Errors
In this guide, we will talk about what happens when something goes wrong while you work with the API. Mistakes happen. Let's look at some status codes and error types you might encounter.
Status Codes
The GraphQL API returns HTTP status codes to indicate the success or failure of your API requests. The following table lists the status codes that the API uses to indicate success or failure:
| Status Code | Description |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 500 | Server Error |
In some cases, you may receive a 200 OK response even if there were errors. The GraphQL API will return an errors field in the response if any errors were encountered with the request.
Example 200 response with Authorization error
{
"errors": [
{
"message": "Not authorized to read Finding objects: {\"response\":{\"errors\":[{\"message\":\"Not authorized to read Finding objects\",\"locations\":[{\"line\":2,\"column\":3}],\"path\":[\"allFindings\"],\"extensions\":{\"code\":\"PERMISSION_DENIED\"}}],\"data\":{\"allFindings\":null},\"status\":200,\"headers\":{}},\"request\":{\"query\":\"query TestErrors {\\n allFindings {\\n id\\n title\\n _cursor\\n }\\n}\",\"variables\":{}}}",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"allFindings"
],
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"stacktrace": [
"Error: Not authorized to read Finding objects: {\"response\":{\"errors\":[{\"message\":\"Not authorized to read Finding objects\",\"locations\":[{\"line\":2,\"column\":3}],\"path\":[\"allFindings\"],\"extensions\":{\"code\":\"PERMISSION_DENIED\"}}],\"data\":{\"allFindings\":null},\"status\":200,\"headers\":{}},\"request\":{\"query\":\"query TestErrors {\\n allFindings {\\n id\\n title\\n _cursor\\n }\\n}\",\"variables\":{}}}",
" at makeRequest (/usr/app/node_modules/graphql-request/src/index.ts:441:11)",
" at processTicksAndRejections (node:internal/process/task_queues:95:5)",
" at async Object.allFindings (/usr/app/src/schema/resolvers/generateProxyResolvers.ts:29:18)"
]
}
}
],
"data": {
"allFindings": null
}
}
Error Types
Authentication
If you send a request without a valid Bearer token, you will receive a 401 Unauthorized response. The response body will contain a JSON object with the following structure:
Example Authentication Error Response
{
"message": "UnauthorizedError: invalid signature\n at new UnauthorizedError (/usr/app/node_modules/express-jwt/dist/errors/UnauthorizedError.js:22:28)\n at /usr/app/node_modules/express-jwt/dist/index.js:139:38\n at step (/usr/app/node_modules/express-jwt/dist/index.js:33:23)\n at Object.next (/usr/app/node_modules/express-jwt/dist/index.js:14:53)\n at fulfilled (/usr/app/node_modules/express-jwt/dist/index.js:5:58)"
}
Authorization
If you send a request with a valid Bearer token, but the token does not have the correct permissions to retrieve the requested data, you will receive a 200 OK response. The response body will contain a JSON object containing an errors field with the following structure:
Example Authorization Error Response
{
"errors": [
{
"message": "Not authorized to read Finding objects: {\"response\":{\"errors\":[{\"message\":\"Not authorized to read Finding objects\",\"locations\":[{\"line\":2,\"column\":3}],\"path\":[\"allFindings\"],\"extensions\":{\"code\":\"PERMISSION_DENIED\"}}],\"data\":{\"allFindings\":null},\"status\":200,\"headers\":{}},\"request\":{\"query\":\"query TestErrors {\\n allFindings {\\n id\\n title\\n _cursor\\n }\\n}\",\"variables\":{}}}",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"allFindings"
],
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"stacktrace": [
"Error: Not authorized to read Finding objects: {\"response\":{\"errors\":[{\"message\":\"Not authorized to read Finding objects\",\"locations\":[{\"line\":2,\"column\":3}],\"path\":[\"allFindings\"],\"extensions\":{\"code\":\"PERMISSION_DENIED\"}}],\"data\":{\"allFindings\":null},\"status\":200,\"headers\":{}},\"request\":{\"query\":\"query TestErrors {\\n allFindings {\\n id\\n title\\n _cursor\\n }\\n}\",\"variables\":{}}}",
" at makeRequest (/usr/app/node_modules/graphql-request/src/index.ts:441:11)",
" at processTicksAndRejections (node:internal/process/task_queues:95:5)",
" at async Object.allFindings (/usr/app/src/schema/resolvers/generateProxyResolvers.ts:29:18)"
]
}
}
],
"data": {
"allFindings": null
}
}
Malformed Query
If you send a malformed query, you will receive a 400 Bad Request response. The response body will contain a JSON object with the following structure, which may include information about how to correct the query:
Example Malformed Query Response
{
"errors": [
{
"message": "Cannot query field \"titles\" on type \"Finding\". Did you mean \"title\"?",
"locations": [
{
"line": 4,
"column": 5
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED",
"stacktrace": [
"GraphQLError: Cannot query field \"titles\" on type \"Finding\". Did you mean \"title\"?",
" at Object.Field (/usr/app/node_modules/graphql/validation/rules/FieldsOnCorrectTypeRule.js:51:13)",
" at Object.enter (/usr/app/node_modules/graphql/language/visitor.js:301:32)",
" at Object.enter (/usr/app/node_modules/graphql/utilities/TypeInfo.js:391:27)",
" at visit (/usr/app/node_modules/graphql/language/visitor.js:197:21)",
" at validate (/usr/app/node_modules/graphql/validation/validate.js:91:24)",
" at processGraphQLRequest (/usr/app/node_modules/@apollo/server/src/requestPipeline.ts:245:38)",
" at runNextTicks (node:internal/process/task_queues:60:5)",
" at processImmediate (node:internal/timers:447:9)",
" at async internalExecuteOperation (/usr/app/node_modules/@apollo/server/src/ApolloServer.ts:1290:12)",
" at async runHttpQuery (/usr/app/node_modules/@apollo/server/src/runHttpQuery.ts:232:27)"
]
}
}
]
}