# Code and Formats source: https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/codes-formats/index.md ## Failures {#failures} ### Failures within the login flow {#failures-within-the-login-flow} Did you experience that the [Connect Flow](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/connect/connect-flow/index.md) is failing? It can happen if the end user has canceled the flow or if a bank-related error has occurred. In these cases, we redirect back to the provided `redirect_uri`, but we do not include the `code` and `consentId` query parameters. Therefore, if a request is made to the configured `redirect_uri` that does not include the `code` and `consentId` query parameters, it is safe to assume that the login flow was unsuccessful. In this case, you have to restart the flow from scratch. ### Failures outside of the login flow {#failures-outside-of-the-login-flow} It is also possible to experience failures during unattended logins in which the login to the bank is unsuccessful. In these cases, we send a [`ConnectionUpdateRequiredWebhook` webhook](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/event-notifications/event-types/index.md#connectionupdaterequiredwebhook) to your configured webhook url. If this happens, we're not able to fetch new data from the end users' bank without the end users' help. To solve this, you need to start a [Manual Synchronisation](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/data-sync/index.md#manual-synchronization) which will require the end user to make a supervised login. After that, data synchronisation will be scheduled and automated data synchronizations will resume. ### Provide Rate Limiting {#provide-rate-limiting} One of the possible errors that can cause these failures, is the banks' rate limiting. As stated in PSD2 legislation, there is a limit of four logins per user per day. If we experience this happening, we send a [`ConnectionRateLimitedWebhook` webhook](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/event-notifications/event-types/index.md#connectionratelimitedwebhook) to your configured webhook url which contains information about the affected consent and accounts, as well as the date the rate limiting will end. Attempts to do [Manual Synchronisation](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-data/data-sync/index.md#manual-synchronization) before the rate limiting ends will be ignored. ## Error handling {#error-handling} All successful requests to the API return HTTP 200. In case of errors, the API returns a JSON response containing the error code and details about the error: ```json { "error": "InvalidInput", "details": { "reason": "Unknown code", "validationErrors": { "Username": [ "Username is required" ], "Email": [ "Email must be at least 3 character long" "Email must be an email" ] } } } ``` The format and the keys of the error `details` varies between error codes. The following combination of error codes are returned from the API: | **HTTP Status** | **Reason Code** | **Description** | **How to handle** | |-----------------|-----------------------|---------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------| | 400 | `InvalidInput` | Invalid input provided. See `details`. | Check that the input sent is correct. | | 400 | `InvalidLoginToken` | Occurs if unattended login attempted when it not supported, or if the login token has expired. | Only attempt unattended logins for login tokens that support it. | | 400 | `IncorrectToken` | Can occur for Login Tokens if they are malformed or invalid (during unattended login and auth/initialize.) | Ensure the call is made with the correct client credentials, and that token has not been malformed. | | 403 | `AccessDenied` | Authentication failed or session expired. The reason is specified in `details.reason`. | Check that the correct client credentials and access tokens are sent. Ensure the calls are not attempted after the session expires. | | 403 | `FeatureNotEnabled` | The feature is not enabled for the client. | Ensure you are using the correct client. Contact us if you want the feature to be enabled or believe it should be enabled for you. | | 403 | `ProviderDisabled` | The selected provider is currently disabled due to unresponsiveness or instability. | Check the [status page](https://status.aiia.eu) and retry the request later. | | 409 | `Conflict` | When retrying a request with the `X-Request-Id`-header present, where the first request has not yet finished. | Wait for the first request to finish or try again. | | 429 | `RateLimited` | Request exceeded rate limit. The limit and retry timeout are specified in `details.message`. | Wait for the specified time before retrying. | | 500 | `InternalError` | Unknown internal error. | | | 501 | `FeatureNotSupported` | The provider does not support the requested feature,for example payments or unattended login. | | | 503 | `ProviderCallFailed` | Call to provider failed. See details below. | | | 504 | `Timeout` | Call to provider timed out. | Call can be retried, but it is advisable to limit the amount of data retrieved. | The error code `ProviderCallFailed` is used when errors occur in integrations. These can happen for different reasons, and so it is important to consider the reason code from `details.reason`. | **Reason Code** | **Description** | |---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `NetbankDown` | Occurs when the provider is having prolonged technical issues, or during service windows. Moderate retries are possible (exponential back-off, limited attempts). | | `UnknownError` | An unknown error occurred in the integration. Moderate retries are possible (exponential back-off, limited attempts). | | `RetrySession` | The session was terminated due to an intermittent error. Retrying a new session will most likely work. | | `Unauthorized` | The user unexpectedly became unauthorized within the session. For example if the user was logged out after signing in from another location. The session can be retried. | | `RateLimitExceeded` | When limits are hit for PSD2/RTS APIs within daily allowance for PSU/TPP. Access to the affected resources will be possible next day. | | `AdapterExpired` | The integration does not match the provider's API. Retry is not possible. This is exceptional and will be handled by our service. |