# Code and Formats source: https://developer.mastercard.com/mastercard-processing-authentication/documentation/code-and-formats/index.md ## HTTP Response Codes {#http-response-codes} | **Status Code** | **Response** | **Description** | |-----------------|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 200 | OK | Everything worked as expected. | | 400 | BAD REQUEST | The server cannot or will not process the request due to its invalid structure or data. | | 401 | UNAUTHORIZED | The user does not have access to the service. | | 403 | FORBIDDEN | The user is not authorized to perform the operation. | | 404 | NOT FOUND | The requested resource does not exist. | | 405 | METHOD NOT ALLOWED | The requested URL exists, but the requested HTTP method is not applicable. | | 415 | UNSUPPORTED MEDIA TYPE | The server does not support the request payload's media type. For the Mastercard Processing API, the `Content-Type` header must be `application/json;charset=utf-8`. | ## Error Structure {#error-structure} To provide a consistent experience across all Mastercard APIs, the Mastercard Processing API follows the standard structure for each scenario that can occur. Mastercard returns errors in the following structure: **Single error** ```json { "Errors":{ "Error":[ { "Source":"", "ReasonCode":"", "Description":"", "Recoverable": true/false, "Details": "" } ] } } ``` **Multiple errors** ```json { "Errors": { "Error": [ { "Source": "", "ReasonCode": "", "Description": "", "Recoverable": true/false, "Details": "" },{ "Source": "", "ReasonCode": "", "Description": "", "Recoverable": true/false, "Details": "" } ] } } ``` | **Field** | **Description** | |-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Source | The application that generated the given error. Every error message generated and returned by the gateway will have this field equal to `Gateway`. If the field value is `MASTERCARD PROCESSING`, it means that an error was generated by the Mastercard Processing application. If the field value is `ACS VENDOR PROCESSING`, it means that an error was generated by the ACS provider. | | ReasonCode | Identifies the error case encountered when any Mastercard Processing API is called. For example, `REQUEST_VALIDATION` is used when the request is invalid due to some missing or invalid parameters value. | | Description | Description of the `ReasonCode` field with additional details. | | Recoverable | Indicates whether this error will always be returned for this request or retrying can change the outcome. For example, if the request contains an invalid request parameter, retrying will never succeed. However, if the error is related to some unexpected timeout with the service, retrying the call could result in a successful response. | | Details | Where appropriate, indicates detailed information about data received and calculated during request processing, to help the user with diagnosing errors. | ## Gateway Error Codes {#gateway-error-codes} In addition to service error codes, error codes can also be returned by Mastercard's gateway. A gateway is used to verify the request's signature and route it to the correct location. You can find a list of the errors returned by our gateway and resolutions for each on the [Gateway Error Codes](https://developer.mastercard.com/platform/documentation/security-and-authentication/gateway-error-codes/) page. ## Mastercard Processing Error Codes {#mastercard-processing-error-codes} For a complete list of Mastercard Processing application-specific error codes, refer to the following table: | HTTP Response Status Code | Reason Code | Description | How to Resolve | |---------------------------|-----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 400 | CERTIFICATE_NOT_FOUND | Cannot find response encryption key for fingerprint \ and client ID \. | Check the Mastercard Encryption Key associated with the provided Client ID in your Mastercard Developers project to ensure it is valid and has not expired. If expired, generate a new key and reconfigure your integration accordingly. | | 400 | DUPLICATED_THREE_DS _TRANSACTION_ID | Duplicated `threeDsTransactionId`. | Verify and correct the `three_ds_server_transaction_id` value in the request, and then try again. | | 400 | DUPLICATED_X_MC _CORRELATION_ID | The given `X-Mc-Correlation_Id` header was used in previous request. | Specify the correct unique value in the `X-Mc-Correlation-Id` or `Correlation-Id` header, and try again. | | 400 | NO_PUBLIC_KEY_FINGERPRINT | Cannot find `publicKeyFingerprint` value inside JWE structure. | Ensure that the public key fingerprint value is correctly included in the JWE structure. Refer to the [documentation](https://developer.mastercard.com/platform/documentation/authentication/securing-sensitive-data-using-payload-encryption/#jwe-encryption) for detailed guidance on JSON Web Encryption used by Mastercard. | | 403 | OPERATION_DENIED | Operation \ is disabled in your API configuration. | Contact the Mastercard Processing representative if you want to use the operation. | | 403 | OPERATION_DENIED | Invalid or unsupported operation. Verify HTTP method, endpoint, and resource ID format. | Make sure you are calling the correct endpoint as defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-authentication/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_BODY_PROCESSING _ERROR | The given field \ has invalid value. | Specify the correct field value defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-authentication/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_BODY_PROCESSING _ERROR | There is a problem with parsing request body. | The three most common causes are: 1. Sending an unencrypted payload while the API expects a JWE payload (as specified [here](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#breaking-the-encrypted-payload-down)). 2. Sending a valid JWE payload, but the decrypted JSON does not match the API model defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-authentication/documentation/api-reference/index.md). 3. Sending an invalid JSON body. | | 400 | REQUEST_VALIDATION | Invalid field \ value in object \. Validation error: \. | Specify the correct field value defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-authentication/documentation/api-reference/index.md), and try again. | | 400 | THREE_DS_TRANSACTION_ID _DOES_NOT_EXIST | Does not match any of active `AcsCReq threeDSServerTransactionID` that ACS has previously sent. | Verify and correct the `three_ds_server_transaction_id` value in the request, and then try again. | | 400 | THREE_DS_TRANSACTION_ENDED | The transaction has ended. | Verify and correct the `three_ds_server_transaction_id` value in the request, and then try again. | | 415 | UNSUPPORTED_CHARSET_ERROR | Charset \ is not supported. Only UTF-8 charset is supported. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-authentication/documentation/api-reference/index.md), and try again. For the Mastercard Processing API, the `Content-Type` header must be `application/json;charset=utf-8`. | ### Sample Errors {#sample-errors} The following is a sample error response when trying to send an issuer challenge decision using an incorrect 3DS-Secure transaction identifier by sending a `POST` request to the `/three-ds-transactions/{three_ds_transaction_id}/issuer-challenge-responses` endpoint: ```JSON { "Errors": { "Error": [ { "Source": "ACS VENDOR PROCESSING", "ReasonCode": " THREE_DS_TRANSACTION_ID_DOES_NOT_EXIST ", "Description": " Does not match any of active AcsCReq threeDSServerTransactionID that ACS has previously sent.", "Recoverable": false } ] } } ```