# Code and Formats source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/code-and-formats/index.md ## HTTP Response Codes {#http-response-codes} | **Status Code** | **Response** | **Description** | |-----------------|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 200 | OK | Everything worked as expected. | | 204 | NO CONTENT | The server successfully executed the method but returned no response body. | | 400 | BAD REQUEST | The server cannot or will not process the request due to its invalid structure or data. | | 401 | UNAUTHORIZED | The user does not have access to the service. | | 403 | FORBIDDEN | The user is not authorized to perform the operation. | | 404 | NOT FOUND | The requested resource does not exist. | | 405 | METHOD NOT ALLOWED | The requested URL exists, but the requested HTTP method is not applicable. | | 415 | UNSUPPORTED MEDIA TYPE | The server does not support the request payload's media type. For the Mastercard Processing API, the `Content-Type` header must be `application/json;charset=utf-8`. | ## Error Structure {#error-structure} To provide a consistent experience across all Mastercard APIs, the Mastercard Processing Fraud API follows the standard structure for each scenario that can occur. Mastercard returns errors in the following structure: ```json { "Errors":{ "Error":[ { "Source":"", "ReasonCode":"", "Description":"", "Recoverable": true/false } ] } } ``` | **Field** | **Description** | |-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Source | The application that generated the given error. Every error message generated and returned by the gateway will have this field equal to `Gateway`. If the field value is `MASTERCARD PROCESSING`, it means that an error was generated by the Mastercard Processing application. | | ReasonCode | Identifies the error case encountered when any Mastercard Processing Fraud API is called. For example, `REQUEST_VALIDATION` is used when the request is invalid due to some missing or invalid parameters. | | Description | Description of the `ReasonCode` field with additional details. | | Recoverable | Indicates whether this error will always be returned for this request or retrying can change the outcome. For example, if the request contains an invalid request parameter, retrying will never succeed. However, if the error is related to some unexpected timeout with the service, retrying the call could result in a successful response. | ## Gateway Error Codes {#gateway-error-codes} In addition to service error codes, error codes can also be returned by Mastercard's gateway. A gateway is used to verify the request's signature and route it to the correct location. You can find a list of the errors returned by our gateway and resolutions to each on the [Gateway Error Codes](https://developer.mastercard.com/platform/documentation/security-and-authentication/gateway-error-codes/) page. ## Mastercard Processing Error Codes {#mastercard-processing-error-codes} For a complete list of Mastercard Processing Fraud application-specific error codes, refer to the following table: | HTTP Response Status Code | Reason Code | Description | How to Resolve | |---------------------------|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 400 | CERTIFICATE_NOT_FOUND | Cannot find response encryption key for fingerprint \ and client id \. | Check the Mastercard Encryption Key associated with the provided Client ID in your Mastercard Developers project to ensure it is valid and has not expired. If expired, generate new key and reconfigure your integration accordingly. | | 404 | CONTRACT_DOES_NOT_EXIST | Contract with id \ not found. | Verify and correct the `contract_id` value in the request, and then try again. | | 400 | DUPLICATED_X_MC _CORRELATION_ID | The given \ header was used in previous request. | Specify the correct unique value in the `X-Mc-Correlation-Id` or `Correlation-Id` header, and try again. | | 404 | INSTITUTION_CONFIGURATION _NOT_FOUND_ERROR | User configuration was not found for id \. | Your API configuration is incorrect. Contact the Mastercard Processing representative. | | 400 | INVALID_DATE_FORMAT | Date time has invalid format. Correct format is `YYYY-MM-DDThh:mm:ssZ`. | Specify the correct date format in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | NO_PUBLIC_KEY_FINGERPRINT | Cannot find `publicKeyFingerprint` value inside JWE structure. | Ensure the public key fingerprint value is correctly included in the JWE structure. Refer to the [documentation](https://developer.mastercard.com/platform/documentation/authentication/securing-sensitive-data-using-payload-encryption/#jwe-encryption) for detailed guidance on JSON Web Encryption used by Mastercard. | | 403 | OPERATION_DENIED | Operation \ is disabled in your API configuration. | Contact the Mastercard Processing representative if you want to use the operation. | | 403 | OPERATION_DENIED | Invalid or unsupported operation. Verify HTTP method, endpoint, and resource ID format. | Make sure you are calling the correct endpoint as defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_BODY_PROCESSING _ERROR | There is a problem with parsing request body. | The three most common causes are: 1. Sending an unencrypted payload while the API expects a JWE payload (as specified [here](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#breaking-the-encrypted-payload-down)). 2. Sending a valid JWE payload, but the decrypted JSON does not match the API model defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md). 3. Sending an invalid JSON body. | | 404 | RISK_CONTROL_CODES _DOES_NOT_EXIST | Risk control code \ does not exist for contract with id \. | The provided risk_control_code is not configured in the CMS for you. Verify and correct the `risk_control_code` value in the request, and then try again. | | 400 | REQUEST_VALIDATION | Invalid field \ value in object \. Validation error: \. | Specify the correct field value defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_VALIDATION | Invalid object \. Validation error: \. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_VALIDATION | Missing required HTTP header \
. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | REQUEST_VALIDATION | Missing required request parameter \. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 400 | SCALE_IS_NOT_SUPPORTED | Actual scale of precision: \ is not supported for \ field in request body. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. | | 415 | UNSUPPORTED_CHARSET_ERROR | Charset \ is not supported. Only UTF-8 charset is supported. | Specify the correct data in the request defined in the [OpenAPI Specification](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md), and try again. For the Mastercard Processing API, the `Content-Type` header must be `application/json;charset=utf-8`. | ### Sample Errors {#sample-errors} The following is a sample of the error response when you send a `PUT` request to the `/contracts/{contract_id}/risk-controls/{risk_control_code}` endpoint with `risk_control_code` that has not been configured during the onboarding process: ```json { "Errors": { "Error": [ { "Source": "MASTERCARD PROCESSING", "ReasonCode": "RISK_CONTROL_CODE_DOES_NOT_EXIST", "Description": "Risk control code INVALID does not exist for contract with id 70001.", "Recoverable": false } ] } } ```