New article
Recently updated
Common HTTP status codes for Internal Audit APIs
Who is this article for?Users who need to troubleshoot Reporting API issues.
Knowledge of permissions is required.
This article lists common HTTP status codes you will receive from the Reporting API and the API Gateway in the event of an error, with their causes and solutions.
1. 400, 403, 404, 405 Errors
The Reporting API will return the following HTTP status codes where errors occur:
400 Error
400 Bad request: The API did not understand the request that was sent to it. Check the query string that you have sent.
403 Error
403 Forbidden: The API user does not have permission to see the data requested due to role permissions. Ensure that the Ideagen Internal Audit (Aura) user account that is used by the API has suitable roles.
404 Error
404 Not found: The endpoint specified in the request does not exist. Check the URL that you are calling.
405 Error
405 Method Not Allowed: This will be returned if you send a request for data to the authentication URL.
Authentication requests should be sent to /API/auth/login. Requests for data should be sent to /API/query/.
2. 401 Errors
Both the API and the Gateway can return error code 401, and it is not obvious which server is replying.
401 Error sent by the Reporting API
401 Unauthorized.
There are two possible causes:
- Username/password supplied were incorrect.
- Request did not contain the required authentication token, or the one in use has expired.
Ensure you are using a valid username and password, have obtained a JSON Web Token when logging in, then included that token in each subsequent request.
401 Error sent by the Gateway
401 Unauthorized: The request did not contain the required API data key. Ensure that each request contains the key.
3. 429 Limit exceeded/429 Too Many Requests
There are rate limits built into the API and the API Gateway (which is used by customers hosted by Ideagen). If a limit is reached, it will return one of these errors.
This ensures that:
- An API client application does not overwhelm the service.
- For hosted customers, the API client application does not exceed the agreed data volume.
This data volume limit is set as part of the package purchased, if you require a larger volume then please contact your Account Manager to discuss.
Exceeding the allowed rate will cause the API to return the status code 429. Wait until the next time period, and try again.
Below limits apply to all API users:
| Period | Max Requests |
|---|---|
| Second | 50 |
| Minute | 500 |
| Hour | 5000 |
For hosted customers only, for 200 and 429 class response codes, the API Gateway will return the following additional headers:
| Header | Example Value | Notes |
|---|---|---|
| X-Download-Limit-Limit | 1750000000 | Total number of bytes you may download. |
| X-Download-Limit-Remaining | 1750000000 | Number of bytes you’ve downloaded so far. If this reaches 0, a “429” response code will be returned. Requests should not be retried until the time in X-Download-Limit-Reset has passed. |
| X-Download-Limit-Reset | 2020-10-06T11:40:00.2244680Z | See above. |
| X-Upload-Limit-Reset | 2020-10-06T11:40:00.1149019Z | See above. |
| X-Rate-Limit-Limit | 1000 | Total number of requests you may make per minute |
| X-Rate-Limit-Remaining | 999 |
Number of requests made so far. |
| X-Rate-Limit-Reset | 2023-09-18T11:40:00.1134432Z | See above. |
4. 500 Errors
Both the API and the Gateway can return a 500 error.
Known causes are:
- Missed step in setup.
- Bug in v6.0.1.0.
- Issues in Gateway configuration.
If you see this error:
- If the API has just been installed, ensure the keys have been set as described in our HTTP 500 error article.
- Ensure you are using v6.0.1.8 or higher.
If the error still appears, contact our Support Team so that we can investigate further.