Getting started
About our APIs
Status codes

API Status Codes

BigCommerce REST APIs and GraphQL APIs respond to each request with an HTTP status code that depends on the result from the request. Error responses might also include an error message in the body to assist in resolving the problem.

This article covers REST and GraphQL status codes and error messages.

REST HTTP status codes

2xx Success

2xx codes are returned for requests that were understood and processed successfully.

200OKFor successful GET and PUT requests.
201CreatedFor a successful POST request.
202AcceptedFor a request that resulted in a scheduled task being created to perform the actual request.
204No ContentFor a successful request that produced no response (such as DELETE requests).
207Multi-StatusMultiple operations have taken place and the status for each operation can be viewed in the body of the response. Typically indicates that a partial failure has occurred.

3xx Redirection

3xx codes are returned for requests that require further action.

301Moved PermanentlyWhen the API routes have changed (unlikely), or if the incoming request is not secure (http), the request will be redirected to the secure (https) version.
304Not ModifiedThis response will be sent if the request included an If-Modified-Since header, but the resource has not been modified since the specified date.

4xx Client Error

4xx codes are returned for requests that could not be processed due to problems with the request or the data. For more information on handling 400 errors skillfully, see API Request Architecture.

400Bad RequestIssued when a malformed request was sent. The request could not be completed due to a URL restriction. Check the URL for ports that may conflict with site permissions.
401UnauthorizedThis response is sent when your client failed to provide credentials or its credentials were invalid.
403ForbiddenReturned when permissions do not allow the operation.
404Does Not ExistThe requested entity does not exist.
405Method Not AllowedThe resource was found, but doesn't support the request method. Issued when either a specific method isn’t yet implemented on a resource, or the resource doesn’t support the method at all. For example, a PUT on /orders is invalid, but a PUT on /orders/{_id_} is valid.
406Not AcceptableWhen the client specifies a response content type in the Accept header that is not supported.
409ConflictA change requested by the client is being rejected, due to a condition imposed by the server. The exact reasons for this response will vary from one resource to the next. An example might be attempting to delete a category whose deletion would cause products to be orphaned. Additional information about the conflict, and about how to resolve it, might be available in the response's details section.
413Request Entity Too LargeWhen the client requests too many objects. For example, the limit parameter exceeded the maximum.
415Unsupported Media TypeReturned due to issues with the Content-Type header.
422Missing or Invalid DataThe request cannot be processed either because it omitted required fields or because it contained invalid data. See the response for more details.
423Locked Status CodeThe requested resource is currently locked and unavailable.
429Too Many RequestsWhen an OAuth client exceeds the rate limit for API requests to a store.
499Client Closed RequestA client terminates the connection before receiving a response.

5xx Server Error

5xx codes are returned for requests that could not be processed due to an internal error with the API or server. For more information on handling 500 errors skillfully, see API Request Architecture.

500Internal Server ErrorWhen an error has occurred within the API.
501Not ImplementedWhen a request method is sent that is not supported by the API (e.g., TRACE, PATCH).
503Service UnavailableWhen the store is “Down for Maintenance,” being upgraded to a new version, or is suspended due to administrative action or a billing issue.
507Insufficient StorageWhen the store has reached a limitation for the resource, according to their BigCommerce plan (opens in a new tab) (e.g., 500-product limit).


CodeCommon CausesSolutions
204, 301, and 302RedirectsTry the www or non-www version of the URL.
400Invalid syntax, required data missing, content-type header missingDouble-check request body for syntax errors and missing data; check content-type header.
401API credentials are missing or invalid.Double-check the access_token and client_id.
Send cURL request with the same credentials to rule app or config issues.
403App lacks required OAuth scopes, a store-owner account changed, operations resulting from API request exceed a platform limit, or URL requested is incorrect. User does not have app install or uninstall permissions.Double-check OAuth Scopes in control panel > API Accounts or in Developer Portal > My Apps.
Check the URL. Are the endpoint and store hash correct?
Ensure platform limits (opens in a new tab) have not been reached.
415Request headers specify an unsupported content-type (or header is missing).Double-check content-type request header.
500Expensive API calls or an internal server error in BigCommerce.Re-attempt the request three to five times, with increasing delays of at least a minute between attempts.
Try reducing the number of objects being requested. You can request fewer objects in the v2 API, by using ?limit={count}. In v2 and v3 API, fewer objects can be requested by excluding certain fields or only requesting certain fields.
Check the BigCommerce Status Page (opens in a new tab).

GraphQL HTTP status codes

All GraphQL errors return a 401 HTTP status code.

401UnauthorizedThis response is sent when your client failed to provide credentials or its credentials were invalid.
"GraphQL credentials were missing. No token was sent."No token sent. The token was missing.
"GraphQL invalid credentials. String is not a JWT"Invalid JWT sent. The token was not a well-formed JWT.
"GraphQL invalid credentials. JWT signature is invalid"One of the JWT claims failed. The token was not generated by BigCommerce.
"GraphQL invalid credentials. JWT is expired"Token has expired.
"GraphQL invalid credentials. JWT channel id doesn't match channel id of the URL"Channel ID mismatch. The channel ID in the token does not match channel ID of the site URL.
"Unknown JWT token"JWT was revoked.
"GraphQL invalid credentials. JWT has no valid Json"Invalid JWT sent. Token has no valid JSON.
"GraphQL invalid credentials. JWT has Json of an unknown format"Invalid JWT sent. Token has no valid JSON.
"GraphQL invalid credentials. JWT store id doesn't match store id of the URL"Store ID in the token does not match store ID of the site URL.
Did you find what you were looking for?