# Error Codes During implementation, you may encounter various errors with Myinfo API. This can be caused by various reasons such as implementation issues, wrong input or environmental differences. All Myinfo APIs will return a standard HTTP error code together with an error message. The error code/message may change from time to time but it can be used for debugging. Troubleshooting and debugging of the APIs can be done in the following steps. 1. Identification of which API is not working and an error is being returned from Myinfo Servers (e.g /authorize, /token, /person) Errors cound also occur due to * Connectivity errors (ensure there is no firewall blocking) * Incorrect urls and path parameters 2. Once an error is returned from Myinfo API, note down the error message and status code and utilise below table to debug 3. If issue persists or unable to resolve the issue, please submit a request at [partnersupport.singpass.gov.sg ](https://partnersupport.singpass.gov.sg/) *** ## Authorize API | | | | | | ---------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Error Code | Error Message | Reason | Remediation | | 302 | |

Possible to have the following error codes in the 'error' attribute.

| | | 400 | | Invalid parameters sent in authorize URL | Verify querystring parameters are correct as per specifications() | | 404 | | Invalid client\_id sent in authorize URL | Verify if client\_id used has been set to live in DPP and correct client\_id was passed in url | | 440 | | You are not logged in, or your previous session has expired. | Verify session is still valid, expiry of 2mins and also verify that browser is passing session cookie during redirect | | 500 | | Unexpected error. | | *** ## Token API | | | | | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | | Error Code | Error Message | Reason | Remediation | | 400 | No body found for POST request | Body was not sent in request | Verify body was sent in request | | | Format of client\_assertion is incorrect |

Verify client\_assertion format are correct as per specifications()

Utilize client\_assertion Generator/Verifier

Ensure client\_assertion is signature is correct (Need to be signed with private key corresponding to sign key configured in JWKS)

Ensure client\_assertion is used only once per transactiont

| | | Invalid client\_assertion\_type | Invalid client\_assertion\_type value passed in | Verify value is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" | | | Error Retrieving JWKS | Error retrieving JWKS from Myinfo Servers | Ensure correct JWKS endpoint is configured onto DPP and is a public URL | | | | JWKS format is incorrect |

Ensure JWKS is returned as a JSON object with this format ()

Ensure JWKS has at least 1 sign key with alg = 'ES256' and use = 'sig

Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc'

Utilize JWKS verifier

| | | Missing DPoP Proof | DPoP Proof JWT is missing in headers | Ensure DPoP Proof JWT is passed in correctly in HTTP headers | | | Missing {param} from headers | Missing mandatory param in the HTTP header | Verify specified mandatory param is passed in the HTTP header as per specifications () | | | Missing {param} from body | Missing mandatory param in the HTTP body | Verify specified mandatory param is passed in the HTTP header as per specifications () | | | 401 | Unauthorized. | App does not have access to this API | Ensure App is configured correctly and is live on DPP | |
  • Invalid DPoP Proof
  • Missing jkt in DPoP Proof
  • Invalid jkt in DPoP Proof
  • Missing htm in DPoP Proof
  • Invalid htm in DPoP Proof
  • Missing htu in DPoP Proof
  • Invalid htu in DPoP Proof
| Invalid DPoP Proof JWT format |

Verify DPoP Token format is correct as per specifications(

Utilize DPoP verifier

Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)

| | | Invalid JWS Verification | Signature of DPoP or client\_assertion is invalid |
  • Verify private key used to sign client\_assertion matches the sig key in JWKS
  • Verify kid in client\_assertion header matches the corresponding kid in JWKS
  • Verify JWK in DPoP Proof header is the correct public key to verify the private key



Utilize DPoP verifier

Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)

| | | 404 | Not found. | Invalid client\_id passed to API | Verify App is configured correctly on DPP and correct client\_id(ensure correct id is used in the correct environment) is used | | 500 | Internal server error. | Unexpected error. | | *** ## Person API | | | | | | ---------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Error Code | Error Message | Reason | Remediation | | 400 | Invalid Encyption key | Encryption key is of an Invalid format | Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc' | | Missing DPoP Proof | DPoP Proof JWT is missing in headers | Ensure DPoP Token is passed in correctly in HTTP headers | | | Duplicated DPoP-bound access\_token | access\_token has already been used | access\_token is a one time use, ensure a new access\_token is retrieved for every API call | | | Missing {param} from query parameters | Missing mandatory param in the query parameters | Verify specified mandatory param is passed in the query parameters as per specifications () | | | Missing {param} from headers | Missing mandatory param in the HTTP headers | Verify specified mandatory param is passed in the query parameters as per specifications () | | | 401 |
  • Invalid DPoP Proof
  • Missing ath in DPoP Proof
  • Invalid ath in DPoP Proof
  • Missing jkt in DPoP Proof
  • Invalid jkt in DPoP Proof
  • Missing htm in DPoP Proof
  • Invalid htm in DPoP Proof
  • Missing htu in DPoP Proof
  • Invalid htu in DPoP Proof
| Invalid DPoP Proof JWT format |

Verify DPoP Token format is correct as per specifications(

Utilize DPoP verifier

Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)

Ensure DPoP is signed with the same private key used to create DPoP in /token call.

| | 403 | DPoP-bound access\_token aud doesn't match with requested url | access\_token aud does not match resource being called | Verify correct access\_token matching service being called is used | | DPoP-bound access\_token realm doesn't match with requested realm | access\_token realm does not match resource being called | Verify correct access\_token matching service being called is used | | | DPoP-bound access\_token subject doesn't match with requested sub | access\_token sub does not match uuid being requested in API | Verify the same uuid is requested as provided in access\_token | | | DPoP-bound access\_token scope doesn't match with requested attributes | access\_token scope does not match scope being requested in API | Verify the same scope is requested as provided in access\_token | | | DPoP-bound access\_token invalid | access\_token is of an invalid format | Verify the access\_token passed in API request is correct and from /token response | | | 404 | | Requested sub's data may not be available | Verify the access\_token passed in API request is correct and from /token response | | 500 | Internal server error. | Unexpected error. | |