The Visa Consent Management Service APIs use conventional HTTP response codes to indicate the success or failure of an API request. The HTTP status code 201 is returned for a successful API call. Other HTTP status codes, such as 400 and 500, are returned for unsuccessful calls.
To determine the status of any API call, use the combination of the HTTP status code returned in the response, error code from the Visa platform and other information included in the response message to apply the correct processing logic and communicate with customers.
The following table provides additional guidance on how to interpret and act upon status responses.
HTTP Status Code |
Error Code |
Error Description |
201 |
None |
API request processed successfully, and Consent Object was created successfully. A unique Consent ID is shared in the response header. |
400 |
Various |
The message had validation errors due to invalid field lengths, data type, or missing fields. The details part of the error response will include the error code and description for specific error. |
401 |
None |
Authentication failure. API authorized error may be caused due to any of the following reasons: · x-pay-token is not present, blank, or not in a valid format. · Timestamp field not in valid UTC timestamp format. · Version field is invalid. · Token's timestamp is more than 8 minutes off from the current time. · Token hash mismatch. · APIKey not present in request. · APIKey is not active. · APIKey not valid. · APIKey not active. · Request has more than one authentication token, which is not supported |
403 |
None |
The 403 (Forbidden) HTTP Status code indicates that this Visa Developer Center project does not have permission to access the requested resource. This can happen if you are trying to invoke an API request for a resource that is not part of your project. Check for the following: · You are using a project and the credential for the project that includes the API being accessed. · You created a project and received sandbox credentials for the APIs being called. · You added the API being called to the project (if not already present) with the credentials that are being used. |
406 |
None |
Not Acceptable - Indicates that the "Accept:" header field is present in a request and none of the available representations for the response have a media type that is listed as acceptable. This can happen when the requested API version is not available or unsupported; for example, when the version requested in the Accept: header is newer than the currently live/supported version. |
409 |
None |
The current state of consent is incompatible with the requested mutation. For example, an EXPIRED consent cannot be revoked. |
410 |
None |
Gone - Indicates that the resource at this end point is no longer available. This is usually returned for old API versions that are not available anymore - EOL (End-of-Life). The content-type header in the response indicates the latest supported API version. |
429 |
None |
The Visa Developer Center project has clocked too many requests in a given amount of time. Please contact Visa Support at [email protected] if you want to increase the time limits. |
500 |
None |
An internal server error occurred. Please contact Visa Support at [email protected] with a complete error message, full http request and response details. |
503 |
None |
The Visa system is currently unable to handle the request due to a temporary overloading or maintenance of the server. There may be a Retry-After header field to suggest an appropriate amount of time for the client to wait before retrying the request. The value of this field can be either an HTTP-date or several seconds to delay after the response is received. Retry-After = HTTP-date || delay-seconds examples: Retry-After: Thu, 31 Dec 2020 23:59:59 GMT Retry-After: 120 Please contact Visa Support at [email protected] if the issue persists. |