## Validation error codes The following lists compile validation error codes you may encounter when interacting with Frontegg APIs. These errors are returned when request inputs fail validation checks, such as missing required fields, incorrect data types, or values that don't meet format constraints. The error codes are grouped by the area of the API they relate to. Use the links below to jump directly to the relevant category: - [User](#user) - [Authentication and login](#authentication-and-login) - [MFA](#mfa) - [Session management](#session-management) - [Tokens and OAuth](#tokens-and-oauth) - [SSO and SAML](#sso-and-saml) - [Tenant and organization](#tenant-and-organization) - [Roles, permissions, and groups](#roles-permissions-and-groups) - [Applications](#applications) - [Security policies](#security-policies) - [General](#general) ### User | Error code | Error message | | --- | --- | | ER-0005eb4672 | name must be a string | | ER-00062905ab | each value in userIds must be a string | | ER-000a64f544 | Either email or username must be provided | | ER-000b32220f | phoneNumber should not be empty | | ER-000e4dacd0 | each value in emails must be an email | | ER-001726e719 | lastName must be a string | | ER-00196e133e | users.0.email must be an email | | ER-001a109c8b | name should not be empty | | ER-001c3df1e0 | User ID must be a valid id | | ER-001e4c0b87 | profileImage must be base64 encoded | | ER-00295bc55e | Either emails or username must be provided | | ER-002cc969b1 | user.email must be an email | | ER-002fef5d32 | allowEmailChange must be a boolean value | | ER-003d012f5b | Email is required when username is not provided | | ER-003d4a1e20 | firstName must be a string | | ER-0037f547f7 | Username is required when email is not provided. | | ER-0041b0b295 | user must be an object | | ER-00474568df | Username contains invalid characters | | ER-00492bf651 | Username can only contain letters, numbers, dots, underscores, and hyphens | | ER-004a5c1ae5 | email must be a string | | ER-00524fe038 | users.0.emails.0.email should not be empty | | ER-005a0fec63 | Phone number must be valid | | ER-0066e18598 | newPassword should not be empty | | ER-006899abd0 | users.0.emails.0.primary must be a boolean value | | ER-00714eaa40 | changePhoneId should not be empty | | ER-0078def8e8 | changePhoneNumberToken must be a string | | ER-00811bd860 | profileImage must be a string | | ER-0081db7a24 | newPassword must be a string | | ER-0082b0f4d0 | userId should not be empty | | ER-0083fa2c70 | resetPhoneNumberToken should not be empty | | ER-008897167d | password should not be empty | | ER-0088eff9e2 | users.0.emails.0.email must be an email | | ER-008bcb1872 | each value in userIds should not be empty | | ER-0097c03b1f | changePhoneId must be a string | | ER-009c478740 | email must be an email | | ER-009ec0aa9a | userEmail should not be empty | | ER-00a5247e65 | emails.0.email should not be empty | | ER-00a5298e4c | userIds must contain no more than 1000 elements | | ER-00ad24c82d | user.name should not be empty | | ER-00ae7c8020 | Emails must be an array when provided | | ER-00afeb4d58 | each value in emails should not be empty | | ER-00b172d2f2 | phoneNumberType possible values are: auth,mfa | | ER-00b30c4875 | Emails array cannot be empty when provided | | ER-00b89bc9eb | users.0.Username contains invalid characters | | ER-00ba975421 | users must contain at least 1 elements | | ER-00bdfaa2ea | users.0.tenantId must be a string | | ER-00c5c97728 | userEmail must be a string | | ER-00c68d6a30 | userId must be a UUID | | ER-00ccbefbb2 | users.0.email should not be empty | | ER-00d243a91d | resetPhoneNumberToken must be a string | | ER-00d970b2c9 | users must contain no more than 1000 elements | | ER-00d98f8a1b | emails.0.email must be an email | | ER-00ddabbdb5 | userIds must be an array | | ER-00def1266e | each value in emails must be a string | | ER-00e0ee0f11 | emails.0.primary must be a boolean value | | ER-00e2f39183 | userIds must contain no more than 200 elements | | ER-00e69e6530 | userId must be a string | | ER-00e75ab156 | email should not be empty | | ER-00ed8b0d49 | changePhoneNumberToken should not be empty | | ER-00f14008d2 | userIds must contain at least 1 elements | | ER-00f4e74f27 | password must be a string | | ER-00f7f5779b | each value in userIds must be a UUID | | ER-00fb342d4a | user.name must be a string | | ER-00fc14e400 | primary must be a boolean value | | ER-00fcefda45 | users must be an array | | ER-00fd528b8e | each value in emails must be shorter than or equal to 100 characters | ### Authentication and login | Error code | Error message | | --- | --- | | ER-0005cb3f61 | syncOnLogin must be a boolean value | | ER-000d7fda63 | strategy possible values are: email,sms | | ER-000f4f27ba | Identifier type is missing. | | ER-000ffac481 | strategy possible values are: code,link | | ER-001cc24f5a | login.url must be a valid url. | | ER-001ddd341b | identifierType must be one of the following values: email, phoneNumber, username | | ER-002ca1674f | identifierType must be a string | | ER-002d46a90b | identifier should not be empty | | ER-0034b144b8 | strategy possible values are: EmailAndPassword,MagicLink,Code,NoLocalAuthentication,SmsCode,UsernameAndPassword,UsernameAndMagicLink,UsernameAndCode,UsernameAndSms | | ER-00306abbcf | identifier must be a string | | ER-00589c325b | login must be an object | | ER-00740944c4 | strategy possible values are: email,phoneNumber,username | | ER-007b2f9a90 | strategy possible values are: WebAuthnPlatform,WebAuthnCrossPlatform,SmsCode,SmsCodeV2,Passkeys,UsernameAndPassword,UsernameAndMagicLink,UsernameAndCode,UsernameAndSms | | ER-009d66513a | identifierType should not be empty | | ER-00bd564528 | code must be a string | | ER-00ea9e3cca | authStrategy possible values are: EmailAndPassword,MagicLink,Code,NoLocalAuthentication,SmsCode,UsernameAndPassword,UsernameAndMagicLink,UsernameAndCode,UsernameAndSms | | ER-004945a07b | type must be one of the following values: google, github, microsoft, facebook, linkedin, gitlab, slack, twitter, apple | ### MFA | Error code | Error message | | --- | --- | | ER-000594d81b | clientDataJSON should not be empty | | ER-000dbc9a2a | mfaToken must be a string | | ER-000b32100c | options.response.attestationObject must be a string | | ER-0037274a28 | mfaToken should not be empty | | ER-001a35ceb8 | response.authenticatorData should not be empty | | ER-001a801413 | signature must be a string | | ER-001adc4719 | webauthnToken must be a string | | ER-001f174670 | options.response.signature must be a string | | ER-002ebffe71 | codePayload should not be empty | | ER-003d02a29e | options.response.attestationObject should not be empty | | ER-0048ef13bc | authenticationApp.active must be a boolean value | | ER-004febbc4c | authenticationApp.active must be a boolean. If active is true, serviceName must be defined | | ER-00512827fd | response.authenticatorData must be a string | | ER-0055f68b76 | recoveryCode must be a string | | ER-00560d634c | attestationObject should not be empty | | ER-00562d2a9d | code should not be empty | | ER-005c56917f | attestationObject must be a string | | ER-006bdcc12d | strategy possible values are: AuthenticatorApp,WebAuthnPlatform,WebAuthnCrossPlatform,SMS,EmailCode | | ER-0072076d4d | options.response.clientDataJSON should not be empty | | ER-00771464c8 | response.clientDataJSON must be a string | | ER-008568f611 | authenticatorData should not be empty | | ER-008ccc308c | otcToken must be a string | | ER-009240c7a0 | generatedVerification must be a string | | ER-009a4c05e6 | response must be an object | | ER-009a5de89a | options.response.signature should not be empty | | ER-00945a3be4 | response.signature must be a string | | ER-00964c1731 | response.attestationObject must be a string | | ER-0093afcc70 | otcToken should not be empty | | ER-00b6113b0f | webauthnToken should not be empty | | ER-00b9d78aec | options.response.authenticatorData must be a string | | ER-00c07c38ce | response.clientDataJSON should not be empty | | ER-00c1638143 | authenticationApp.active should not be empty | | ER-00c65e588b | deviceType possible values are: Platform,CrossPlatform | | ER-00c7c21871 | codePayload must be a string | | ER-00c9d25be9 | signature should not be empty | | ER-00cca05205 | clientDataJSON must be a string | | ER-00cda9f768 | options.response.clientDataJSON must be a string | | ER-00d8732848 | generatedVerification should not be empty | | ER-00dd4dac52 | authenticatorData must be a string | | ER-00ef80948e | response.attestationObject should not be empty | | ER-00f0ad28f3 | options.response.authenticatorData should not be empty | ### Session management | Error code | Error message | | --- | --- | | ER-000c886322 | sessionIdleTimeoutConfiguration.isActive must be a boolean value | | ER-003c908360 | sessionIdleTimeoutConfiguration.timeout must not be greater than 2073600 | | ER-004ff13f99 | timeout must not be less than 60 | | ER-0069fb4f5f | sessionIdleTimeoutConfiguration.timeout must be a number conforming to the specified constraints | | ER-007c71157b | sessionId must be a string | | ER-009f644345 | maxSessions must not be less than 1 | | ER-009f7c0ba2 | cookieSameSite must be one of these values: STRICT,LAX,NONE | | ER-009c8ecd0b | sessionTimeoutConfiguration.timeout must be a number conforming to the specified constraints | | ER-00841aa823 | timeout must not be greater than 2073600 | | ER-00908c27b7 | sessionTimeoutConfiguration.isActive must be a boolean value | | ER-00a97c4d2f | maxSessions must be a number conforming to the specified constraints | | ER-00b6194be1 | sessionId should not be empty | | ER-00c227cc88 | timeout must be a number conforming to the specified constraints | | ER-00cc8875ed | sessionTimeoutConfiguration.timeout must not be less than 60 | | ER-00de949061 | sessionIdleTimeoutConfiguration.timeout must not be less than 60 | | ER-00f10d0c36 | sessionConcurrentConfiguration.isActive must be a boolean value | | ER-00fe10eaa0 | sessionConcurrentConfiguration.maxSessions must be a number conforming to the specified constraints | | ER-0081c96186 | sessionConcurrentConfiguration.maxSessions must not be less than 1 | ### Tokens and OAuth | Error code | Error message | | --- | --- | | ER-000e8b35cc | userInfoUrl must be a string | | ER-0011816c7f | token must be a string | | ER-0014959801 | redirect_uris should not be empty | | ER-001725862a | oauth2Config.authorizationUrl should not be empty | | ER-0017baf197 | oauth2Config.authorizationUrl must be a string | | ER-001929a78b | grant_type must be one of the following values: authorization_code, refresh_token, client_credentials, urn:ietf:params:oauth:grant-type:token-exchange, urn:ietf:params:oauth:grant-type:device_code | | ER-00219e01cb | redirect_uris must be an array | | ER-0024ff1f5f | oauth2Config.userInfoUrl must be a string | | ER-002fab3c54 | redirectURL must be an URL address | | ER-003d207141 | scopes must be a string | | ER-004be294e1 | token must be a UUID | | ER-0048496048 | oidcClientId must be a string | | ER-0054a3de4f | tokenUrl must be a URL address | | ER-005e5d156e | redirectUrl should not be empty | | ER-0060e6ba8d | tokenUrl must be a string | | ER-0063b206cc | grant_type should not be empty | | ER-00659e62b9 | expirationInSeconds must be a number conforming to the specified constraints | | ER-006df9ac77 | clientName must be a string | | ER-007527e076 | claims.tenantId must be a string | | ER-007d35ffd0 | scopes should not be empty | | ER-0075c53b6c | clientType must be one of the following values: Agent | | ER-00762b71c9 | clientId must be a string | | ER-0079484375 | state must be a string | | ER-008be51424 | redirect_uris must contain at least one URI | | ER-0088f1d129 | refreshToken must be a string | | ER-00866fc417 | userInfoUrl should not be empty | | ER-00894c742e | expirationInSeconds must not be less than 300 | | ER-008ed7931c | oauth2Config.tokenUrl must be a string | | ER-0091a5ba6b | actorToken must be a string | | ER-009e4f8db5 | subject_token_type should not be empty | | ER-00a3774b9a | subject_token should not be empty | | ER-00a6917706 | authorizationUrl must be a URL address | | ER-00a784374d | redirectUrl must be a URL address | | ER-00b3ddcfd0 | grant_type must be equal to urn:ietf:params:oauth:grant-type:token-exchange | | ER-00b6a5ad38 | redirectUrl must be a valid url. | | ER-00b73a6516 | authorizationUrl must be a string | | ER-00b8db8e01 | each value in redirect_uris must be a string | | ER-00c2e08d60 | token should not be empty | | ER-00c336cfb1 | clientType should not be empty | | ER-00cb34e0c7 | authorizationUrl should not be empty | | ER-00d53dc69a | userInfoUrl must be a URL address | | ER-00d6dfadb4 | wellknownUrl should not be empty | | ER-00da4d64e9 | oauth2Config.tokenUrl should not be empty | | ER-00e25b565d | tokenUrl should not be empty | | ER-00e2050075 | expiration must be a number conforming to the specified constraints | | ER-00e2ffea0f | oauth2Config.userInfoUrl should not be empty | | ER-00e47276ee | client_id is required for device_code grant type | | ER-00f1082ff3 | expiration should not be empty | | ER-00f5f0efb9 | clientId should not be empty | | ER-00f6da19e5 | wellknownUrl must be a string | | ER-00f960d1b9 | expiration must not be greater than 15552000 | | ER-00fc17143a | each value in redirect_uris must be a URL address | | ER-0096fbf523 | expiration must not be less than 10 | | ER-009f263bc0 | strategy possible values are: ALLOW,BLOCK | | ER-00981a2834 | clientName should not be empty | ### SSO and SAML | Error code | Error message | | --- | --- | | ER-000b68d815 | idpCertificate should not be empty | | ER-001be4afe3 | acsUrl must be a URL address | | ER-001d88d11a | ssoConfigId must be a UUID | | ER-0023efaace | signRequest must be a boolean value | | ER-0052b443c0 | idpSsoUrl must be a string | | ER-006dbfdcf9 | ssoEndpoint must be a string | | ER-0067eb7662 | signRequest should not be empty | | ER-008889e7f7 | spEntityId must be a string | | ER-008ff2c8a0 | idpSsoUrl should not be empty | | ER-009549c72c | publicCertificate must be a string | | ER-009d50b9a7 | acsUrl must be a string | | ER-00a25677b7 | entityId should not be empty | | ER-00abc96484 | entityId must be a string | | ER-00b356e286 | ssoEndpoint must be a URL address | | ER-00bda00552 | ssoConfigId should not be empty | | ER-00cea58b7c | idpEntityId must be a string | | ER-00dd9cd573 | idpCertificate must be a string | | ER-00f40bb1fd | ssoConfigId must be a string | | ER-00f83471fd | idpEntityId should not be empty | ### Tenant and organization | Error code | Error message | | --- | --- | | ER-00041b523d | targetTenantId must be a string | | ER-000835708f | users.0.tenantId should not be empty | | ER-001023d6f2 | tenantId must be a string | | ER-0033686570 | subTenantsRoles must contain at least 1 elements | | ER-003963a25c | subTenantsRoles.0.tenantId should not be empty | | ER-003f3b800a | subTenantsRoles.0.roleIds must contain at least 1 elements | | ER-005ac941a0 | claims.tenantId should not be empty | | ER-007527e076 | claims.tenantId must be a string | | ER-007b3e5e3e | subTenants.0.tenantId should not be empty | | ER-00746054ef | tenantConfig must be a non-empty object | | ER-0079c31ada | subTenantsRoles.0.each value in roleIds should not be empty | | ER-0083d1d518 | tenant must be an object | | ER-00a2847cf2 | subTenantsRoles.0.roleIds must be an array | | ER-00ab09b0fe | subTenantsRoles must be an array | | ER-00c450de34 | subTenantsRoles.0.tenantId must be a string | | ER-00cc64747f | companyName should not be empty | | ER-00d826826a | subTenants.0.tenantId must be a string | | ER-00dd8e83a0 | subTenants must be an array | | ER-00eda32cff | subTenantsRoles.0.each value in roleIds must be a string | | ER-00ee5bb77c | tenantId should not be empty | | ER-00ef3dbdd4 | targetTenantId should not be empty | | ER-00eecaed4d | activeApplicationTenants.0.tenantId must be a string | | ER-00f99d8ea4 | companyName must be a string | | ER-00fc35a0bf | subTenants must contain at least 1 elements | ### Roles, permissions, and groups | Error code | Error message | | --- | --- | | ER-0018245401 | group must be a string | | ER-001b319a8a | groupsIds must contain at least 1 elements | | ER-001c6881c0 | each value in roleIds must be a string | | ER-002fc9ea16 | baseRoleId should not be empty | | ER-003af0a8c2 | each value in permissionIds must be a string | | ER-003be9aac6 | group should not be empty | | ER-003cddd8f5 | permissionIds should not be empty | | ER-0037e060e5 | roleIds must contain at least 1 elements | | ER-004b1fa357 | roleIds should not be empty | | ER-005532d399 | groupsIds must contain no more than 100 elements | | ER-005991942c | each value in groupsIds must be a string | | ER-00603ec410 | baseRoleId must be a string | | ER-007db615b6 | At least one of [roleKeys, emails, phoneNumbers, groupIds] must be a non-empty array. | | ER-00a93461ab | claims.permissions must be an array | | ER-00aee3bc7a | each value in roleIds should not be empty | | ER-00bf7fd9b5 | type must be one of the following values: NEVER, ALWAYS, ASSIGNABLE | | ER-00c61e9cc4 | At least one of addRoleIds or removeRoleIds must be provided with values | | ER-00cf030f4d | each value in permissions must be a string | | ER-00d59da80e | groupsIds must be an array | | ER-00d76fd74d | roleIds must be an array | | ER-00d87b2e88 | permissions must be an array | | ER-00e10948e2 | permissionIds must contain at least 1 elements | | ER-00e46b0786 | claims.each value in permissions must be a string | | ER-00e89625c6 | each value in permissionIds should not be empty | | ER-00f0bec6d3 | permissionIds must be an array | ### Applications | Error code | Error message | | --- | --- | | ER-00026add3b | activeApplicationTenants must contain no more than 50 elements | | ER-0004f0e932 | appIds must contain at least 1 elements | | ER-000dbbb81d | appId should not be empty | | ER-0052b2354a | activeApplicationTenants.0.applicationId must be a string | | ER-0053b2b12c | appId must be a string | | ER-0054153140 | activeApplicationTenants must be an array | | ER-005452581f | applicationId must be a string | | ER-00592bcc48 | each value in appIds should not be empty | | ER-006ac8b0ac | activeApplicationTenants must contain at least 1 elements | | ER-009affbcd9 | each value in appIds must be a string | | ER-00cac26126 | appIds must be an array | | ER-00d3c3163f | appIds must contain no more than 50 elements | | ER-00e1e776c7 | appIds must contain no more than 1000 elements | ### Security policies | Error code | Error message | | --- | --- | | ER-004c76c145 | type possible values are: ALLOW,BLOCK | | ER-004d29a02d | ip must be one of: IPv4, IPv6, CIDR | | ER-00a0fe0f35 | ips.0.strategy possible values are: ALLOW,BLOCK | | ER-00d7f555e2 | ips must be an array | | ER-00ff6e6508 | ips.0.ip must be one of: IPv4, IPv6, CIDR | ### General | Error code | Error message | | --- | --- | | ER-0003108d69 | enabled should not be empty | | ER-0003fc0a62 | allowAccess must be a boolean value | | ER-0004074b3a | each value in ids should not be empty | | ER-00050c3aa3 | status must be a number conforming to the specified constraints | | ER-00058160ff | provider must be one of the following values: sendgrid, mailgun, ses, ses-role | | ER-000677b376 | message must be an array | | ER-00069b1ffc | region should not be empty | | ER-0008fae20f | validated must be a boolean value | | ER-0009897417 | rules.0.conditionLogic must be one of the following values: and | | ER-0009a1875b | enabled must be a boolean value | | ER-000c10841a | conditions.0.Only listed attributes are allowed: userId, applicationId, tenantId, roleIds, tokenType, userEmail | | ER-000c3ba292 | type should not be empty | | ER-00106458e4 | active should not be empty | | ER-00120328eb | conditions.0.value must be an object | | ER-001293224a | entity should not be empty | | ER-001629de10 | id must be a UUID | | ER-00175b71f2 | keyId should not be empty | | ER-0018ec5ac8 | channels.sms must be a boolean value | | ER-001b0c125f | sms must be a boolean value | | ER-0026d5556b | value must be an object | | ER-002c46e5de | At least one of channel options must be true | | ER-002e1ad53d | algorithm should not be empty | | ER-003c463ef6 | options.id must be a string | | ER-003e57d364 | url must be a valid url. | | ER-004073e800 | rules.0.conditions.0.value must be an object | | ER-0040973b3f | payload must be an object | | ER-0044cc6287 | metadata should not be empty | | ER-0045d48c32 | displayName should not be empty | | ER-00498fe6b1 | rules.0.conditions.0.Only listed attributes are allowed: userId, applicationId, tenantId, roleIds, tokenType, userEmail | | ER-004ecab5dc | each value in ids must be a string | | ER-004ee0f826 | op must be one of the following values: in_list, contains, ends_with | | ER-00544d4a6b | each value in ids must be shorter than or equal to 100 characters | | ER-0055ad2325 | value should not be empty | | ER-0056461c79 | url should not be empty | | ER-0056b1c624 | Only listed attributes are allowed: userId, applicationId, tenantId, roleIds, tokenType, userEmail | | ER-005a058c31 | channels.email must be a boolean value | | ER-005b0a7f70 | domain must be a string | | ER-005cf194e5 | conditions.0.op must be one of the following values: in_list, contains, ends_with | | ER-0060aec68b | provider must be a string | | ER-006507fc3e | payload should not be null or undefined | | ER-006a3db6df | email.active must be a boolean. If active is true, sender & tokenLifetimeSeconds must be defined | | ER-006a960987 | message must contain at least 1 elements | | ER-006ba3843c | conditions must be an array | | ER-006c7b2f4e | region must be a string | | ER-006d47f127 | sms.active should not be empty | | ER-006da876ca | email must be a boolean value | | ER-00674d1cf0 | keyId must be a string | | ER-007dfebcff | displayName must be a string | | ER-007e962c71 | email.active must be a boolean value | | ER-0077216a23 | negate must be a boolean value | | ER-008b161b77 | active must be a boolean value | | ER-0082f5f98e | ids must contain at least 1 elements | | ER-0087abc452 | email.active should not be empty | | ER-00991d4a07 | apiKey must be a string | | ER-0099d10788 | region must be one of the following values: us, eu | | ER-009a11272e | ids must be an array | | ER-009c015a70 | domain must be valid | | ER-009e0e5b62 | id must be a string | | ER-00a3007037 | domain must be a valid domain name | | ER-00a793a752 | domain should not be empty | | ER-00aacafe23 | url must be a URL address | | ER-00ac824e5f | metadata must be a string | | ER-00b2509649 | apiKey should not be empty | | ER-00b33d78de | validated should not be empty | | ER-00bd19af0c | claims must be an object | | ER-00be44ef10 | metadata must be a json string | | ER-00c137fa5e | sms.active must be a boolean. If active is true, tokenLifetimeSeconds must be defined | | ER-00c3a2d89f | options.id should not be empty | | ER-00c5ddc571 | Only one of *ids* or *emails* can be provided, not both. | | ER-00c70154eb | conditionLogic must be one of the following values: and | | ER-00cdb966ac | url is neither URL, nor domain name. | | ER-00db87b898 | channels.At least one of channel options must be true | | ER-00ddb85f2f | options must be an object | | ER-00dfc67e6d | conditions.0.negate must be a boolean value | | ER-00e00efa88 | each value in message must be a string | | ER-00e47ba0fb | id should not be empty | | ER-00ee686d28 | rules.0.conditions.0.op must be one of the following values: in_list, contains, ends_with | | ER-00ee71ae58 | configuration must be an object | | ER-00ef5efcf4 | payload should not be empty | | ER-00efbee929 | ids must contain no more than 250 elements | | ER-00f49b36e9 | channels should not be empty | | ER-00f689ad6e | payload must be a string | | ER-00f9c6c6d1 | rules.0.conditions.0.negate must be a boolean value | Error codes customization You can customize the error messages above and create a tailored user experience for your customers. Read more about localization [here](/ciam/sdks/customizations/login-box-old/localizations#localizing-error-codes).