Reference

Errors

Every Authio response carries a stable code in addition to an HTTP status. Branch on the code, not the message.

CodeStatusWhereDescription
missing_api_key401Management API authNo Bearer token provided.
invalid_api_key401Management API authToken unknown or revoked.
missing_bootstrap_token401POST /v1/bootstrapx-authio-bootstrap-token header is wrong.
bootstrap_disabled503POST /v1/bootstrapAUTHIO_BOOTSTRAP_TOKEN env var not configured on management-api.
invalid_email422POST /v1/auth/magic-link/send, invitationsEmail failed validation.
invalid_destination400POST /v1/auth/magic-link/sendDestination is not a valid email or E.164 phone.
invalid_slug422POST /v1/organizationsSlug must be lowercase alphanumeric with hyphens.
slug_in_use409POST /v1/organizationsAnother org in this project already uses that slug.
organization_not_found404Org-scoped endpointsNo org with that id in this project.
user_not_found404User-scoped endpointsNo user with that id in this project.
membership_not_found404Membership endpointsNo membership matched the (project, org, membership) combo.
not_a_member403POST /v1/sessions/(select|switch)-orgUser does not have an active membership in the requested org.
no_session401POST /v1/sessions/*No active session cookie or Bearer token.
token_consumed410Admin PortalThis setup link has already been used.
token_expired410Admin PortalToken TTL exceeded.
token_invalid_or_expired410Admin Portal saveToken unknown, expired, or already consumed.
unknown_provider404OAuth callbackProvider name not in the registry.
missing_email400OAuth callbackProvider returned no email claim.
verification_failed400Passkey verifyWebAuthn ceremony failed verification.
unknown_or_expired_challenge400Passkey verifyServer-side challenge missing or expired (5 min TTL).
db_unavailable503AnywherePostgres unreachable.

Every response also carries an X-Request-Id header and a request_id field in the JSON body. Include it in any support email so we can find the trace.