Skip to main content
Every error is returned as a JSON body with a fixed shape:
{ "status": "error", "message": "The user record was not found" }
Successful responses always include "status": "ok". As a defensive pattern, check the JSON status field in addition to the HTTP status code.

HTTP status codes

CodeMeaning
400Bad request — malformed body, missing or invalid parameters, schema validation failure
403Access denied — missing/invalid API token, insufficient permissions, disabled feature, or license limit
404The referenced record was not found
409Conflict — duplicate record, name already in use, or operation conflicts with the record’s current state
500Internal server error
Databunker Pro releases prior to the 2026-07 update returned HTTP 405 for most error conditions. If you run an older release, treat any non-2xx response as an error and rely on the JSON status/message fields.

Common error messages

The message field is human-readable. Representative messages per status code:

400 — Bad request

MessageCause
Missing API request parameters: profileA required request field was omitted (lists the fields)
Failed to decode the request bodyThe body is not valid JSON
Bad UUIDAn identifier is not a valid UUID
The mode parameter has an incorrect formatAn enum-style parameter has an unexpected value
Failed to validate user schema: ...The profile fails the configured user record schema
The filedata parameter is not valid base64File upload payload is not base64-encoded

403 — Access denied

MessageCause
Access deniedMissing/invalid X-Bunker-Token, or the token’s policy denies the operation
API access deniedPolicy evaluation rejected the request
Record limit reachedThe license record cap was hit — new records cannot be created
License expiredThe installation license has expired
BulkListUsers is disabledThe list_users configuration flag is off
The unlockuuid value was not found or is not validThe bulk-unlock UUID is missing, wrong, or past its 60-second lifetime
Only the main tenant admin can ...A main-tenant-only endpoint was called with a sub-tenant token

404 — Not found

MessageCause
The user record was not foundNo user matches the given mode/identity
Token not foundThe token UUID does not exist or has expired
The group record was not foundUnknown group ID
The legal basis record was not foundUnknown legal-basis brief
The API request was not foundThe /v2/<name> endpoint name does not exist

409 — Conflict

MessageCause
Duplicate index: emailAnother user already holds this unique index value (email/phone/login/custom)
The role record already existsCreate called with a name that is already taken
Duplicate tenant nameTenant name already in use
This user request is closedApprove/cancel called on a request that is no longer open

500 — Internal server error

MessageCause
Internal error / Database errorUnexpected server-side failure — check the server logs
Failed to decrypt the user recordStorage-level failure (e.g. key mismatch) — check the server logs
Server-side error details (database errors, stack context) are never included in API responses — they are written to the server log and the audit trail only.

Special cases

  • UserPrelogin captcha failure returns HTTP 200 with {"status":"error","message":"captcha-error"} — the user portal login flow consumes this in-body. Always check the status field on prelogin responses.
  • Public endpoints (UserPrelogin, UserLogin, CaptchaCreate, SharedRecordGet, TenantGetUIConf) require no token; all other endpoints return 403 without a valid one — see Authentication.
  • Unknown endpoint names under /v2/ return 404 with The API request was not found; unknown URL paths outside /v2/ return 404 with endpoint is missing.