API Errors will return an error code, name and message to let the application clients handle them. Errors will include the HTTP status code and an error code.

Error Example

    "error": {
        "message": "Invalid username or password",
        "status": 401,
        "errors": [
                "code": 101,
                "message": "Invalid username or password"

HTTP Status codes

Status CodeMessageDescription
101Switching ProtocolsUsed when switching protocols for example WebSockets
200OKSuccessful Response
201CreatedThe request has been fulfilled and resulted in a new resource being created
202AcceptedThe request has been accepted for processing, but the processing has not been completed. This response can be received on a device state update by changing some attribute or executing a method
204No ContentThe server successfully processed the request but is not returning any content. This response can be received from CORS when using a javascript client from a different domain
400Bad RequestThe server cannot or will not process the request due to something that is perceived to be a client error
401UnauthorizedAuthentication is required and has failed or has not yet been provided
403ForbiddenThe client does not have necessary permissions for the resource
404Not FoundThe requested resource could not be found but may be available again in the future
405Method Not AllowedA request was made of a resource using a request method not supported by that resource
408Request TimeoutThe server timed out waiting for the request
409ConflictThe request could not be completed due to a conflict on the resource data, this might happen when a resource is changed offline and online at the same time. When the resource is synced to the cloud a conflict may happen.
50XServer ErrorSmartenit API server error

API Error codes

100Invalid client_id or client_secret"client_id" or "client_secret" were not provided
101Invalid response_type"response_type" for OAuth 2 authorization was not provided
102Invalid state"state" for OAuth 2 authorization was not provided
103Client application is not foundThe resource with the client_id provided was not found
104Unknown response_typeThe response type provided was not provided or is not "code" or "token"
105Undefined grant_type"grant_type" was not provided
106Unsupported grant_type"grant_type" is not supported in the current application, can be disabled.
107Code is requiredCode attribute is required for the authorization
108Invalid or expired authorization codeThe authorization code provided has expired or is invalid
109Invalid client credentialsThe Client credentials provided are invalid, (client_id or client_secret)
110Unauthorized grant_typeThe "grant_type" provided is valid but is not authorized on the application configuration
111username and password are required"username" and "password" attributes are required
112Invalid user credentials"username" and "password" are invalid
113User email is not confirmedEmail has not been confirmed
114Invalid access_tokenThe access_token provided is invalid or does not exist
115Expired access_tokenThe provided access_token has expired
116Invalid ParentAt least one of the parent resources was not found or does not belong to your account or company
117Number of login attempts exceededThe user has made multiple invalid requests for password authentication
119Invalid refresh_tokenThe refresh_token provided is invalid or does not exist
120Old API server did not answerWhen a request made to the old API timed out
121You have created an account using Facebook/GoogleOccurs when the user use the forgot password option of an external account
122There was an error sending the recovery email, please try againThere was an error sending the recovery email when the user forgot the password
202Invalid Gateway PasswordFor gateway migrations there is a custom password that should be provided by the user
250The email is already registeredOccurrs when the user tries to create a new account using an existing email
251Your account has not been activatedOccurs when the user tries to login without confirm their email by the email received after register