | Field is invalid | 400 |
Institution and User Preferences Errors
Alert preferences (PRMAPS_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMAPS_10007 | Invalid alert preference ID | 404 |
| PRMAPS_10008 | Alert preference mismatch | 400 |
Validation (PRMVAL_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMVAL_10004 | Invalid user | 400 |
| PRMVAL_10006 | Invalid alert type | 400 |
| PRMVAL_10009 | Requested alert type was not found for the FI | 400 |
| PRMVAL_10010 | Preference not found for enrollmentId | 400 |
| PRMVAL_10011 | Preference not found for institution | 400 |
| PRMVAL_10012 | Value should not be null | 400 |
| PRMVAL_10013 | Invalid alert preference | 400 |
| PRMVAL_10015 | Alert type not configured for channel or disabled for Institution | 400 |
| PRMVAL_10016 | Unsupported account type | 400 |
Notification Channels Errors
| HTTP Status | Message |
|---|
| 400 | Missing Required HTTP Headers or Invalid/Missing Inputs |
| 401 | Authorization invalid or Missing Authorization Header |
| 404 | Entities not Found (User or Account not found) |
| 500 | Internal Server Error |
History and Events Errors
Alert History (PRMSYS_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMSYS_10003 | Unknown application error occurred | 400 |
| PRMSYS_10004 | Error occurred while validating JWT token | 400 |
| PRMSYS_10009 | Resource doesn't exist for the provided search criteria | 500 |
| PRMSYS_10011 | Unauthorized access to the resource | 404 |
| PRMSYS_10012 | Unauthorized access — JWT value mismatch | 404 |
| PRMVAL_10014 | Invalid date format | 400 |
Realtime Publish (PRMSYS_) Errors:
| Code | Message | HTTP Status |
|---|
| PRMSYS_10002 | Malformed input data | 500 |
| PRMSYS_10003 | Missing eventDetails or notification | 500 |
| PRMSYS_10007 | Missing mandatory fields | 500 |
| PRMSYS_10008 | Invalid institutionId | 500 |
| PRMSYS_10013 | Missing Authorization Token | 500 |
Documents And Preferences Errors
Documents and Preferences APIs return errors related to institution disclosures, user disclosures, and electronic statements.
Institution and User Disclosures (DSC_) Errors
| Code | Message | HTTP Status |
|---|
| DSC_10002 | Invalid request. | 400 |
| DSC_10003 | Invalid operation. | 501 |
| DSC_10009 | Invalid query param. | 400 |
| DSC_11001 | Full authentication was not provided in the request. | 401 |
| DSC_11002 | The authentication token that was sent in the request is invalid. | 401 |
| DSC_11003 | The authentication provided does not authorize this request. | 401 |
| DSC_11004 | A location id is required for business banking users | 400 |
| DSC_12001 | Request should only contain printable ASCII characters. | 400 |
| DSC_12002 | Request is missing a transactionId header. | 400 |
| DSC_12003 | Request transactionId header is too long. | 400 |
| DSC_12004 | Required fields are not provided or not valid. | 400 |
| DSC_12005 | Request cannot be blank. | 400 |
| DSC_12006 | Invalid or empty account type in request. | 400 |
| DSC_12007 | Request header is too long | 400 |
| DSC_12011 | One of the request field length is greater than max length. | 400 |
| DSC_12012 | Disclosure ids from request body and URL do not match. | 400 |
| DSC_12013 | Request callingAppId header is too long. | 400 |
| DSC_12014 | RequestBody size exceeds limit. | 400 |
| DSC_12015 | Disclosure not supported | 400 |
| DSC_12016 | Account Id is missing in disclosure | 400 |
| DSC_12017 | Paper waiver field is missing in disclosure | 400 |
| DSC_13001 | Data not found for user | 400 |
| DSC_13002 | Disclosures are not retrieved successfully. | 500 |
| DSC_13003 | Disclosures are not created successfully. | 500 |
| DSC_13004 | Disclosures are not updated successfully. | 500 |
| DSC_13005 | The CIF number is required, but was not found | 400 |
| DSC_22001 | Internal validation error. | 500 |
| DSC_23002 | Error interacting with CBS Service | 500 |
| DSC_23003 | Error interacting with CAS Service | 500 |
| DSC_23004 | Error interacting with NIIS Service | 500 |
| DSC_23005 | Error interacting with Accounts Service | 500 |
| DSC_90000 | Server cannot handle this request. | 400 |
| DSC_99997 | Client error | 400 |
| DSC_99999 | Internal server error. | 500 |
Electronic Statements (UXESTMT_) Errors
| Code | Message | HTTP Status |
|---|
| UXESTMT_10001 | Required Authorization header is missing | 400 |
| UXESTMT_10002 | Invalid JWT token | 400 |
| UXESTMT_10003 | Required role not present in JWT token | 403 |
| UXESTMT_10004 | JWT token has expired | 400 |
| UXESTMT_10005 | JWT does not contain institution ID | 400 |
| UXESTMT_10006 | JWT does not contain institution customer ID | 400 |
| UXESTMT_10007 | Required Correlation ID header is missing / invalid | 400 |
| UXESTMT_10008 | Correlation ID is not a GUID | 400 |
| UXESTMT_10011 | Invalid IP address in the header | 400 |
| UXESTMT_10012 | Invalid Authorization in the header | 400 |
| UXESTMT_11010 | Required input fields are missing | 400 |
| UXESTMT_11012 | The given account id is not available in user disclosure | 400 |
| UXESTMT_11013 | User disclosure should be in ACCEPTED status | 400 |
| UXESTMT_11014 | InstitutionId is invalid or incorrectly configured | 400 |
| UXESTMT_30001 | InstitutionId invalid or downstream service error | 500 |
| UXESTMT_30002 | Error interacting with the external service | 500 |
| UXESTMT_88888 | No primary customers found / no entitled customers (operation-specific) | 404 |
| UXESTMT_88890 | No primary account found | 404 |
| UXESTMT_88891 | No entitled customer/account / disclosure not available for account (operation-specific) | 404 |
| UXESTMT_99998 | Cannot handle this request — check URL, body and parameters | 400 |
| UXESTMT_99999 | Internal server error | 500 |
Customer Campaigns Errors
Customer Campaigns APIs return errors related to experience groups, jobs, promotion suite, and audience.
Experience Groups Errors
| Code | Message | HTTP Status |
|---|
| 1000 | Success (e.g. upload accepted, group deleted) | 200 |
| 2000 | Client / validation (e.g. invalid data, not found) | 400 |
| 2001 | Internal server error or generic bad request | 400 / 500 |
| 2003 | Invalid authorization | 401 |
Jobs Errors
| Code | Message | HTTP Status |
|---|
| 2000 | e.g. job not found, invalid request | 400 |
| 2001 | Internal server error | 500 |
| 2003 | Invalid authorization | 401 |
| HTTP Status | Message |
|---|
| 400 | Request does not meet specification; body includes userMessage |
| 401 | Authorization error |
| 429 | Too many concurrent user list jobs — retry later |
| 500 | Unexpected server error |
Audience Errors
| HTTP Status | Message |
|---|
| 400 | Bad Request — invalid or missing parameters, headers, or body |
| 500 | Internal Server Error — unexpected server failure |
MX Errors
MX API integrates with MX Core Services. Error handling and response formats are documented in the MX API reference and at docs.mx.com. For Candescent gateway or authentication errors when calling MX endpoints, see Authentication Errors.
User Errors
| HTTP Status | Message |
|---|
| 400 | Bad Request. Typical JSON fields: error, message, optional errors[] |
| 401 | Unauthorized. Typical JSON fields: error, message |
| 403 | Forbidden (e.g. list users). Typical JSON fields: error, message |
| 404 | Not Found (e.g. unknown user). Typical JSON fields: error, message |
Data Errors
| HTTP Status | Message |
|---|
| 400 | Bad Request — invalid parameters or malformed request. Typical JSON fields: error, message, optional errors[] (field, message) |
| 401 | Unauthorized — missing, invalid, or expired credentials. Typical JSON fields: error, message |
| 403 | Forbidden — authenticated but not authorized. Typical JSON fields: error, message |
| 404 | Not Found — resource missing or feature not enabled. Typical JSON fields: error, message (e.g. log download: institution may not be enabled for MX Logs, or ext_host / credentials misconfigured—"ClientReportingProfile does not exist" is called out in the log download operation description) |
| HTTP Status | Message |
|---|
| 400 | Bad Request. Typical JSON fields: error, message, optional errors[] |
| 401 | Unauthorized. Typical JSON fields: error, message |
| 404 | Not Found — user or widget resource not available. Typical JSON fields: error, message |
Error Handling Best Practices
- Check HTTP Status
if (response.status === 401) {
} else if (response.status === 403) {
} else if (response.status === 400) {
} else if (response.status >= 500) {
}
- Parse Error Codes
const errorResponse = await response.json();
const errorCode = errorResponse.code;
switch (errorCode) {
case 'CMN_90004':
break;
case 'CMN_90018':
break;
case 'TFR_10022':
break;
default:
}
- Implement Retry Logic
For transient errors (5xx, rate limits), implement exponential backoff:
async function makeRequestWithRetry(url, options, maxRetries = 3) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
const response = await fetch(url, options);
if (response.ok) return response;
const error = await response.json();
if (['CMN_90002', 'CMN_90003'].includes(error.code) || response.status >= 500) {
const delay = Math.pow(2, attempt) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
continue;
}
throw new Error(error.message);
}
}
- Log Errors with Context
Always include the transactionId header value in your logs when troubleshooting with Candescent support:
console.error({
transactionId: requestHeaders['transactionId'],
errorCode: error.code,
errorMessage: error.message,
endpoint: url,
timestamp: new Date().toISOString()
});