Skip to main content
Every error response from the Nevermined API carries a stable code (e.g. BCK.X402.0008). The table below enumerates every code, its HTTP status, category, canonical message, and remediation hint. Pages on this site are anchored by code — link directly to #bck-x402-0008 from your error handlers, runbooks, or support tickets.
Locked response fields are code, message, and the HTTP status. Optional fields (hint, docsUrl, category, retryable, correlationId) appear only when supplied. Consumers that branch only on code and message ignore the rest transparently.

Namespaces

BCK.ACCOUNT_PROVISIONING

CodeHTTPCategoryRetryableMessageHint
BCK.ACCOUNT_PROVISIONING.0001400validationAccount provisioning requires an emailPass an email in the request body. Account provisioning is keyed on email; passwordless flows are not supported here.
BCK.ACCOUNT_PROVISIONING.0003500integrationUnexpected failure during account provisioningInspect the underlying error in logs. Provisioning failed mid-way — usually a Privy or DB-layer error. The partial profile (if any) needs manual cleanup.

BCK.AGENT

CodeHTTPCategoryRetryableMessageHint
BCK.AGENT.0001400businessInvalid Agent Execution StatusProvide one of the valid execution statuses (Pending, In_Progress, Completed, Failed). Other strings are rejected to keep state-machine transitions auditable.
BCK.AGENT.0002500businessError updating step agentInspect the underlying error in logs. The step persistence failed — usually a DB-layer constraint or stale step row.
BCK.AGENT.0003403businessUnable to create task for agentVerify the caller holds an active plan that covers this agent, and that the agent is published.
BCK.AGENT.0004403businessInvalid userVerify the authenticated user identity. The agent task endpoint requires a real (non-guest) user with a wallet.
BCK.AGENT.0005403businessUnable to get task for did, task and userVerify the (DID, taskId, user) tuple matches an existing task the user owns. Most often a stale taskId or wrong agent DID.
BCK.AGENT.0006403businessUnable to find tasks by subscriberInspect the underlying error in logs. Subscriber-side task lookup failed — usually a DB-layer error.
BCK.AGENT.0007404businessConnection not found for clientIdVerify the clientId is the value returned by the websocket handshake for this session. Clients reconnecting must rebind a fresh clientId.
BCK.AGENT.0008500businessError registering websocket connectionInspect the underlying error in logs. Websocket registration failed — usually a Redis/queue-layer issue.
BCK.AGENT.0009403businessError creating steps for agentInspect the underlying error in logs. Step creation failed — verify the agent task exists and is in a state that accepts new steps.
BCK.AGENT.0010403businessTask not found or completedVerify the taskId. The task may have been marked Completed/Failed already and no longer accepts state changes.
BCK.AGENT.0011500internalAgent lookup failed: agent with the given entryId not found in service layerThe service-layer findOneById returned null. The original behaviour was a generic 500; consumer code that needs 404 semantics should use BCK.PROTOCOL.0004.
BCK.AGENT.0012500internalAgent DTO mapping called with a null entityGetAgentDto.fromEntity received null. The caller should branch on the service-layer lookup result before calling fromEntity; this code only fires if a programming error leaks past that guard.

BCK.APIKEY

CodeHTTPCategoryRetryableMessageHint
BCK.APIKEY.0001403authAPI Key not registered, you need to register it firstRegister the API key via POST /api-keys before using it. The key signature is valid but no record exists in our DB.
BCK.APIKEY.0002404authAPI Key with given hash not foundVerify the API key value. The hashed lookup returned no row; the key may have been revoked or never registered.
BCK.APIKEY.0003401authUnable to revoke API KeyInspect the underlying error in logs. The revocation write failed — usually a DB-layer issue.
BCK.APIKEY.0004401authInvalid Nevermined API KeyVerify the API key value is well-formed (header.payload.signature) and not truncated. Reissue if it was rotated.
BCK.APIKEY.0006401authInvalid Nevermined Key MetadataVerify the API-key payload includes the expected metadata fields (sub, iss, aud, exp). Reissue if it predates the metadata schema change.
BCK.APIKEY.0007401authAPI Key issuer does not match user addressReissue the API key from the authenticated user’s wallet. The token’s iss claim must equal the authenticated address byte-for-byte.
BCK.APIKEY.0008403authAPI Key with hash already existsRevoke and reissue the API key. The collision means the same hash was already stored (extremely rare; usually a duplicate-create call).
BCK.APIKEY.0009500authError search API Key trannsactionsInspect the underlying error in logs. The API-key transactions query failed — usually a DB-layer error or pagination issue.
BCK.APIKEY.0010401authExpiration date must be in the futureProvide an exp claim in the future when creating the key, or omit it for a never-expiring key.
BCK.APIKEY.0011500authError searching user API KeysInspect the underlying error in logs. The per-user API-keys lookup failed — usually a DB-layer error.
BCK.APIKEY.0012401authUnable to generate assertionInspect the underlying error in logs. Assertion generation failed — verify the signer wallet is unlocked and the requested audience is registered.
BCK.APIKEY.0013401authMalformed API Key payloadVerify the JWT was not truncated or tampered with in transit. Reissue the API key from the source credential store and retry.
BCK.APIKEY.0014500internalAPI Key claim is missing the issuer (iss) addressThe validated JWT payload reached the service layer without an iss claim. Inspect the upstream guard that produced this payload — iss is mandatory for API-key issuance.

BCK.AUTH

CodeHTTPCategoryRetryableMessageHint
BCK.AUTH.0001500authError registering API KeyInspect the underlying error in logs. API-key registration failed — usually a DB-layer error or assertion-validation reject.
BCK.AUTH.0002401authAuthentication required: credentials are missing, expired or invalidSend an Authorization: Bearer <token> header or a valid Nevermined API key. Anonymous access is not permitted on this endpoint.
BCK.AUTH.0003403authForbidden: caller is not the owner of this resource and lacks an admin roleAuthenticate as the resource owner or an admin who has access to it. Cross-account access is rejected unless you carry an admin role.
BCK.AUTH.0004403authOrganisation admin privileges requiredThe caller is not an active admin of the target organisation. Prefer the more specific siblings (BCK.AUTH.0005-0009) at new throw sites; this code remains as a catch-all.
BCK.AUTH.0005403authUnable to verify organisation membershipThe membership lookup itself failed (e.g. transient DB error). Check the cause field on the server log; retry once.
BCK.AUTH.0006403authCaller does not belong to any organisationAdd the user as a member of the target organisation before calling admin-scoped endpoints.
BCK.AUTH.0007403authCaller does not have administrator privilegesThe caller is a member but not an admin. Promote the role via the organisation admin UI / API, or call from an admin account.
BCK.AUTH.0008403authCaller account is not activeThe user is suspended/disabled. Reactivate via the admin UI before retrying.
BCK.AUTH.0009403authTarget organisation is not activeThe org has been deactivated (subscription lapsed, manual disable, etc.). Reactivate before performing admin operations.
BCK.AUTH.0010403authDirect organisation creation is restricted to internal callersEnd users must upgrade via /checkout/organization-upgrade. Internal tooling must provide a valid X-Ops-Org-Create-Token header matching OPS_ORG_CREATE_TOKEN.
BCK.AUTH.0011500internalAuthenticated request did not yield a resolvable account addressThe authenticated request reached the handler without req.address or req.smartAccountAddress populated. Two causes are common: the guard chain is misconfigured for this route, or the user has no wallet linked to their account.
BCK.AUTH.0012401authMalformed Authorization headerThe Authorization header was present but not a well-formed Bearer <token>. Send Authorization: Bearer <token> (the second space-separated segment is the token). Triage tip: this code separates “garbage token” from “no token” — the latter throws BCK.AUTH.0002.
BCK.AUTH.0013403internalRole guard active without @Roles metadataA route was decorated with @UseGuards(RolesGuard) but no @Roles(...) declaration. The guard fails closed: no role list means no caller can satisfy the requirement. Add @Roles(...) to the handler or remove the RolesGuard wiring.

BCK.BILLING

CodeHTTPCategoryRetryableMessageHint
BCK.BILLING.0001403authBootstrap endpoint is not enabled in this environmentThe Stripe tier-products bootstrap endpoint (and /invitations/expire-stale) are gated behind OPS_BOOTSTRAP_TOKEN. Leave the env var unset to keep them disabled; set it to enable.
BCK.BILLING.0002403authInvalid bootstrap tokenThe X-Bootstrap-Token header did not match OPS_BOOTSTRAP_TOKEN. This endpoint is operator-only — request the token from infra.
BCK.BILLING.0003503integrationStripe is not configured in this environmentSTRIPE_API_KEY is unset, so we cannot create Stripe products. Configure Stripe credentials before running tier-products bootstrap.
BCK.BILLING.0004503integrationTier catalog row missing for the requested (tier, currency, interval) combinationRun the hybrid-tier-plans bootstrap (ENABLE_ORG_TIER_BOOTSTRAP=true on next startup, or POST /api/v1/organizations/billing/tier-bootstrap with the ops token) to materialise the catalog rows. Returns 503 because the deployment has not been fully provisioned yet — clients may retry once the operator finishes the bootstrap.
BCK.BILLING.0010400validationInvalid combination of currency and interval for org-tier checkoutUSD and EUR plans must use interval=month or year (Stripe). USDC and EURC plans must use interval=one_shot (on-chain payment). Other combinations are rejected.
BCK.BILLING.0011202integrationTransaction receipt not yet available — please retryThe /confirm-crypto endpoint polled for CRYPTO_CONFIRM_POLL_TIMEOUT_SECS without seeing the receipt on chain. The caller should retry with the same txHash; on-chain finality is propagating.
BCK.BILLING.0012400validationTransaction does not match the expected crypto payment for this catalog rowVerify the transaction transferred the exact token (USDC for USDC plans, EURC for EURC plans) with the exact amount specified by the catalog row, to the Nevermined node-account address.
BCK.BILLING.0013400businessNo active subscription found to cancel for this organizationThe /billing/cancel endpoint requires an existing Stripe-backed subscription on the org. Org-tier upgrades through /billing/checkout populate this row; legacy crypto-paid orgs do not and cannot be canceled this way.
BCK.BILLING.0014400businessSubscription is already canceled — cannot downgradeStripe rejects updates on canceled subscriptions. Start a fresh Premium subscription via /checkout/organization-upgrade instead of attempting to downgrade the cancelled one.
BCK.BILLING.0015400validationInvalid downgrade target tierThe /billing/downgrade endpoint only accepts Premium as the target. Use /billing/cancel to end the subscription (Lapsed/Personal are not valid downgrade targets).
BCK.BILLING.0016400businessNo active subscription found to downgrade for this organizationThe /billing/downgrade endpoint requires an existing Stripe-backed Enterprise subscription on the org. Legacy crypto-paid orgs and orgs without a tier subscription cannot be downgraded this way.
BCK.BILLING.0017400businessCurrent tier is not Enterprise — nothing to downgradeOnly Enterprise → Premium downgrades are supported. Premium and below have no paid tier above to step down from; use /billing/cancel to end the subscription instead.
BCK.BILLING.0018503integrationCatalog row has no Stripe priceId — Stripe products bootstrap incompleteRun the Stripe products bootstrap (POST /api/v1/organizations/billing/bootstrap with the ops token, or ENABLE_ORG_TIER_BOOTSTRAP=true at startup) so the catalog row is paired with a Stripe price. Returns 503 because the deployment is partially provisioned; clients may retry once Stripe wiring lands.
BCK.BILLING.0019502integrationStripe subscription has no line itemsThe Stripe subscription on file has zero items, which prevents a price swap during downgrade. Inspect the subscription in the Stripe dashboard — this should never happen for org-tier subs we minted ourselves.
BCK.BILLING.0020502integrationStripe Checkout session created without a hosted URLStripe accepted the Checkout session create but returned no url. Treat as a transient Stripe API anomaly — retry the checkout endpoint. If it persists, inspect the Stripe Dashboard’s events for the session id we return in params.
BCK.BILLING.0021503integrationToken address not configured for currency / chain — operator action requiredThe crypto-one-shot checkout cannot proceed because no ERC-20 token address is registered for the catalog row’s (currency, chainId) pair. Add the mapping to getTokenAddressForChain and redeploy; until then the endpoint will keep returning 503.
BCK.BILLING.0022409businessOrganization already has an active subscriptionA live Stripe subscription (active, trialing, or past_due) already exists for this org, so /billing/checkout would create a SECOND one and bill the org twice. Use /billing/upgrade or /billing/downgrade to change tier on the existing subscription. Re-subscribing via /checkout is only allowed once the current subscription is canceled.
BCK.BILLING.0023400validationInvalid upgrade target tierThe /billing/upgrade endpoint only accepts Enterprise as the target — it swaps a Premium subscription up to Enterprise in place. To start a brand-new subscription use /checkout; to step down from Enterprise use /billing/downgrade.
BCK.BILLING.0024400businessNo active subscription found to upgrade for this organizationThe in-place /billing/upgrade requires an existing Stripe-backed Premium subscription on the org. An initial subscribe goes through /checkout; legacy crypto-paid orgs and orgs without a tier subscription cannot be upgraded this way.
BCK.BILLING.0025400businessCurrent tier is not Premium — nothing to upgrade in placeOnly Premium → Enterprise in-place upgrades are supported. Not-yet-subscribed orgs start via /checkout, and Enterprise is already the top tier with nothing to upgrade to.
BCK.BILLING.0026400businessSubscription is already canceled — cannot upgradeStripe rejects updates on canceled subscriptions. Start a fresh subscription via /checkout instead of attempting to upgrade the canceled one.

BCK.BRAINTREE

CodeHTTPCategoryRetryableMessageHint
BCK.BRAINTREE.0001500integrationBraintree platform gateway is not configuredThe BRAINTREE_PLATFORM_* env vars are unset. Configure the platform-gateway credentials before enabling Braintree features.
BCK.BRAINTREE.0002400integrationBraintree charge failedInspect the Braintree dashboard for the transaction id in params. Common causes: processor declined, invalid CVV, or insufficient funds.
BCK.BRAINTREE.0003502integrationBraintree OAuth token refresh failedInspect the underlying error in logs. Token refresh failed — usually expired credentials; the merchant must re-authorize via OAuth.
BCK.BRAINTREE.0004400integrationPlan owner has not connected a Braintree merchant accountThe plan owner has not connected Braintree. They must complete OAuth on the seller dashboard before their plans can be sold via Braintree.
BCK.BRAINTREE.0005400integrationPlan is not a fiat plan — cannot be purchased via BraintreeUse Braintree only for fiat plans. Crypto plans must be paid through the on-chain flow.
BCK.BRAINTREE.0006409integrationPlan owner has no Braintree merchant account connectedThe plan owner has revoked or never connected their Braintree account. Ask them to reconnect before retrying the purchase.
BCK.BRAINTREE.0007400integrationPlan owner’s Braintree account does not have a merchant account in the plan’s currencyAsk the seller to add a Braintree merchant account in the plan’s currency, then disconnect and reconnect to refresh the cached account list.
BCK.BRAINTREE.0008400integrationCannot create a Braintree plan in this currency: your Braintree account has no merchant account in that currency. Add one in your Braintree dashboard, then disconnect and reconnect to refresh.Add a merchant account in the requested currency in the Braintree dashboard, then disconnect and reconnect to refresh.
BCK.BRAINTREE.0009400integrationPlan metadata is missing currency. Plans must specify a currency to be settled via Braintree.Re-publish the plan with metadata.currency populated. Braintree cannot route the settlement without a target currency.
BCK.BRAINTREE.0010503integrationBraintree/PayPal payment provider is not available in this environmentSet BRAINTREE_MERCHANT_ID, BRAINTREE_PUBLIC_KEY, and BRAINTREE_PRIVATE_KEY in the deployment env. Returns 503 because the route is reachable only after the operator wires Braintree up.

BCK.COMMON

CodeHTTPCategoryRetryableMessageHint
BCK.COMMON.0001500internalUnable to initialize Nevermined instanceInspect the API logs around startup. The Nevermined SDK could not initialise — usually a misconfigured RPC provider, missing wallet seed, or a chain-config mismatch.
BCK.COMMON.0002500internalUnable to generate session keyInspect the underlying error in logs. The Nevermined SDK could not derive a session signer — usually a wallet/keystore configuration problem.
BCK.COMMON.0003500internalUnable to retrieve fees information from NeverminedInspect the underlying error in logs. The protocol fee lookup failed — verify chain connectivity and that the FeeController contract is reachable.
BCK.COMMON.0004500internalUnable to calculate Asset PriceInspect the underlying error in logs. The pricing helper failed — usually a missing/invalid plan price metadata or a chain-side revert.
BCK.COMMON.0005500internalUnable to load NFT ContractInspect the underlying error in logs. The NFT contract handle could not be resolved — verify the address registered in protocol config matches the deployed contract.
BCK.COMMON.0006500internalUnable to register Credits Plan on NeverminedInspect the underlying error in logs. Credit plan registration failed at protocol or SDK layer — re-run after fixing the cause; the partial plan row (if any) needs manual cleanup.
BCK.COMMON.0007500internalUnable to register Time Plan on NeverminedInspect the underlying error in logs. Time plan registration failed at protocol or SDK layer — re-run after fixing the cause; the partial plan row (if any) needs manual cleanup.
BCK.COMMON.0008500internalUnable to register Points event in the databaseInspect the underlying error in logs. The points-event insert failed — typically a DB-side constraint or connectivity issue. Re-run idempotently or backfill manually.
BCK.COMMON.0009500internalUnable to register API Key usage in the databaseInspect the underlying error in logs. The API-key usage insert failed — typically a DB-side constraint or connectivity issue.
BCK.COMMON.0010500internalUnable to register AI AgentInspect the underlying error in logs. Agent registration failed at protocol or DB layer. The partial row (if any) should be removed before retry.
BCK.COMMON.0011500internalUnable to register File assetInspect the underlying error in logs. File asset registration failed — usually a storage-layer or DDO-write error.
BCK.COMMON.0012500internalUnable to generate access token to AI AgentInspect the underlying error in logs. Access-token minting failed — verify the agent is registered and the requesting user has a valid plan.
BCK.COMMON.0013404internalUnable to resolve DDO from DIDVerify the DID is well-formed and exists in metadata. The DDO resolver returned no document; this is a 404 by design.
BCK.COMMON.0014404internalPlan not foundVerify the planId. The plan may have been deleted or never registered. Common causes: stale link, environment mismatch (sandbox vs live).
BCK.COMMON.0015500internalUnable to get the Plan balanceInspect the underlying error in logs. Balance lookup failed — usually a chain RPC or contract-call revert.
BCK.COMMON.0016500internalUnable to order the subscriptionInspect the underlying error in logs. Subscription ordering failed — verify the buyer has sufficient balance and the plan is active.
BCK.COMMON.0017500internalThere are no files associated to the file assetRe-publish the asset with at least one file entry, or use a different agent endpoint that does not require files.
BCK.COMMON.0018500internalAn error happened while downloading the asset filesInspect the underlying error in logs. Asset file download failed — usually a storage-layer access issue or expired signed URL.
BCK.COMMON.0019500internalAn error happened while trying to mint creditsInspect the underlying error in logs. Credit minting failed at protocol or SDK layer — verify the plan exists and the credit type matches.
BCK.COMMON.0020500internalAn error happened while trying to burn creditsInspect the underlying error in logs. Credit burning failed — verify the user holds enough credits and the plan permits burning at this point.
BCK.COMMON.0021404internalUnable to resolve widget metadata from DIDVerify the DID is a widget DID and exists. Widget metadata resolution returns 404 when the DID is not registered or its metadata was pruned.
BCK.COMMON.0022403internalMethod not supportedThe endpoint or sub-feature is disabled in this deployment. Check feature-flag configuration before retrying.
BCK.COMMON.0023403internalError parsing inputInspect the request body against the documented schema for this endpoint. The parser rejected a required field or malformed JSON.
BCK.COMMON.0024401internalCould not validate the login claimRe-issue a fresh login claim. The signed claim either has an invalid signature, an expired timestamp, or was issued for a different audience.
BCK.COMMON.0025400internalInvalid UUID format in requestProvide a valid UUID v4 string in the highlighted field. Most ID parameters require canonical UUID format.
BCK.COMMON.0026400validationInvalid uint256 identifier (must be a decimal string in [0, 2^256 - 1])Provide a decimal-string uint256 in the highlighted field (no 0x prefix, no scientific notation). Plan IDs and agent IDs use this format end-to-end.
BCK.COMMON.0027409businessResource already exists (database unique constraint violated)A record with the same unique key already exists. Either update the existing record or use a different identifier.
BCK.COMMON.0028409businessReferenced resource does not exist (foreign key violation)The request references an entity (plan, agent, user, organisation) that does not exist or has been deleted. Verify the referenced ID.
BCK.COMMON.0029503integrationDatabase temporarily unavailableThe database is being restarted or is under maintenance. Retry the request after a short backoff.
BCK.COMMON.0030500internalInvalid ECDSA public key formatThe provider public key did not match the expected 65-byte uncompressed prefix (0x04 + x + y). Inspect getProviderPublicKey() output.
BCK.COMMON.0031500internalInvalid ECDSA public key lengthAfter normalising, the provider public key was not 128 hex characters (64 bytes). Inspect getProviderPublicKey() output and the upstream key derivation.
BCK.COMMON.0032500internalProvider public key not available for JWKS endpointNeverminedService.getProviderPublicKey() returned empty. Verify the node wallet seed configuration and that the service initialised successfully at startup.
BCK.COMMON.0033404integrationEmail challenge search returned no rows or the query failedInspect the underlying error in logs. The historical behaviour mapped any failure here to a 404; preserved for backward compatibility. A failed search usually means a DB-layer error or invalid filter combination.
BCK.COMMON.0034400validationQuery parameter exceeds maximum lengthA bounded query parameter (e.g. textSearch) was sent above its byte/character limit. Truncate the value client-side and retry. Limits exist to bound the cost of downstream filters — see the parameter description in the OpenAPI spec.

BCK.CREDITS

CodeHTTPCategoryRetryableMessageHint
BCK.CREDITS.0001400businessMint amount must be positiveSend mint amount > 0. Zero or negative mints are rejected; cleanup of bad lots must happen through a refund path.
BCK.CREDITS.0002400businessBurn amount must be positiveSend burn amount > 0. Zero or negative burns are rejected.
BCK.CREDITS.0003402businessInsufficient credits for planBuy or top up credits before retrying. The buyer wallet does not hold enough credits for the requested redemption.
BCK.CREDITS.0004400businessRefund amount must be positiveSend refund amount > 0. Zero or negative refunds are rejected; they are also bounded by the original mint amount.
BCK.CREDITS.0005500businessCredit lots do not satisfy the burned amount — FIFO invariant violatedInspect the underlying error and the planId/userId in params. The FIFO credit-lots ledger could not satisfy the burn — this indicates a data-integrity issue; do not retry blindly.
BCK.CREDITS.0006500internalCannot enqueue on-chain order mirror without a corresponding minted credit lotenqueueFiatOrderMirror must be called after a successful creditsService.mint with the same sourceTx. This usually indicates an out-of-order call by a service, not a runtime data issue.

BCK.DELEGATION

CodeHTTPCategoryRetryableMessageHint
BCK.DELEGATION.0001404businessPayment method not foundVerify the paymentMethodId. The payment method may have been removed or never existed.
BCK.DELEGATION.0002404businessDelegation not foundVerify the delegationId. The delegation may have been revoked, expired, or never existed.
BCK.DELEGATION.0003400validationUnknown payment method providerThe ?provider= query param must be one of the supported providers (stripe, braintree, erc4337, visa). Omit it to list methods from every provider.

BCK.ENTITLEMENTS

CodeHTTPCategoryRetryableMessageHint
BCK.ENTITLEMENTS.0001403businessResource cap reached for your current workspace. Upgrade to unlock higher limits.The active workspace (personal or Premium org) has hit its agent/plan cap. Response params.cap and params.current carry the limit and current count; switch workspaces, deactivate unused resources, or upgrade the org tier to lift the cap.
BCK.ENTITLEMENTS.0002403businessOrganization is not active. Reactivate the subscription before creating new resources.The target workspace has a lapsed subscription (paid period ended without renewal, or admin override). Existing resources remain visible but new agents/plans cannot be registered until the org is reactivated via the Billing page.

BCK.GUEST

CodeHTTPCategoryRetryableMessageHint
BCK.GUEST.0001400validationInvalid guest account requestCheck the request body — guest provisioning requires either fingerprint or externalId.
BCK.GUEST.0002500businessFailed to provision guest accountInspect the underlying error in logs. Guest provisioning failed mid-way — usually a DB-layer or Privy issue.

BCK.INVITATIONS

CodeHTTPCategoryRetryableMessageHint
BCK.INVITATIONS.0001422businessSeat cap reached: cannot invite more members to this organizationThe seat cap (members + pending invitations) for this tier has been reached. Remove pending invitations, deactivate inactive members, or upgrade the tier to invite more seats.
BCK.INVITATIONS.0002409businessA pending invitation already exists for this email in the organizationRevoke the existing invitation (or wait for the invitee to accept it) before sending a new one. Resending overwrites the role; revoking removes it entirely.
BCK.INVITATIONS.0003404businessInvitation token is invalid or has expiredInvitations expire 7 days after creation. Ask the org Admin to resend the invitation, which mints a fresh token.
BCK.INVITATIONS.0004403businessEmail mismatch: the invitation was sent to a different email addressSign in with the email address the invitation was sent to. Invitations are bound to a specific email and cannot be redirected.
BCK.INVITATIONS.0005400validationRole not allowed: only Admin and Member roles are permitted for invitationsPass role=Admin or role=Member. Other role values (e.g. Owner) are not assignable via invitation.
CodeHTTPCategoryRetryableMessageHint
BCK.LEGAL_DOCS.0001404businessUnknown legal documentVerify the legal-document slug (terms, privacy, etc.). Unknown slugs are rejected to surface typos early.
BCK.LEGAL_DOCS.0002404businessUnknown legal document versionVerify the document version. Unknown versions are rejected; ask the admin to publish the version first.
BCK.LEGAL_DOCS.0003422businessSubmitted legal document version is not the current effective versionSubmit consent against the current effective version. The version in the request is older or newer than what the system is currently asking for.
BCK.LEGAL_DOCS.0004412businessLegal consent is required for the current document versionsHave the user accept the current legal documents before retrying. The endpoint is gated on up-to-date consent.
BCK.LEGAL_DOCS.0005401businessAuthenticated request without a resolvable user identityAuthenticate the caller (Privy/wallet) before retrying. The request reached the endpoint without a resolvable user identity.
BCK.LEGAL_DOCS.0006400businessNo wallet linked to the authenticated Privy accountLink a wallet to the Privy account before retrying. Legal consent must be bound to an on-chain identity.

BCK.METRIC

CodeHTTPCategoryRetryableMessageHint
BCK.METRIC.0001500integrationError registering asset accessInspect the underlying error in logs. Asset-access metric write failed — usually a DB/queue layer issue. Metrics are best-effort; the user request still completed.
BCK.METRIC.0002404integrationError search asset metricsVerify the asset DID and that metrics retention has not pruned the rows. Empty metric lookups return 404 by design.
BCK.METRIC.0003404integrationError getting info from metrics service forInspect the underlying error in logs. Upstream metrics service did not respond — verify the metrics service URL and that it is reachable from the API.
BCK.METRIC.0004500integrationError getting balance for accountInspect the underlying error in logs. Account-balance metric query failed — usually a DB or chain-RPC issue.
BCK.METRIC.0005500integrationError getting total hits for accountInspect the underlying error in logs. Hits-counter aggregation query failed — usually a DB-layer error.

BCK.NOTIF

CodeHTTPCategoryRetryableMessageHint
BCK.NOTIF.0001404integrationUnable to find notification by idVerify the notification id. The notification may have been deleted or never existed.
BCK.NOTIF.0002404integrationError searching for notificationsInspect the underlying error in logs. Notification search failed — usually a DB-layer error or invalid query filter.
BCK.NOTIF.0003500integrationError updating notificationInspect the underlying error in logs. Notification update failed — usually a DB-layer error.
BCK.NOTIF.0004500integrationError updating notification read statusInspect the underlying error in logs. Notification read-status update failed — usually a DB-layer error.
BCK.NOTIF.0005500integrationError deleting notificationInspect the underlying error in logs. Notification deletion failed — usually a DB-layer error.
BCK.NOTIF.0006404integrationError searching for notifications filtered by receiverVerify the receiver address. Empty result sets surface as 404 by design.
BCK.NOTIF.0007500integrationResend API Key or Email Sender not setConfigure RESEND_API_KEY and EMAIL_SENDER in the deployment env. Email notifications are disabled until both are present.
BCK.NOTIF.0008500integrationError sending email notificationInspect Resend dashboard logs for the sender/recipient in params. Common causes: invalid recipient address, domain not verified, or quota exhaustion.
BCK.NOTIF.0009401integrationThe user doesnt own this notificationAuthenticate as the notification owner before retrying. Notifications are scoped to a single recipient.

BCK.OAUTH

CodeHTTPCategoryRetryableMessageHint
BCK.OAUTH.0001404authOAuth resource not foundVerify the agentId or client identifier in the OAuth request.
BCK.OAUTH.0002400authInvalid OAuth requestCheck the request parameters — typically the redirect_uri, scope, or grant_type does not match the registered client. Prefer the more specific BCK.OAUTH.0003-0006 siblings at new throw sites.
BCK.OAUTH.0003400businessNo payment plans available for agentThe target agent has no published plans the caller can purchase. Publish a plan first, or pass an explicit plan_id that the caller already owns.
BCK.OAUTH.0004400authInvalid or expired authorization codeAuthorization codes are single-use and short-lived. Restart the flow from /authorize to obtain a fresh code, and ensure the code_verifier matches the original PKCE code_challenge.
BCK.OAUTH.0005400authResource mismatch between token request and authorization codeThe resource parameter on /token does not match the value bound to the authorization code. Resend with the same resource you used on /authorize.
BCK.OAUTH.0006400authUser profile not found for the authorization codeThe user bound to the authorization code no longer exists in our DB (deleted profile, or environment mismatch). Restart the flow with a valid signed-in user.
BCK.OAUTH.0007400authAuthorize endpoint requires an authenticated userThe POST /oauth/authorize endpoint expects a signed-in user (NVM API key hash or Privy identity token). Authenticate before requesting an authorization code.

BCK.OBSERVABILITY

CodeHTTPCategoryRetryableMessageHint
BCK.OBSERVABILITY.0001500integrationError fetching observability data from HeliconeInspect Helicone dashboard logs for the request id in params. Common causes: invalid filter, expired token, or a transient Helicone outage.
BCK.OBSERVABILITY.0002400integrationInvalid response from Helicone APIInspect Helicone dashboard logs. Helicone returned a payload our parser rejected — usually a schema mismatch after a Helicone API change.
BCK.OBSERVABILITY.0003401integrationUnauthorized access to Helicone APIRefresh HELICONE_API_KEY in the deployment env. The current key is missing, revoked, or scoped to a different workspace.
BCK.OBSERVABILITY.0004429integrationRate limit exceeded for Helicone APIBack off and retry. Helicone is rate-limiting our API key; consider increasing the plan limit or batching requests.
BCK.OBSERVABILITY.0005502integrationHelicone API service unavailableInspect Helicone status page. The upstream Helicone API is unavailable; retry after a backoff.

BCK.ORGANIZATIONS

CodeHTTPCategoryRetryableMessageHint
BCK.ORGANIZATIONS.0001500businessError creating organization memberInspect the underlying error in logs. Member-create failed — usually a DB-layer constraint (duplicate membership, FK violation).
BCK.ORGANIZATIONS.0002500businessError getting organization membersInspect the underlying error in logs. Members lookup failed — usually a DB-layer error.
BCK.ORGANIZATIONS.0003500businessError saving organization brandingInspect the underlying error in logs. Branding persistence failed — usually a storage-layer error for the uploaded logo, or a DB-layer error for the colour palette.
BCK.ORGANIZATIONS.0004500businessError updating organizationInspect the underlying error in logs. Organization update failed — usually a DB-layer error or validation reject on the new fields.
BCK.ORGANIZATIONS.0005500businessError creating organizationInspect the underlying error in logs. Organization-create failed — usually a DB-layer error or a duplicate slug/name.
BCK.ORGANIZATIONS.0006500businessError creating organization with first adminThe two-step bootstrap (create org + add first admin) failed. Check the underlying error in logs; the org may have been created without the admin link.
BCK.ORGANIZATIONS.0007500authLogin failed for organizationInspect the underlying error in logs. Org login failed — typically a misconfigured Privy app id or membership lookup error.
BCK.ORGANIZATIONS.0008403businessUser is already a member of the organizationThe membership already exists. Read the membership instead of recreating it, or change the role via the update endpoint.
BCK.ORGANIZATIONS.0009403businessUser is not a member of the organizationAdd the user as a member before performing membership-scoped operations.
BCK.ORGANIZATIONS.0010500businessFailed to update organization memberInspect the underlying error in logs. Member-update failed — usually a DB-layer error.
BCK.ORGANIZATIONS.0011404businessOrganization not foundVerify the orgId. Soft-deleted organizations also surface as not-found.
BCK.ORGANIZATIONS.0012500businessFailed to deactivate organizationInspect the underlying error in logs. Org deactivation failed — usually a DB-layer error.
BCK.ORGANIZATIONS.0013500businessFailed to retrieve updated organizationInspect the underlying error in logs. The post-update re-read returned nothing — the row may have been deleted between the update and the read.
BCK.ORGANIZATIONS.0014403businessUser already belongs to another organizationA user can only belong to one organization at a time. Remove the user from the current organization before adding them to a new one.
BCK.ORGANIZATIONS.0015500integrationFailed to look up organization (database error)Repository.findOne returned a driver/connection error rather than null. Inspect the cause field on the server log; if the database is up, this is likely a query timeout or connection-pool exhaustion. Distinct from BCK.ORGANIZATIONS.0011, which signals a confirmed not-found result.
BCK.ORGANIZATIONS.0016404businessOrganization customer not foundVerify the customerId is correct and belongs to the organization in the URL. Customers are scoped per-org; a customer that exists in another org will surface as not-found here.
BCK.ORGANIZATIONS.0017422businessCannot remove the last admin from the organizationAn organization must always have at least one active admin. Promote another member to Admin (or invite a new one) before demoting, deactivating, or removing the last admin.
BCK.ORGANIZATIONS.0018404businessOrganization member not foundVerify the memberId (the OrganizationMember row PK) and that it belongs to the orgId in the URL. Deactivated members still exist; truly removed members return 404.
BCK.ORGANIZATIONS.0019403businessCustomer management is not available for this organization tierViewing organization customers requires the Enterprise tier. Upgrade the organization to Enterprise to access the customers tab and per-customer activity. (Customers are still tracked on every tier — only the view is gated.)
BCK.ORGANIZATIONS.0020403businessActivity feed is not available for this organization tierThe activity feed is a Premium+ feature. Upgrade the organization to Premium or Enterprise to access the activity log.
BCK.ORGANIZATIONS.0021403businessOutbound webhooks are not available for this organization tierOutbound webhooks are a Premium+ feature. Upgrade the organization to Premium or Enterprise to subscribe to org events from external systems.
BCK.ORGANIZATIONS.0022403businessAnalytics are not available for this organization tierThe analytics dashboard is a Premium+ feature. Upgrade the organization to Premium or Enterprise to access revenue, customer, and agent-usage metrics.
BCK.ORGANIZATIONS.0023404businessWebhook subscription not foundVerify the subscription id and that it belongs to the orgId in the URL. Deleted subscriptions return 404.
BCK.ORGANIZATIONS.0024422validationInvalid webhook URL: must be a valid URL with http or https schemeProvide an absolute URL with an http:// or https:// scheme. Schemes like ftp:// or relative URLs are rejected.
BCK.ORGANIZATIONS.0025422validationWebhook URL must use HTTPS in production environmentsWebhook URLs in live environments must use HTTPS so the signed payload cannot be intercepted in transit. Use HTTPS, or test against the sandbox environment which permits HTTP for local development.
BCK.ORGANIZATIONS.0026404businessWebhook delivery not foundVerify the deliveryId. Old deliveries may be pruned by the retention job; check the activity feed for the parent event instead.
BCK.ORGANIZATIONS.0027404businessWebhook delivery not found in this organizationThe delivery exists but belongs to a different organization. Use the orgId that owns the delivery, or call this endpoint as a member of that org.
BCK.ORGANIZATIONS.0028404businessUser organisation info not foundThe user exists but has no membership matching the requested environment. Verify the userId and environment query param.
BCK.ORGANIZATIONS.0029400validationRole transition not permitted: only Admin and Member roles are assignablePass role=Admin or role=Member. Other role values (Owner, Client, etc.) are not supported via this endpoint.
BCK.ORGANIZATIONS.0030400authRequired caller identity is missing from the requestThe userId/address fields populated by the auth guards were absent. This typically means the guard chain has been misconfigured — the endpoint should be reachable only after auth.
BCK.ORGANIZATIONS.0031403businessRealtime event streaming is not available for this organization tierThe realtime (WebSocket) activity stream is an Enterprise-only feature. Upgrade the organization to Enterprise to manage WebSocket secrets and subscribe to the live event stream.
BCK.ORGANIZATIONS.0032404businessWebSocket secret not foundNo WebSocket secret with that id exists for the current member in this organization. It may have already been deleted, or belongs to a different member.

BCK.ORG_INTEGRATION

CodeHTTPCategoryRetryableMessageHint
BCK.ORG_INTEGRATION.0001404businessOrganization not found or not eligible for agentic integrationThe org id either does not exist, is inactive, or does not have an active paid subscription. Only Premium and Enterprise orgs expose agentic integration files.
BCK.ORG_INTEGRATION.0002500internalFailed to render organization integration documentInspect the underlying error in logs. The integration template rendering failed — usually a missing template variable or a malformed organization metadata row.

BCK.PAYPAL

CodeHTTPCategoryRetryableMessageHint
BCK.PAYPAL.0001500integrationUnexpected error during PayPal/Braintree checkoutInspect the underlying error in logs. PayPal-via-Braintree checkout failed — usually a Braintree transaction reject or PayPal account restriction.

BCK.PLANS

CodeHTTPCategoryRetryableMessageHint
BCK.PLANS.0001500internalPlan lookup failed: plan with the given entryId not found in service layerThe service-layer findOneById returned null. Original behaviour was a generic 500; consumer code that needs 404 semantics should use BCK.PROTOCOL.0003.

BCK.POINT

CodeHTTPCategoryRetryableMessageHint
BCK.POINT.0001401businessUser with address is not allowed to accessVerify the caller wallet is a registered user. The points endpoints require a user-profile row to attribute accruals.
BCK.POINT.0002404businessUser with id not foundVerify the user id. The user may have been deleted or never existed.
BCK.POINT.0003404businessUnable to search user pointsVerify the user id and that points retention has not pruned the rows. Empty per-user point lookups surface as 404.
BCK.POINT.0004404businessUnable to search event pointsVerify the event id. Empty per-event point lookups surface as 404.
BCK.POINT.0005404businessUnable to find user points aggregatedVerify the user id. Empty aggregated lookups surface as 404.
BCK.POINT.0006404businessPoints rule not foundVerify the ruleId. Empty rule lookups surface as 404; rules may be disabled or removed.
BCK.POINT.0007403businessPoints rule recurrency exhausted for userThe rule allows only one (or N) accruals per user; the cap has been reached.
BCK.POINT.0008500internalPoints rule recurrency type not implementedThe rule references an unimplemented recurrency type. Update points.rules.ts to use one of: onlyonce, timeslimitted, onceperitem, capday, capweek, capmonth.
BCK.POINT.0009500internalNo points rule matches the supplied price/roleThe price/role tiers in points.rules.ts are exhaustive for non-negative inputs; reaching this code typically means a negative or otherwise unexpected price was supplied. The status is 500 to preserve the original “throw new Error” behaviour from before #1538; a follow-up (tracked in the Wave-B issue) will demote this to 400 and add input validation at the API boundary.
BCK.POINT.0010403businessUnsupported points cap recurrency typeThe rule references a cap recurrency variant that the engine does not recognise. Update the rule to one of capday/capweek/capmonth.
BCK.POINT.0011403businessPoints rule (onlyonce) already accrued by this userThe rule allows exactly one accrual per user and the user already received their share. No retry will succeed.
BCK.POINT.0012403businessPoints rule (timeslimitted) per-user lifetime cap reachedThe rule allows at most rule.cap accruals per (user, rule); the user has reached that ceiling and the cap does not reset. Note: the throw-site details line may mention an item reference for historical reasons — the check is per-user, not per-item. Per-item semantics live in BCK.POINT.0013 (onceperitem).
BCK.POINT.0013403businessPoints rule (onceperitem) already accrued for this itemThe user already received points for this specific item/reference. Try a different item.
BCK.POINT.0014403businessPoints rule (capday/week/month) time-window cap exhaustedThe user reached the cap for this rule within the current time window (day/week/month). Wait for the window to roll over.
BCK.POINT.0015500internalNo subscription-price points rule for the supplied pricegetRuleIdBySubscriptionPrice() saw a price the tier table does not cover — typically a negative value. Add input validation at the API boundary.
BCK.POINT.0016500internalNo crypto-seller points rule for the supplied pricegetRuleIdByCryptoSellerPrice() saw a price the tier table does not cover.
BCK.POINT.0017500internalNo crypto-buyer points rule for the supplied pricegetRuleIdByCryptoBuyerPrice() saw a price the tier table does not cover.
BCK.POINT.0018500internalNo fiat-seller points rule for the supplied pricegetRuleIdByFiatSellerPrice() saw a price the tier table does not cover.
BCK.POINT.0019500internalNo fiat-buyer points rule for the supplied pricegetRuleIdByFiatBuyerPrice() saw a price the tier table does not cover.

BCK.PROTOCOL

CodeHTTPCategoryRetryableMessageHint
BCK.PROTOCOL.0001500integrationUnable to register payment planInspect the underlying error in logs. Payment-plan registration failed at protocol or SDK layer — usually a chain revert or missing token approval.
BCK.PROTOCOL.0002500integrationUnable to register agentInspect the underlying error in logs. Agent registration failed at protocol or SDK layer — usually a chain revert or duplicate agentId.
BCK.PROTOCOL.0003404integrationUnable to get payment plan by planIdVerify the planId. The plan may have been removed at the protocol side or never registered. Sandbox/live mismatches surface here too.
BCK.PROTOCOL.0004404integrationUnable to get agent by agentIdVerify the agentId. The agent may have been removed at the protocol side or never registered. Sandbox/live mismatches surface here too.
BCK.PROTOCOL.0005500integrationError ordering planInspect the underlying error in logs. Plan ordering failed — usually insufficient balance, expired plan, or chain revert.
BCK.PROTOCOL.0006500integrationError getting balance of planInspect the underlying error in logs. Balance retrieval reverted — verify the planId and that the chain RPC is reachable.
BCK.PROTOCOL.0007500integrationError minting planInspect the underlying error in logs. Credit minting reverted — verify the planId, credit type, and the minter role on the protocol contract.
BCK.PROTOCOL.0008500integrationError deleting plan from agentInspect the underlying error in logs. The agent→plan unlink call reverted — verify the caller owns both the agent and the plan.
BCK.PROTOCOL.0009500integrationError adding plan to agentInspect the underlying error in logs. The agent→plan link call reverted — verify the caller owns both the agent and the plan.
BCK.PROTOCOL.0010403integrationInvalid credits typeProvide one of the valid credit types: FIXED, DYNAMIC, EXPIRABLE. Other strings are rejected by the protocol layer.
BCK.PROTOCOL.0011402integrationInsufficient balanceTop up the buyer balance (USDC/EURC/USD/EUR depending on plan currency) before retrying. The protocol reverted because the order amount exceeds the wallet balance.
BCK.PROTOCOL.0012500integrationError updating agentInspect the underlying error in logs. Agent metadata update reverted — verify the caller owns the agent and the new metadata is well-formed.
BCK.PROTOCOL.0013500integrationError updating planInspect the underlying error in logs. Plan metadata update reverted — verify the caller owns the plan and the new metadata is well-formed.
BCK.PROTOCOL.0014500integrationError de-activating agentInspect the underlying error in logs. Agent de-activation reverted — verify the caller owns the agent and it is not already inactive.
BCK.PROTOCOL.0015500integrationError de-activating planInspect the underlying error in logs. Plan de-activation reverted — verify the caller owns the plan and it is not already inactive.
BCK.PROTOCOL.0016401integrationThe user doesnt own this agentAuthenticate as the agent owner before retrying. Only the wallet that registered the agent can perform owner-scoped operations.
BCK.PROTOCOL.0017401integrationThe user doesnt own this planAuthenticate as the plan owner before retrying. Only the wallet that registered the plan can perform owner-scoped operations.
BCK.PROTOCOL.0018200integrationThe agent is already in the desired stateNo action required. The agent is already in the requested active/inactive state; the response carries the current state in params.
BCK.PROTOCOL.0019200integrationThe plan is already in the desired stateNo action required. The plan is already in the requested active/inactive state; the response carries the current state in params.
BCK.PROTOCOL.0020500integrationError redeming creditsInspect the underlying error in logs. Credit redemption reverted — verify the buyer holds enough credits and the plan permits redemption at this point.
BCK.PROTOCOL.0021500integrationError getting user plansInspect the underlying error in logs. The per-user plans query failed — usually a DB-layer or chain-RPC issue.
BCK.PROTOCOL.0022404integrationError getting user agentsVerify the user address. Empty per-user agent listings surface as 404; users with zero agents fall through this code.
BCK.PROTOCOL.0023404integrationError getting plan associated to agent. Agent not foundVerify the agentId. The agent may have been removed, or no plan is associated with it yet.
BCK.PROTOCOL.0024404integrationError getting agent associated to plan. Plan not foundVerify the planId. The plan may have been removed, or no agent is associated with it yet.
BCK.PROTOCOL.0025500integrationUnable to generate agent access tokenInspect the underlying error in logs. Agent access-token minting failed — verify the agent is registered and the requesting plan is active.
BCK.PROTOCOL.0026403integrationThe agent doesnt include the plan specifiedRe-link the plan to the agent (or use a different plan that is linked to this agent). Plans without an explicit link cannot grant access.
BCK.PROTOCOL.0027403integrationUnable to validate access tokenRe-mint the access token. The supplied token is expired, malformed, or signed by a key the API does not recognise.
BCK.PROTOCOL.0028403integrationInvalid agent ID in access tokenVerify the agentId encoded in the access-token claim matches the agent the caller is invoking. Cross-agent token use is rejected.
BCK.PROTOCOL.0029403integrationProof is required for this planAttach a signed proof to the request when ordering against this plan. The plan owner enabled proof-required for credit redemption.
BCK.PROTOCOL.0030403integrationInvalid proofRe-sign the proof. The proof signature does not validate against the registered signer or the proof payload does not match the request.
BCK.PROTOCOL.0031403integrationEndpoint not included in the agent apiAdd the endpoint to the agent metadata endpoints array (or call a registered endpoint). Only listed endpoints are reachable via the access token.
BCK.PROTOCOL.0032500integrationUnable to track access transactionInspect the underlying error in logs. The access-tx insert failed — usually a DB-layer or queue-layer error. Metrics are best-effort; the consumer request still completed.
BCK.PROTOCOL.0033403integrationYou do not have permission to track access transactions for this ownerAuthenticate as the agent or plan owner before retrying. Only owners can track access transactions for resources they own.
BCK.PROTOCOL.0034500integrationUnable to track access processor queue entryInspect the underlying error in logs. The processor-queue insert failed — usually a queue-layer error. Safe to retry idempotently.
BCK.PROTOCOL.0035500integrationUnable to track agent taskInspect the underlying error in logs. The agent-task tracking insert failed — usually a DB-layer or constraint issue.
BCK.PROTOCOL.0036500integrationUnable to track agent processor queue entryInspect the underlying error in logs. The agent-task processor-queue insert failed — usually a queue-layer error. Safe to retry idempotently.
BCK.PROTOCOL.0037404integrationAgent task not foundVerify the taskId and that it belongs to the caller agent. Task ids are scoped per-agent.
BCK.PROTOCOL.0038500integrationError updating agent taskInspect the underlying error in logs. Agent-task update failed — usually a state-transition guard rejection (the task is in a terminal state).
BCK.PROTOCOL.0039500integrationError redeeming credits and updating agent taskInspect the underlying error in logs. The combined redeem+update transaction failed mid-way — the DB row may be left inconsistent and need manual reconciliation.
BCK.PROTOCOL.0040500integrationUnable to register agent and planInspect the underlying error in logs. The combined register-agent-and-plan call failed — verify the caller owns both resources and the protocol contract is reachable.
BCK.PROTOCOL.0041403integrationThe user doesnt have a valid Stripe account enabledComplete Stripe Connect onboarding before publishing fiat plans. Until charges_enabled is true on the Connect account, plans cannot be sold for fiat.
BCK.PROTOCOL.0042403integrationEither amount or marginPercent must be provided, but not bothSend exactly one of amount or marginPercent on a DYNAMIC plan. The two fields are mutually exclusive — pick the pricing model that fits.
BCK.PROTOCOL.0043403integrationPlan does not have valid price configuration for margin calculation. Credits type must be DYNAMIC.Re-publish the plan with credits.type=DYNAMIC and the required margin/cost configuration. Margin calculations are only valid for DYNAMIC plans.
BCK.PROTOCOL.0044404integrationNo Helicone request found for agent request IDVerify the Helicone request id and that the agent invocation actually fired through the Helicone proxy. Stale ids and proxied-off agents land here.
BCK.PROTOCOL.0045500integrationError getting all plansInspect the underlying error in logs. The list-all-plans query failed — usually a DB-layer error or pagination issue.
BCK.PROTOCOL.0046400integrationFiat plan price exceeds the maximum allowed ($999,999.99). Stripe does not support payment intents above this limit.Lower the plan price below $999,999.99 (Stripe payment-intent cap). Higher-value sales must go through Stripe Connect transfers or off-platform settlement.
BCK.PROTOCOL.0047400integrationFiat plan price is below the minimum allowed ($1.00). Lower prices do not cover the payment-processor fixed fee.Raise the plan price to at least $1.00. Lower prices do not cover the payment-processor fixed fee and would settle at a loss.
BCK.PROTOCOL.0048400businessPlan and agent must belong to the same organization. A Personal plan cannot be linked to an organization agent (and vice versa); plans owned by one organization cannot be linked to agents owned by a different organization.Either move the plan or the agent so both belong to the same organization (or both to the same Personal account). Cross-org and personal-vs-org links are rejected by design.
BCK.PROTOCOL.0049500integrationOn-chain submit returned without a transaction hashThe chain broadcast call succeeded at the SDK boundary but did not return a tx hash. Treat as an SDK-shape drift; the dead-letter accounting flags the row so it can be re-tried after investigation.
BCK.PROTOCOL.0050400businessFiat plans cannot be ordered through this endpoint. Use the x402 card-delegation settle flow (POST /api/v1/x402/settle) so the buyer card delegation can be charged before credits are provisioned.This endpoint settles stablecoin (crypto) plans only. For fiat / nvm:card-delegation plans, register a card delegation and call /api/v1/x402/settle — that path charges the card BEFORE credits are provisioned in the off-chain ledger. On-chain mirroring (when the plan opts in) happens asynchronously after settlement; do not assume synchronous on-chain finality.

BCK.STRIPE

CodeHTTPCategoryRetryableMessageHint
BCK.STRIPE.0001400integrationError creating Stripe accountInspect Stripe dashboard logs for the request id we return in params. Account creation failed at the Stripe side — usually a missing legal entity or invalid country.
BCK.STRIPE.0002400integrationError creating Stripe checkout sessionInspect Stripe dashboard logs for the request id we return in params. Checkout session creation failed — verify the plan’s priceId is live and the Connect account is fully onboarded.
BCK.STRIPE.0003400integrationError creating Stripe payment intentInspect Stripe dashboard logs for the request id we return in params. PaymentIntent creation failed — usually an invalid currency/amount or missing customer.
BCK.STRIPE.0004500integrationError processing Stripe account webhook for updating an accountInspect the underlying error and the Stripe event id in params. The webhook handler failed; the event will be retried by Stripe.
BCK.STRIPE.0005400integrationError processing Stripe connect webhookInspect the underlying error and Stripe event id in params. The Connect webhook handler rejected the payload — usually a schema mismatch or unsupported event type.
BCK.STRIPE.0006500integrationError processing Stripe checkout event with errorInspect the underlying error and Stripe event id in params. The checkout-completed handler failed; manual reconciliation may be needed for the buyer.
BCK.STRIPE.0007400integrationInvalid input paramsVerify the request body matches the endpoint schema. Common cause: missing planId or zero amount.
BCK.STRIPE.0008400integrationStripe event not handledStripe sent an event type this deployment does not handle. Safe to ignore unless the event is one we expect to act on — in which case add the handler.
BCK.STRIPE.0009400integrationThe plan indicated is not valid for Stripe paymentVerify the planId references a fiat plan with a configured Stripe priceId. Crypto-only plans cannot be paid via Stripe.
BCK.STRIPE.0010400integrationThe plan is not a Fiat planUse a fiat plan for Stripe checkout. Crypto plans must be paid through the on-chain flow (/protocol/order or x402).
BCK.STRIPE.0011400integrationError calculating plan checkout priceInspect the underlying error and the planId in params. Checkout-price computation failed — usually a missing/invalid price metadata or platform-fee config.
BCK.STRIPE.0012400integrationThe account selling the plan is not properly configured to accept Stripe paymentsThe plan seller must complete Stripe Connect onboarding (charges_enabled + payouts_enabled). Until then their plans cannot be sold via Stripe.
BCK.STRIPE.0013400integrationPayment intent not succeededThe Stripe PaymentIntent is not in a terminal success state. Check status in the Stripe dashboard; if it is processing, retry after the webhook lands.
BCK.STRIPE.0014400integrationInvalid payment amount from payment intentThe PaymentIntent amount does not match the expected plan price. Verify currency and amount on the Stripe side; mismatched currencies are the most common cause.
BCK.STRIPE.0015400integrationCustomer not foundVerify the Stripe customerId. The customer may have been deleted in the Stripe dashboard or never created for this user.
BCK.STRIPE.0016400integrationSubscription not foundVerify the Stripe subscriptionId. The subscription may have been canceled and pruned, or belong to a different account/environment.
BCK.STRIPE.0017400integrationInvoices not foundVerify the Stripe subscription/customer reference. No invoices were found for the requested filters.
BCK.STRIPE.0018400integrationError retrieving Stripe payment metadataInspect Stripe dashboard logs for the request id we return in params. PaymentIntent metadata retrieval failed — usually a transient Stripe API issue.
BCK.STRIPE.0019400integrationError retrieving Stripe balanceInspect Stripe dashboard logs for the request id we return in params. Balance retrieval failed — usually a Connect-account configuration or scope issue.
BCK.STRIPE.0020500integrationError canceling subscriptionInspect Stripe dashboard logs for the request id we return in params. Subscription cancellation failed — verify the subscription belongs to the right Connect account.
BCK.STRIPE.0021400integrationUnable to create Stripe subscriptionInspect Stripe dashboard logs for the request id we return in params. Subscription create failed — usually a missing customer default payment method or invalid price.
BCK.STRIPE.0022424integrationThe settlement could not be executed because the seller account has not properly configured the payment service provider (Stripe)The plan seller has not completed Stripe Connect onboarding (charges_enabled is false). Ask the seller to finish onboarding before retrying the settlement.
BCK.STRIPE.0023503integrationTransient failure while looking up the seller payment service provider configurationInspect the underlying error in logs. The seller PSP-configuration lookup failed transiently — retry; if it persists, check DB connectivity.
BCK.STRIPE.0024424integrationThe organization owning the plan you are trying to purchase has not configured its payment service provider (Stripe). Contact the organization to complete the setup before retrying the purchase.The plan is owned by an organization that has not connected Stripe (or has not completed Connect onboarding) for this environment. Surface the orgId / orgName carried in params so the buyer can identify the organization to contact.
BCK.STRIPE.0030500integrationApplication-fee true-up refund failed; row left Settled with the owed amount stored in providerMetadata.trueUpRefundOwedMicro for manual reconciliationThe Stripe application-fee true-up refund failed. The settlement row is left as Settled with the owed amount in providerMetadata.trueUpRefundOwedMicro for manual reconciliation through Stripe Dashboard.
BCK.STRIPE.0031500internalPrice conversion overflow when converting micro-units to centsThe plan price exceeds Number.MAX_SAFE_INTEGER after conversion. Lower the plan price or fix the unit boundary in convertMicroUnitsToCents.
BCK.STRIPE.0032500integrationStripe checkout: user profile not found for account eventThe Stripe account event referenced a user that no longer exists in our DB (deleted profile, or environment mismatch between live/sandbox). The webhook is marked permanent so Stripe stops retrying.
BCK.STRIPE.0033500integrationStripe account webhook handler failedGeneric catch-all for the account webhook handler — inspect the cause field for the underlying error and the params for eventId/stripeAccountId/userId.
BCK.STRIPE.0034500integrationStripe payment intent webhook handler failedGeneric catch-all for the payment intent webhook handler — inspect the cause and params.eventId.
BCK.STRIPE.0035500integrationStripe subscription invoice webhook handler failedGeneric catch-all for the subscription invoice (recurring) webhook handler — inspect the cause and params.eventId.
BCK.STRIPE.0036400businessStripe subscription creation: plan has no Stripe priceIdThe plan DDO is missing metadata.plan.priceId. Re-publish the plan with a Stripe price configured, or use the one-shot payment intent flow.
BCK.STRIPE.0037400integrationStripe subscription creation: no latest invoice on subscriptionThe newly-created subscription did not return a latest_invoice. Retry once; if it persists, check Stripe dashboard for the subscription state.
BCK.STRIPE.0038400integrationStripe subscription creation: no payment intent on subscriptionThe subscription invoice did not yield a payment_intent. This usually means the customer has no default payment method. Confirm the SetupIntent has succeeded before creating the subscription.
BCK.STRIPE.0039400businessNo Stripe account connectedThe authenticated user has no personal Stripe account and belongs to no organization with one connected. Connect a Stripe account (Profile or Organization → Details) before requesting the account balance.

BCK.STRIPE.CONNECT

CodeHTTPCategoryRetryableMessageHint
BCK.STRIPE.CONNECT.0001503integrationStripe Connect is not configuredSTRIPE_CONNECT_CLIENT_ID is unset. Configure Stripe Connect credentials in the environment before enabling Connect features.
BCK.STRIPE.CONNECT.0002400integrationStripe OAuth token exchange failedInspect Stripe dashboard logs for the request id we return in params. The OAuth code exchange failed — usually a mismatched redirect_uri or expired code.
BCK.STRIPE.CONNECT.0003400integrationStripe OAuth response missing stripe_user_idStripe returned a successful OAuth response without stripe_user_id. Treat as a Stripe API anomaly and restart the OAuth flow.
BCK.STRIPE.CONNECT.0004400integrationStripe account environment does not match platform environmentThe connected account is in a different Stripe environment (sandbox vs live) than the platform. Re-connect using the platform’s matching environment.
BCK.STRIPE.CONNECT.0005404integrationUser profile not found for Stripe Connect updateVerify the user-profile id in params. The OAuth callback fired for a user that no longer has a profile row — likely a deleted account.

BCK.TRANSCODING

CodeHTTPCategoryRetryableMessageHint
BCK.TRANSCODING.0001404integrationUGC not foundVerify the UGC asset id. The asset may have been deleted, or transcoding has not finished yet for newly uploaded media.
BCK.TRANSCODING.0002404businessTranscoded asset not found for the given UGC idVerify the UGC id in params. The queue row may have been pruned, or the upload never reached the transcoder.
BCK.TRANSCODING.0003500integrationTranscoding failed for UGC assetInspect the underlying error in logs. The transcoder marked this asset Errored — usually a codec/format issue or storage failure. Re-upload after fixing the source.
BCK.TRANSCODING.0004503integrationTranscoding is still in progress for UGC assetThe transcoder has not finished encoding this asset. Retry after a short backoff; the worker typically completes within seconds for small assets.

BCK.TXS

CodeHTTPCategoryRetryableMessageHint
BCK.TXS.0001404integrationError searching asset transactions by idVerify the asset/transaction id. Empty transaction lookups return 404 by design.
BCK.TXS.0002404integrationError searching asset consumer transactionsVerify the consumer address and asset id. Empty result sets return 404 by design.
BCK.TXS.0003404integrationError searching distintc asset transactionsVerify the asset id. Empty distinct-asset transaction lookups return 404.
BCK.TXS.0004404integrationError searching plan transactionsVerify the planId. Empty plan-transaction lookups return 404 by design.
BCK.TXS.0005404integrationError searching asset transactions grouped by ownerVerify the owner address. Empty owner-grouped transaction lookups return 404.
BCK.TXS.0006404integrationError gathering DDO InfoVerify the DID is well-formed and registered. DDO resolution failures bubble up as 404 here.
BCK.TXS.0007404integrationError getting active users for ownerVerify the owner address. Empty active-users lookups return 404 by design.
BCK.TXS.0008404integrationError getting total API calls for ownerVerify the owner address. Empty total-calls lookups return 404 by design.
BCK.TXS.0009404integrationError getting total revenue for ownerVerify the owner address. Empty total-revenue lookups return 404 by design.
BCK.TXS.0010404integrationError getting dashboard metrics for ownerVerify the owner address. Empty dashboard-metrics lookups return 404 by design.

BCK.USER_PROFILE

CodeHTTPCategoryRetryableMessageHint
BCK.USER_PROFILE.0001500internalUser profile not foundA profile lookup returned null where a row was expected. Two known throw sites: DTO mappers asserting a non-null entity, and the org-tier bootstrap requiring the node-account system user. Inspect the throw-site details for the specific context. Legacy callers depended on this surfacing as 500; the canonical “user profile not found for caller-supplied identifier” lookup-not-found semantics live in BCK.USER_PROFILE.0002 (404).
BCK.USER_PROFILE.0002404businessUser profile not foundVerify the user identifier. The profile may have been disabled or never created.
BCK.USER_PROFILE.0003400validationNo wallet linked to the authenticated Privy accountComplete wallet linkage in the Privy flow before calling endpoints that require a smart-account address (dashboards, profile reads, etc.).
BCK.USER_PROFILE.0004400businessUser profile already exists for this addressUse the PATCH endpoint to update an existing profile, or call POST with a different address. Profiles are unique per wallet.

BCK.VISA

CodeHTTPCategoryRetryableMessageHint
BCK.VISA.0001503integrationVisa payment provider is not configuredVGS_* env vars are unset. Configure the VGS vault credentials before enabling Visa Agentic Token features.
BCK.VISA.0002502integrationVisa card enrollment failedInspect VGS dashboard logs for the enrollment id in params. Common causes: invalid card details, sanctions/AVS reject, or vault routing.
BCK.VISA.0003502integrationVisa mandate creation failedInspect VGS dashboard logs for the mandate id in params. Mandate creation may fail when consumerPrompt/assuranceData are missing or the card is non-eligible.
BCK.VISA.0004502integrationVGS cryptogram issuance failedInspect VGS dashboard logs for the cryptogram request id in params. Common causes: vault session expired, card revoked, or merchant data mismatch.
BCK.VISA.0005400integrationInvalid VGS webhook signatureVerify the VGS_WEBHOOK_SECRET in env matches the secret configured in VGS dashboard. Replayed or forged webhooks land here.
BCK.VISA.0006502integrationVGS OAuth2 client_credentials request failedInspect VGS dashboard logs. The OAuth2 client_credentials call failed — usually expired credentials or the wrong VGS_BASE_URL.
BCK.VISA.0007502integrationStripe settlement of Visa virtual card failedInspect Stripe dashboard for the PaymentIntent id in params. The Stripe settlement of the VGS-issued virtual card failed at the Stripe side.
BCK.VISA.0008400integrationUser has no email on file (required for Visa enrolment)Capture or update the user email before retrying Visa enrolment. Visa requires a deliverable email for the cardholder.
BCK.VISA.0009422integrationVisa mandate (intent) not provisioned for this delegationRe-issue the delegation via the Visa flow so a mandate (Visa intent) is provisioned. Without it the card cannot be used for spending.
BCK.VISA.0010404integrationVGS webhook references unknown cardVerify the VGS payload references a card our DB has registered. Stale or cross-environment webhooks land here.
BCK.VISA.0011400integrationVGS webhook payload malformedInspect the underlying VGS payload structure. Required fields are missing or have the wrong shape — usually a VGS API version mismatch.
BCK.VISA.0012400integrationVGS webhook revoke event missing card identifierThe revoke webhook is missing the card identifier we need to flip our DB state. Inspect VGS to confirm the event payload and replay manually if needed.
BCK.VISA.0013500integrationUnable to process VGS webhookInspect the underlying error and webhook event id in params. The handler crashed mid-processing; VGS will retry the webhook.
BCK.VISA.0014400businessVisa delegation creation requires consumerPrompt and assuranceDataProvide both consumerPrompt and assuranceData when creating a Visa delegation. These are required by the Visa Trusted Agent Protocol.
BCK.VISA.0015400businessVisa delegation requires planId — mandate must bind to a single plan sellerProvide planId when creating a Visa delegation. Visa mandates must bind to a single plan seller for compliance with the Trusted Agent Protocol.
BCK.VISA.0016400businessPlan seller has not completed Stripe Connect onboarding required for Visa delegationsThe plan seller must complete Stripe Connect onboarding before accepting Visa delegations. Ask the seller to finish onboarding.
BCK.VISA.0017502integrationStripe Connect account lookup failed while resolving Visa merchant contextInspect Stripe dashboard logs for the connected account id in params. Connect account lookup failed transiently — retry; if it persists, check the seller’s Connect status.
BCK.VISA.0018409businessThis card is already enrolled to a different accountVGS Agentic Tokens are keyed on PAN globally — the same physical card resolves to the same tokenId regardless of which user enrols it. The card you tried to enrol is already on file under another account. Use a different card.
BCK.VISA.0019500internalVisa provider misconfigured for this environmentThe Visa provider is otherwise wired but VGS_AGENTIC_BROWSER_CLIENT_ID/SECRET are missing. The browser-token endpoint would silently fall back to the privileged backend service account in this state. Provision the narrower Client-Side Service Account or unset the Visa env vars to disable the provider. See VIS-011 in security audit 2026-05-27.

BCK.WIDGET

CodeHTTPCategoryRetryableMessageHint
BCK.WIDGET.0001500businessUnable to store widget configInspect the underlying error in logs. Widget config persistence failed — usually a DB-layer or storage-layer error.
BCK.WIDGET.0002404businessUnable to get widget config from idVerify the widget id. The widget may have been deleted or never created.
BCK.WIDGET.0003401businessThe user doesnt own this widgetAuthenticate as the widget owner before retrying. Only the wallet that created the widget can edit or delete its config.
BCK.WIDGET.0004500businessError updating widget configInspect the underlying error in logs. Widget update failed — usually a DB-layer error or validation reject on the new config.
BCK.WIDGET.0005500businessError deleting widget configInspect the underlying error in logs. Widget deletion failed — usually a DB-layer error.

BCK.WIDGET_KEYS

CodeHTTPCategoryRetryableMessageHint
BCK.WIDGET_KEYS.0001500internalWidget key generation failedInspect the underlying error in logs. Widget-key minting failed — usually a DB-write error.
BCK.WIDGET_KEYS.0002404authWidget key not foundVerify the widget-key id and that it belongs to the caller organisation. Revoked keys also surface as not-found.

BCK.WIDGET_SESSION

CodeHTTPCategoryRetryableMessageHint
BCK.WIDGET_SESSION.0001401authInvalid widget credentialsF-055: covers both “org has no active widget key” and “secret rejected”. The integrator backend must send the active wk_... secret as rawSecret in POST /widgets/session; if the org never generated a key, create one in the admin UI first. A single error code is returned so an attacker probing the public endpoint cannot distinguish the two cases.
BCK.WIDGET_SESSION.0003500authWidget JWT secret not configuredConfigure WIDGET_JWT_SECRET in the deployment env. The widget-session JWT signer requires this secret to be set.
BCK.WIDGET_SESSION.0004500authError creating widget session userInspect the underlying error in logs. Widget guest-user creation failed — usually a DB-layer error.
BCK.WIDGET_SESSION.0005401authInvalid or expired widget session tokenRe-issue the session token via the widget refresh endpoint. Session tokens are short-lived; expired tokens land here.
BCK.WIDGET_SESSION.0008401authWidget session token is missing required wallet claimReissue the session token after capturing the user wallet. Wallet-bound session features require the wallet claim.
BCK.WIDGET_SESSION.0009401authWidget session token is missing required apiKeyHash claimReissue the session token with the apiKeyHash claim populated. The widget runtime expects an apiKeyHash to attribute usage.
BCK.WIDGET_SESSION.0010401authWidget session token is missing required widgetKeyId claimReissue the session token with the widgetKeyId claim populated. The widget runtime expects a widgetKeyId for revocation checks.
BCK.WIDGET_SESSION.0011401authWidget key has been revoked or no longer existsGenerate a fresh widget key in the org admin UI. Revoked keys cannot resume existing sessions; the embed must be updated.
BCK.WIDGET_SESSION.0012403authOrigin not allowed for this widget keyAdd the requesting origin to the widget key’s allowed-origins list, or embed the widget from an approved origin.
BCK.WIDGET_SESSION.0013400authWidget session request is missing the required email fieldThe integrator backend must forward the end-user email in the email field of POST /widgets/session. Email is the canonical Nevermined identity for widget users.
BCK.WIDGET_SESSION.0018403authCard setup is only available to organization membersThe authenticated user has no active organization membership — POST /widgets/session/self is the org-scoped (members-only) widget path. To enroll a card or create a delegation as a buyer/agent, use the open embedded flow instead: POST /api/v1/embed/session (then open the embed app card-setup page with the returned sessionToken).
BCK.WIDGET_SESSION.0019403authorgId is not one of the caller’s organization membershipsPass an orgId the authenticated user is a member of — list your memberships via /organizations/my-memberships or the org switcher in the dashboard. To enroll a card or create a delegation as a buyer/agent (no org), use the open embedded flow: POST /api/v1/embed/session (then open the embed app card-setup page with the returned sessionToken).
BCK.WIDGET_SESSION.0020403authAgent or plan does not belong to the widget session’s organizationThe embed checkout can only purchase agents/plans owned by the organization the widget session was minted for. Verify the agentId/planId in the embed URL belongs to that organization.

BCK.X402

CodeHTTPCategoryRetryableMessageHint
BCK.X402.0001404businessAgent not foundVerify the agentId in the x402 facilitator-resource URL. Agents that are deactivated or in a different environment surface as not-found here.
BCK.X402.0002404businessPlan not foundVerify the planId in the x402 facilitator-resource URL. Plans that are deactivated or in a different environment surface as not-found here.
BCK.X402.0003400businessThe plan is not associated to the agentRe-link the plan to the agent before retrying, or use a different plan that is already linked. x402 requires an explicit (agent, plan) edge.
BCK.X402.0004500businessError generating X402 access tokenInspect the underlying error in logs. x402 access-token minting failed — usually a JWT signing key issue or an upstream chain RPC error.
BCK.X402.0005402businessInvalid access tokenMint a fresh access token via the x402 /generate-token endpoint. Expired or tampered tokens land here.
BCK.X402.0006500businessError verifying permissionsInspect the underlying error in logs. The verifyPermissions call failed — usually a transient DB error; retry once. Persistent failures may indicate a stale plan-permissions cache.
BCK.X402.0007500businessFailed to order Pay-as-you-go planInspect the underlying error in logs. Pay-as-you-go plan ordering failed — usually a delegation/credit issue on the buyer side or an upstream chain RPC error.
BCK.X402.0008500businessFailed to order crypto planInspect the underlying error in logs. Crypto plan ordering failed — usually a buyer balance/approval issue or a chain RPC revert.
BCK.X402.0009500businessFailed to redeem creditsInspect the underlying error in logs. Credit redemption failed mid-way — the buyer may have been charged but not credited; check the activity feed and reconcile manually if needed.
BCK.X402.0010400businessInvalid x402 access tokenMint a fresh access token via the x402 /generate-token endpoint. The supplied token is malformed or signed by an unknown key.
BCK.X402.0011404businessUser profile not foundVerify the buyer wallet has a user-profile row. New wallets must complete the signup flow before purchasing via x402.
BCK.X402.0012400businessresource.url is required when agentId is providedPass resource.url alongside agentId in the x402 settlement body. The URL is required for routing the settlement to the right merchant.
BCK.X402.0013400businessAccepted payment method does not match requirementsPass an accepted payment method that matches the plan’s configured currency/scheme. The combinations are documented per-plan in the plan metadata.
BCK.X402.0014400businessDelegation restricted to a different planReuse the delegation only with the planId it was originally bound to, or create a fresh delegation for the new plan. Visa mandates are plan-scoped.
BCK.X402.0015404businessPermission not foundThe permission record either has been revoked or never existed for this combination of (subscriber, plan, agent).
BCK.X402.0016400businessPermission is already revokedThe permission was already revoked. No further action required.
BCK.X402.0017500internalFailed to issue credits after card chargeThe card was charged successfully but the DB-side mint of credits failed. The charge is auto-refunded when the provider supports it; otherwise a failed_post_charge_* delegationTransactions row is left for manual reconciliation.
BCK.X402.0018500internalInvalid amountCents derived from orderA defensive arithmetic check in the erc4337 settlement path produced a non-finite or negative cents amount. Inspect the order amount and currency in params; this should never happen for legitimate orders.
BCK.X402.0019402businessDelegation not foundNo delegation with this id is owned by the caller — it either never existed or belongs to someone else (the two are intentionally indistinguishable). Verify the delegationId, or create a fresh delegation. Revoked/expired/exhausted delegations report BCK.X402.0020/0021/0022 instead.
BCK.X402.0020402businessDelegation is revokedThis delegation has been revoked and can no longer be used. Create a new card delegation to continue.
BCK.X402.0021402businessDelegation has expiredThe delegation passed its expiry. Create a fresh delegation with createDelegation (provider, currency, spendingLimitCents, durationSecs), then request a new token with delegationConfig: { delegationId }.
BCK.X402.0022402businessDelegation budget exhaustedThe delegation has reached its spending limit or maximum transaction count. Create a new delegation with a higher spendingLimitCents / maxTransactions to keep transacting.
BCK.X402.0023402businessDelegation budget insufficient for this orderThe remaining delegation budget is smaller than the cost of this order. Use a smaller order, or create a new delegation with a higher spendingLimitCents.
BCK.X402.0024402businessNo active permission found for the delegationThe delegation has no active permission backing it. Re-create the delegation so its permission and session keys are provisioned.
BCK.X402.0025402businessPermission has been revokedThe permission backing this token was revoked. Create a fresh delegation/permission and mint a new access token.
BCK.X402.0026402businessPermission has expiredThe permission backing this token expired. Create a fresh delegation/permission and mint a new access token.
BCK.X402.0027402businessPayment method not found or unusableNo usable payment method was found for this request. Add or re-enable a payment method in the dashboard, then retry — optionally passing its identifier via delegationConfig.providerPaymentMethodId or delegationConfig.cardId.
BCK.X402.0028402businessPayment method is revokedThe payment method has been revoked. Add or re-enable a payment method in the dashboard and retry with its identifier.
BCK.X402.0029402businessAPI key not authorized for this delegation or payment methodThe API key used is not in the allow-list for this delegation / payment method. Use an authorized API key, or update the payment method allowedApiKeyIds to include it.
BCK.X402.0030402businessRequired token-generation input is missing or incompleteA required input for issuing the access token is missing. Provide accepted.planId and a delegationConfig with { delegationId } — create the delegation first via createDelegation (provider and currency are required). Inline create-on-the-fly (delegationConfig without delegationId) is deprecated. The per-failure details names the specific missing field.
BCK.X402.0034402businessUnsupported scheme or currencyThe requested payment scheme or currency is not supported. Check the plan configured scheme/currency (e.g. Visa delegations support only usd / eur) and resubmit with a supported combination.
BCK.X402.0035402businessNo session keys found for delegationThe delegation is owned by the caller and usable, but its linked erc4337 permission is missing session keys (burnSessionKey / orderSessionKey). This is a data-integrity issue — the delegation was likely created without completing session-key provisioning. Create a fresh crypto delegation; if it recurs, report the delegationId for investigation.
BCK.X402.0036402businessDelegation not usable (unknown lifecycle state)The delegation is in a lifecycle state the server does not recognise as usable. Create a fresh delegation to continue; if this persists, report the delegationId for investigation.
BCK.X402.0037403businessSetupIntent does not belong to the authenticated userThe SetupIntent was created by (or for) a different user. Re-create the SetupIntent under the authenticated account and finalize enrollment with that id.
BCK.X402.0038409businessSetupIntent is not in the expected stateThe SetupIntent has not reached status “succeeded” (it may still be processing, or it failed). Confirm the card on the client, wait for “succeeded”, then finalize enrollment.
BCK.X402.0039422businessSetupIntent has no associated payment methodThe SetupIntent succeeded but carries no payment method. Re-run the card setup so a payment method is attached, then finalize enrollment.
BCK.X402.0040404businessAPI Key not found for this userOne of the supplied allowedApiKeyIds does not belong to this user (the offending skId is in params). Remove or correct it and retry.
BCK.X402.0041409businessAPI Key is not activeOne of the supplied allowedApiKeyIds is revoked/inactive (the offending skId is in params). Use an active key or re-enable it, then retry.
BCK.X402.0042500internalVGS outbound proxy is misconfiguredServer-side configuration fault (the VGS outbound proxy is unset, not HTTPS, has an invalid URL, or points at a non-VGS host). The caller did nothing wrong. Fix the VGS proxy configuration; if it persists, report the correlationId.
BCK.X402.0043502integrationCard enrollment via VGS failedThe upstream VGS→Stripe card-creation call returned bad data or a non-200 status. Inspect VGS / Stripe logs for the correlationId. Usually invalid card details or a vault-routing issue; retry after correcting the card, or report if it persists.
BCK.X402.0044500internalInvalid internal identifier formatAn internal invariant failed (a userId did not match the expected format for downstream metadata). This is a server-side fault, not a client input error. Report the correlationId for investigation.