# Error Handling
source: https://developer.mastercard.com/issuer-enrollment/documentation/error-handling/index.md

### API Gateway and Access Errors {#api-gateway-and-access-errors}

If the API Gateway rejects an API request, then it sends an error response without passing the request to Secure Card on File. The errors returned by the API Gateway are standard across Mastercard services and the format of the error response may vary slightly from the application level errors returned by the Secure Card on File service.
Tip: For more details about Gateway errors, refer to [Gateway Error Codes](https://developer.mastercard.com/platform/documentation/gateway-error-codes/) in the general Mastercard Developers Platform documentation. If the API Gateway does not throw an error, you might still see application errors which are returned in a different format.

See below for a description of application level errors.

```json
{
"Errors": [
{
  "Error": {
  "Source": "Gateway",
       "ReasonCode": "<Unique code>",
       "Description": "<Description of the error>",
       "Recoverable": true/false,
       "Details": null
  }
}
]
}
```

### Click to Pay enroll API Application errors codes {#click-to-pay-enroll-api-application-errors-codes}

If the API is successfully accessed via the API Gateway, the service itself may generate errors if something is wrong with the information presented in the request.

In this situation, an error response body will be returned by the service as the response to the API call, giving more detail about what caused the problem. This includes an error object in a format similar to the following example:

**400 bad request**

**INVALID_ARGUMENT**

* Identifies a malformed or invalid request.

* Use cases:

* Request Body JSON does not conform to the schema of EnrollCardRequest.

* Mandatory parameters in request are missing `srcClientId` or `consumer.consumerIdentity` values are not provided.

* Request parameters, such as `srcClientId`,`srcCorrelationId` have invalid format, and are not in UUID format.

<br />

\*\*INVALID_STATE\*\*

* Identifies a validation failed on request.

* Use cases:

* `srcClientId` or `serviceId` is invalid and does not resolve to an entity in the SRC system. Example value of '`srcClientId` is not recognised.

* Profile exists with email and different phone number.

* Profile exists with phone number and different email addresses.

* Refer to table "ambiguous consumer handling" for more detail on existing profile handling.

* Request Body JSON schema validation failure.

* Data Type validation failure.

<br />

**Example**

    {
       "status": 400,
       "reason": "INVALID_STATE",
       "message": "Cannot process the request because it is malformed or has incorrect/missing fields or values.",
       "errordetail": [
         {
           "reason": "AMBIGUOUS_CONSUMER_IDENTITY",
           "message": "The Consumer identities provided resulted in a partial match for a profile, however either the Email or Phone or National Id does not match.",
           "sourceType": "BODY",
           "source": "enrollRequest.consumer.mobileNumber.phoneNumber"
         }
       ]
     }

<br />

### Consumer Responses {#consumer-responses}

Enrollment can be rejected or approved depending on the email and phone number passed in the request. Below is the list of use cases and results.

|                              Use Case                               |                     Result                      |
|---------------------------------------------------------------------|-------------------------------------------------|
| Profile exists with email and phone number.                         | Allow to add card to existing profile.          |
| Profile does not exist for email and phone number.                  | Create new profile and add card to new profile. |
| Profile exists with email and phone number is different in request. | Reject enrollment request.                      |
| Profile exists with phone number and email is different in request. | Reject enrollment request.                      |
| Profile exists with email and phone number not present in request.  | Allow to add card to existing profile.          |

**403 Code**: Forbidden response if identifier validation fails.

**Example**

    {
     "message": "Access is denied to the requested resource. Client does not have sufficient permission or has been locked.",
     "reason": "PERMISSION_DENIED",
     "status": 403
    }

**500 Code**: Internal server error

**Example**

    {
     "message": "Internal server error. Something went wrong while processing the request",
     "reason": "INTERNAL",
     "status": 500
    }

**503**: Service unavailable

**Example**

    {
     "errordetail": [
       {
         "message": "Issuer did not respond in time. Retry the request.",
         "reason": "NO_RESPONSE_FROM_ISSUER"
       }
     ],
     "message": "Service unavailable. Typically the server not able to serve the request temporarily. Retry after some time",
     "reason": "UNAVAILABLE",
     "status": 503
    }