Error Codes
DOCS
Last updated: Aug 15th, 7:07am
View return URL errors and HTTP status error codes for PayPal Link operations.
Return URL errors
PayPal generally handles most errors internally. However, in some situations, PayPal might return the user to the merchant's redirect_uri with an error_description and error parameters. This table describes the possible errors:
| Error | Error description | Explanation | Recommendation |
|---|---|---|---|
RESTRICTED_ACCOUNT | Not applicable | Possible issue with user account. For assistance, user must contact PayPal. | Notify the user that a problem occurred linking their account. For assistance, user must contact PayPal. |
COUNTRY_NOT_SUPPORTED | Not applicable | This product is not available in your country. | Contact PayPal for assistance. |
2FA_NOT_SUPPORTED | Not applicable | User has two-factor authentication enabled. | Disable two-factor authentication (not recommended by PayPal). |
BIZ_ACCOUNT_NOT_SUPPORTED | Not applicable | User has a PayPal business account. This integration does not support business accounts. | |
REFERRAL_EXPIRED | Not applicable | User clicked or was directed to a link that took more than 15 minutes to open. | Relaunch the flow by starting with the referral ID creation. |
SESSION_TIMEOUT | Not applicable | Too much time spent trying to complete the process or the PayPal configuration was not set up correctly. |
- If timeout happens during testing, escalate the error to your PayPal account manager.
- If this error occurs only once in live PayPal, relaunch the linking flow from the beginning of card selection/referral ID creation.
- If you repeatedly run into issues after going live, escalate to your PayPal account manager.
- If the error happens during testing, escalate the error to your PayPal account manager.
- If this error occurs only once in live PayPal, relaunch the linking flow from the beginning of card selection/referral ID creation.
- If you repeatedly run into issues after going live, escalate to your PayPal account manager.
- If the error happens during testing, escalate the error to your PayPal account manager.
- If live, and one off, relaunch the linking flow from the beginning of card selection/referral ID creation.
- If you repeatedly run into issues after going live, escalate to your PayPal account manager.
- | | `CREATE_ACCOUNT_ERROR` | Not applicable | PayPal might be experiencing site issues |
HTTP status error codes
| HTTP status code | Error | Description | Details |
|---|---|---|---|
200 | 2fa_enabled_so_no_kmli | User is 2FA-enabled, so KMLI is not honored. | 2FA takes precedence over One Touch. |
400 | invalid_client | Client authentication failed. | Authorization header not present. |
400 | invalid_client | Client credentials are missing. | Invalid basic auth token. |
400 | invalid_request | Invalid scope requested. | Resend with a valid scope. |
400 | invalid_request | refresh_token is a required parameter. | Add the refresh_token parameter and value. |
400 | invalid_request | Supports token for response_type. | Incorrect response type sent. |
400 | invalid_request | Refresh token is invalid. | Resend with a valid refresh_token. |
400 | invalid_request | No permission to set target_client_id. | Make sure the client_id has the scope of GRANT_PROXY_CLIENT to use the target_client_id parameter. |
400 | invalid_request | The redirect_uri is a required parameter. | Resend with this parameter and value. |
400 | unsupported_grant_type | Unsupported grant type. | Specify a valid grant_type |
400 | invalid_response_type | Invalid response type for the request:[code]. | grant_type=client_credentialsUse with response_type=token |
401 | invalid_authz_code | Authorization code is invalid. | Check your authorization_code and resend. |
401 | invalid_client | Client authentication failed. | Base64 encoded client credentials passed in the authorization header are invalid. |
401 | invalid_redirect_uri | Redirect URI does not match. | Ensure that redirect_uri matches one configured during the application registration. |
401 | risk_decline | Request declined by risk. | Risk can decline due to bad IP, OFAC check, and suspicious fraudulent activity. |
401 | invalid_user | Device authentication failed. | Incorrect device information. |
401 | invalid_request | Unable to decrypt refresh token: Base64 decode failed. | Invalid refresh token passed when trying to get an AT from RT. |
401 | invalid_request | Unable to decrypt refresh token: Input length of 0 received; expected at least 36. | Incorrect refresh token. |
401 | invalid_token | Client authentication failed. | |
401 | invalid_authz_code | Authorization code is invalid. | Auth code not passed or is invalid. |
401 | invalid_authz_code | Authorization code not found in cache. | Use a new auth code. |
401 | invalid_token | Token signature verification failed. | |
401 | unauthorized_client | Client not authorized. | Check your permissions and try again. |
401 | remember_me_expired | Remember Me on the device has expired. | Legal mandate to clear off One Touch in a country-specific, pre-configure period (currently six months). |
401 | invalid_token | The token was not found in the system. | Unlink the user. They have revoked consent. |
Note: If a customer revokes consent on the PayPal.com user interface, the partner cannot make any requests on the customer's behalf, or get the customer's current account details. This situation generates the 401 Unauthorized - The token passed in was not found in the system error message.