icon-oneapi.svg
OneAPI

Understanding Response Codes & Error Messages

The following HTTP status codes are returned by Zscaler OneAPI.

CodeDescription
401The authorization token is invalid, expired, or missing.
403The API client does not have access to the requested resource.
404The requested API resource could not be found.
408The client took too long to send a complete request.
413The HTTP request exceeds the maximum allowable size.
429The API client exceeded the rate limit or quota. Too many requests have been made in a short period.
500An internal server error occurred while processing the request.
503The requested resource is temporarily unavailable.
504The server took too long to respond to the request.
Close

In addition, the APIs for specific Zscaler services might use a set of status codes that is exclusive to that service. The following sections provide information on the status codes that are exclusive to specific services.

ZIA API

Zscaler Internet Access (ZIA) API uses the following additional response codes and error messages that are specific to use cases and scenarios in ZIA.

CodeDescription
200Successful request.
204Successful. No content returned.
400Invalid or bad request.
403

This code is returned due to one of the following reasons:

  • User's role has no access permissions or functional scope.
  • A required SKU subscription is missing.
  • API operations that use POST, PUT, or DELETE methods are performed when the ZIA Admin Portal was in maintenance mode during a scheduled upgrade.

Contact Zscaler Support or your Zscaler Account team for assistance.

404Resource does not exist.
405Method not allowed. This error is returned when the request method is not supported by the target resource.
409Request could not be processed because possible edit conflict occurred. Another admin might be saving a configuration change at the same time. In this scenario, the API client automatically retries after a short time period.
415Unsupported media type. This error is returned if you don't include application/json as the Content-Type in the request header (for example, Content-Type: application/json).
500Unexpected error.
503Service is temporarily unavailable.
Close

ZPA API

Zscaler Private Access (ZPA) API uses the following additional response codes and error messages that are specific to use cases and scenarios in ZPA.

CodeDescription
200Successful
201Created
204No Content
400

Bad Request

For example:

{
 "id": "resource.not.found", 
 "reason": "No resource exists with the given id/name :0", 
 "params": [
   "0" 
 ] 
}
401

Unauthorized

For example:

{
 id: "access.denied",
 reason: "Access denied"
}
403Forbidden
404Not Found
409

Conflict

For example:

{
   "params":[
      "com.zscaler.zpn.model.PolicySet"
   ],
   "id":"api.concurrent.access.error",
   "reason":"Unable to modify the resource due to concurrent change requests. Try again"
}

Concurrent API calls using POST, PUT, and DELETE methods to the policy set controller might return error 409 - Conflict. Ensure that only one PUT request per policy rule is sent at a given time.

429

The API client exceeded the rate limit or quota.

The following example is the response body when an API call is rate limited:

{
  "exception": "invalid.toomanyrequests",
  "id": "invalid.toomanyrequests",
  "reason": "Exceeded the number of requests allowed"
}

The following example is the response header when an API call is rate limited:

{
  "content-type": "application/json",
  "date": "Wed, 6 Mar 2024 11:38 GMT",
  "retry-after": "13s"
}

To learn more, see Understanding Rate Limiting.

503

Service Unavailable

The following example is a response body for error code 503:

{
 "id": "retryable.server.error",
 "reason": "An error occurred. Refer to the Retry-After header, and then try again."
}

The following is an example response header: {Retry-After: 10s}

Zscaler recommends an exponential backoff strategy before retrying. If a Retry-After header is available as part of the response headers, wait until the stipulated time mentioned in the Retry-After header before retrying.

Close

Zscaler Client Connector API

Zscaler Client Connector API uses the following additional response codes and error messages that are specific to use cases and scenarios in Zscaler Client Connector.

CodeDescription
200Successful
400Bad Request
401Unauthorized
403Forbidden
404Not Found
Close

Zscaler Cloud & Branch Connector API

Cloud & Branch Connector API uses the following additional response codes and error messages that are specific to use cases and scenarios in Cloud & Branch Connector.

CodeDescription
200 OKSuccessful
204 No ContentSuccessful. No content returned.
400 Bad RequestRequest not completed due to incorrect syntax.
401 UnauthorizedSession is not authenticated or timed out.
403 Forbidden

This code is returned for one of the following reasons:

  • The API key was disabled by your service provider.
  • User's role has no access permissions or functional scope.
  • API operations that use POST, PUT, or DELETE methods were performed when the Zscaler Cloud & Branch Connector Admin Portal was in maintenance mode during a scheduled upgrade.

Contact Zscaler Support or your Zscaler Account team for assistance.

404 Not FoundResource does not exist.
409 ConflictRequest could not be processed because a possible edit conflict occurred. Another admin might be saving configuration changes at the same time. In this scenario, the API client automatically retries after a short time period.
415 Unsupported Media TypeUnsupported media type. This error is returned if you don't include application/json as the Content-Type in the request header (for example, Content-Type: application/json).
429 Too Many RequestsThe API client exceeded the rate limit or quota. The response includes a Retry-After value.
500 Internal Server ErrorUnexpected error.
503 Service UnavailableService is temporarily unavailable.
Close

Related Articles
Understanding Rate LimitingUnderstanding Response Codes & Error Messages