Response body
On failure, we return an HTTP code >= 400, which will contain the following fields.
| status | HTTP Status code. See HTTP Responses |
| code | A string indicating the kind of error. See Error Codes below |
| message | Human readable description of the error |
| helpUrl | A link for having more information about the error |
Error codes
The API may send the following error codes for known errors. We try to make the error code as meaningful as possible, but we provide more description there. We will keep adding error codes in the future.
| Type | Description |
|---|---|
| AUTHORIZATION_CLIENT_NOT_FOUND | The client_id provided as query parameter is invalid. It should match the client_id provided by Shine. |
| AUTHORIZATION_CLIENT_SECRET_DOES_NOT_MATCH | The client_secret provided as query parameter is invalid. It should match the client_secret provided by Shine. |
| AUTHORIZATION_REDIRECT_URI_DOES_NOT_MATCH | The redirect_uri provided as query parameter is invalid. It should match the redirect_uri you provided on your registration. If you want to change your redirect_uri, you need to contact Shine customer support. |
| AUTHORIZATION_REQUESTED_SCOPE_NOT_AVAILABLE | One of the scopes provided as query parameter is invalid. See Scopes for a list of supported scopes. |
| AUTHORIZATION_REQUESTED_SCOPE_NOT_AUTHORIZED | One of the scopes provided as query parameter is invalid. You can only request scopes that have been authorized during your registration. If you want to request a new scope, you need to contact Shine customer support. |
| AUTHORIZATION_REQUESTED_SCOPE_MISSING_OPENID | When you request the email, profile and/or phone scopes, you also need to request the openid scope. See Scopes for more information. |
| AUTHORIZATION_CLIENT_STATUS_NOT_VALID | Your account has not been validated yet or has been deactivated. |
| AUTHORIZATION_CODE_MISSING | The code query parameter is required when requesting a token with grant_type=authorization_code |
| AUTHORIZATION_CODE_NOT_FOUND | The code provided as query parameter is invalid. It should match the code returned by the Shine OAuth2 server. |
| AUTHORIZATION_CODE_ALREADY_USED | Authorization codes can only be used once. |
| AUTHORIZATION_CODE_EXPIRED | Authorization codes expire after one minute. |
| AUTHORIZATION_CODE_REDIRECT_URI_DOES_NOT_MATCH | The redirect_uri provided as query parameter is invalid. It should match the redirect_uri you provided on your registration. If you want to change your redirect_uri, you need to contact Shine customer support. |
| AUTHORIZATION_ACCESS_TOKEN_EXPIRED | Access tokens expire after one hour. They can be refreshed using the refresh_token returned alongside the access_token by the Shine OAuth2 server. |
| AUTHORIZATION_INVALID_ACCESS_TOKEN | The access_token provided in the Authorization header is invalid. Check that you're sending the access_token provided to you by the Shine OAuth2 server.The Authorization header should follow the following format: Bearer access_token |
| AUTHORIZATION_MISSING_ACCESS_TOKEN | The Authorization header is missing or the access_token is missing inside the Authorization header. |
| AUTHORIZATION_ACCESS_TOKEN_WRONG_AUDIENCE | The access_token provided is not a Shine access_token. The aud claim should be https://api.shine.fr. You can inspect your access_token on jwt.io. |
| AUTHORIZATION_ACCESS_TOKEN_MISSING_SCOPE | One of the scope required to access this resource is missing from your access_token. Check that you have requested this scope during your Shine Connect registration and when requesting access to the user. |
| AUTHORIZATION_ACCESS_TOKEN_FORBIDDEN | The requested resource(s) can't be accessed with this access_token. It means that you may be trying to access data that don't belong to this user. |
| AUTHORIZATION_UNSUPPORTED_RESPONSE_TYPE | The response_type provided as query parameter is invalid. The only supported response_type is code. |
| AUTHORIZATION_UNSUPPORTED_GRANT_TYPE | The grant_type provided as query parameter is invalid. The only supported grant_types are authorization_code & refresh_token. |
| AUTHORIZATION_REFRESH_TOKEN_MISSING | The refresh_token query parameter is required when requesting a new access_token with grant_type=refresh_token |
| AUTHORIZATION_REFRESH_TOKEN_EXPIRED | Refresh tokens expire after one year. Refresh tokens can't be refreshed. To get a new refresh_token, the user has to go through the OAuth2 authorize flow again. |
| AUTHORIZATION_REFRESH_TOKEN_INVALID | The refresh_token provided as query parameter is invalid. It should match the refresh_token returned by the Shine OAuth2 server. |
| AUTHORIZATION_REFRESH_TOKEN_REDIRECT_URI_DOES_NOT_MATCH | The redirect_uri provided as query parameter is invalid. It should match the redirect_uri you provided on your registration. If you want to change your redirect_uri, you need to contact Shine customer support. |
| AUTHORIZATION_REFRESH_TOKEN_REVOKED | The refresh_token provided as query parameter has been revoked. To get a new refresh_token, the user has to go through the OAuth2 authorize flow again. |
| AUTHORIZATION_UNKNOWN_ERROR | 😱 |
| AUTHORIZATION_USER_NOT_AUTHORIZED | The Authorization header is invalid or missing.The Authorization header should follow the following format: Bearer access_token |