Cliquify Developer
  1. Troubleshoot
  • Overview
    • Get started
  • Authentication
    • Token lifecycle
    • OAuth scopes
    • Get an access token
      POST
    • Introspect a token
      POST
    • Revoke a token
      POST
  • API Reference
    • Overview
    • Templates
      • Tags
        • List brand tags
      • List templates
    • Assets
      • Folders
        • List folder
      • List assets
      • List asset tags
    • Brand Kit
      • List brand kit
      • List brand kit logos
      • List brand kit colors
    • Troubleshoot
      • Errors and troubleshooting
  1. Troubleshoot

Errors and troubleshooting

Common response shapes#

Depending on where a failure happens, the JSON error structure may differ.
LayerTypical statusExample shape
Request validation422{ "field": ["message"] }
Token endpoint (/oauth/access-token)400, 401, 403, 422{ "success", "message", "details" }
Introspect (/oauth/introspect)422{ "success", "message", "data" }
Revoke (/oauth/revoke)422{ "success", "message", "data" }
Protected resource route (/api/*)401, 403, 404{ "message": "..." }

Quick reference#

SymptomLikely causeAction
400 on token requestAccess token invalid or expiredRequest a new token
401 with invalid_client on token requestWrong client ID or secretFix stored credentials
401 on /api/*Missing, invalid, or expired tokenRequest a new token and verify the Authorization header
403 on token requestEnterprise account is inactiveContact your account administrator
403 on /api/*Token is missing required scopesRequest a token using the documented helper endpoint
404 on /api/*Company linked to this client could not be foundVerify the OAuth client is associated with an active company
422 on token requestMissing required fieldsSend full JSON body with client_id and client_secret
422 on introspect or revokeToken is invalid, expired, or not providedRe-authenticate and pass a valid token
429Rate limit exceededBack off and retry

Common examples#

Invalid client credentials#

Returned by POST /oauth/access-token when the client_id or client_secret is incorrect.
{
  "success": false,
  "message": "Client authentication failed. Check client ID/secret.",
  "details": {
    "error": "invalid_client",
    "error_description": "Client authentication failed",
    "message": "Client authentication failed"
  }
}

Inactive enterprise#

Returned by POST /oauth/access-token when the enterprise account is inactive.
{
  "success": false,
  "message": "Inactive enterprise."
}

Invalid or expired token on a protected route#

Returned by /api/* routes when the Authorization header is missing or the token is no longer valid.
{
  "message": "Unauthenticated."
}

Insufficient scope#

Returned by /api/* routes when the token does not include the required scopes.
{
  "message": "Token does not have the required scope."
}

Company not found#

Returned by /api/* routes such as GET /api/tags when no company is linked to the OAuth client.
{
  "message": "Company not found."
}

Invalid or missing token on introspect / revoke#

Returned by POST /oauth/introspect or POST /oauth/revoke when the token body is missing or the token is not recognized.
{
  "success": false,
  "message": "Token required."
}
{
  "success": false,
  "message": "Invalid or expired token."
}

Token not found on revoke#

Returned by POST /oauth/revoke when the provided token cannot be found.
{
  "success": false,
  "message": "Token not found."
}

Rate limiting#

/api/* routes are rate limited. Expect approximately 60 requests per minute per IP. Confirm the actual limit for your deployment before publishing this value.
Modified at 2026-04-09 14:14:08
Previous
List brand kit colors
Built with