Skip to main content

SDK error codes

Client errors

The table below lists all errors that are triggered from the Encap SCA SDK. We refer to these as client errors.

CodeError nameApplicable platformsDescription
100clientErrorOperationInProgressAndroid, iOSAnother operation is in progress. Wait for it to finish before issuing new requests.
101clientErrorConnectionFailureAndroid, iOSThe server could not be reached. This could be due to either:
  • The network being be down.
  • Firewall issues.
  • The server undergoing high loads.
Note: There is an exemption in the iOS localisation key. For this error, it is client.error.connection.
102clientErrorInvalidResponseAndroid, iOSThe server response could not be understood by the Encap API.

Example: This could be caused by internal server error, or a misconfigured reverse proxy.
105clientErrorInvalidInputFormatAndroid, iOSThe given input does not comply with the policy proposed by the Encap server.
106clientErrorNotActivatedAndroid, iOSThe client has not yet been activated, or was deactivated. This means that the operation was not preceded by a successful activate call.
109clientErrorUnexpectedAndroid, iOSAn unexpected error occurred on the client.
110clientErrorWrongStateAndroid, iOSThe attempted operation is not allowed in this state.

Example: The corresponding start operation needs to be performed before the finish operation.
111clientErrorConfigurationAndroid, iOSThere is a configuration error. This means that the attempted operation is not possible to perform with the current configuration.

Example: This could be caused by an incorrectly configured public key used for end-to-end encryption.
120clientErrorConnectionTimeoutAndroid, iOSThe request to the Encap server timed out.
121clientErrorNoInternetConnectionAndroid, iOSThere is no internet connection.
122clientErrorSecureConnectionCheckFailedAndroid, iOSThe secure connection check performed by the client failed.
127clientErrorInvalidAuthParametersiOSThe authentication parameters that were provided are invalid.
128clientErrorAuthMethodUnavailableAndroid, iOSThe authentication method is not supported or active.

Example: This could be caused by Touch ID being disabled.
129clientErrorAuthMethodNotAllowedAndroid, iOSThe authentication method is not activated or not supported for this operation
130clientErrorAuthenticationFailediOSBiometric authentication on the device has failed.
131clientErrorAuthenticationAbortediOSBiometric authentication on device was cancelled.
132clientErrorAuthDataInvalidatedAndroid, iOSThe authentication data was invalidated. Biometrics have been added or removed.
133clientErrorDowngradeDetectedAndroid, iOSThe API is not supported because it has been downgraded.

Note: To resolve the issue, you must either:
  • Deactivate locally.
  • Reinstall the app.
134EncapClientErrorRegistrationDataInvalidatediOSThe registration data is missing due to a backup or restore. This means that a local deactivation has been performed.
135clientErrorRegistrationDataTooOldAndroid, iOSThe registration data stored on the device was created with an outdated version of the Encap protocol.

This means that the client SDK version is new enough, but the device has not communicated with the Encap server in a significant amount time (three years before the introduction of the server version).

Note: It is not possible to perform an authentication without reactivation.
136clientErrorUnauthorizedAndroid, iOSThe server could not find a key pair matching the provided public key hash. You must ensure that the public key is correctly configured.
140clientErrorOfflineVersionNotSupportedAndroid, iOSThe provided verificationData is not supported by this version of the Encap API. This means that the client needs to be updated.
141clientErrorOfflineParsingFailedAndroid, iOSThe verificationData failed to be parsed, as at least one of the fields is missing or invalid.
150clientErrorTokenPurposeNotSupportedAndroid, iOSThe purpose for obtaining a token is not supported.
151clientErrorInvalidTokenAndroid, iOSThe provided Encap token is not valid, or it has expired.
152clientErrorInvalidRecoveryParametersAndroid, iOSOne of the provided recovery parameters is not valid.
153clientErrorRecoveryDataNotPresentAndroid, iOSRecovery data is not present in the backup. This could be because:
  • There are problems with backup/restore.
  • Recovery has not been added.
160clientErrorAppAttestNotSupportedInExtensioniOSApp attestation is not supported from the extension in REQUIRED mode. An authentication is required to be able to use this operation.
161clientErrorOperationNotAllowedInExtensioniOSThe current operation is not allowed from an extension.
170clientErrorCryptoAndroidAn internal crypto error occurred in the client. This could occur if the required crypto functionality is not available on the device.
171clientErrorIntegrityAndroidThe integrity check of the client data failed.

Example: This could be caused by data that has been tampered with.
172clientErrorStorageAndroid, iOSAn error occurred whilst reading/writing client data.

Example: This could be caused by limited storage capacity on the device.
174clientErrorStorageUnavailableiOSStorage is unavailable. Failed to read or write data.

Example: This could be caused by the device being locked.
175clientErrorStorageNeedSharedGroupiOSStorage is unavailable. Failed to read or write data.

Note:This happened because extension support is enabled, but the App Group is not available.
181clientErrorKeyUserNotAuthenticatedAndroidThe end-user was not authenticated with a biometric method strong enough to be used with the Android KeyStore. If possible, the end-user can attempt to recover by changing the preferred biometric method in the settings on the device.
182clientErrorBiometricAuthenticationAndroidA general error code for biometric authentication. This error indicates that there is a low-level encryption/decryption error of the data, involving the cipher and key protected by the biometrics.

Example: This could be caused by javax.crypto.IllegalBlockSizeException or javax.crypto.BadPaddingException. In this case, the data to be encrypted/decrypted is a random number named biometric salt. This is stored on file in shared preferences, and used in the authentication algorithm.
183clientErrorUniqueDeviceIdInvalidAlgorithmAndroidThe algorithm for getting the unique device identifier is unsupported.
184clientErrorUniqueDeviceIdAccessFailureAndroidA problem occurred when getting the unique device identifier.
1200clientErrorAndroidBiometricPromptAuthenticationFailedAndroidA biometric method is valid but not recognised.

Example: This error may occur if the end-user pushes a non-registered finger on the fingerprint sensor. Normally, no action is needed from the app for this error code, as BiometricPrompt will handle the UI and let the end-user retry.
1201clientErrorAndroidBiometricPromptAcquiredGoodAndroidThe image acquired was good.
1202clientErrorAndroidBiometricPromptAcquiredPartialAndroidOnly a partial biometric image was detected. During enrolment, the end-user should be informed with what needs to happen to resolve this problem.

Example: For fingerprint, "Press firmly on the sensor".
1203clientErrorAndroidBiometricPromptAcquiredInsufficientAndroidThe biometric image was too noisy to process due to a detected condition or a possibly dirty sensor.
1204clientErrorAndroidBiometricPromptAcquiredImagerDirtyAndroidThe biometric image was too noisy due to suspected or detected dirt on the sensor.

Example: It is reasonable to return this error after multiple {clientErrorAndroidBiometricPromptAcquiredInsufficient}, or after detection of dirt on the fingerprint sensor (across a single or multiple pixels). The end-user is expected to take action to clean the sensor when this is returned.
1205clientErrorAndroidBiometricPromptAcquiredTooSlowAndroidThe biometric image was unreadable due to lack of motion.
1206clientErrorAndroidBiometricPromptAcquiredTooFastAndroidThe biometric image was incomplete due to quick motion.

Example: This could happen if the end-user moved during acquisition. The end-user should be asked to repeat the operation more slowly.
1207clientErrorAndroidBiometricPromptUnexpectedHelpCodeAndroidThe Android BiometricPrompt API returned an unexpected help code.
1211clientErrorAndroidBiometricPromptErrorHwUnavailableAndroidThe hardware is unavailable. Try again later.
1212clientErrorAndroidBiometricPromptErrorUnableToProcessAndroidThe sensor was unable to process the current image.
1213clientErrorAndroidBiometricPromptErrorTimeoutAndroidThe current request has been running too long.

Note: This is intended to prevent programs from waiting for the biometric sensor indefinitely. The timeout is platform and sensor-specific, but is generally approximately 30 seconds.
1214clientErrorAndroidBiometricPromptErrorNoSpaceAndroidThe operation cannot be completed because there is not enough storage remaining to complete the operation.

Note: This error state is returned for operations such as enrolment.
1215clientErrorAndroidBiometricPromptErrorCanceledAndroidThe operation was cancelled because the biometric sensor is unavailable.

Example: This could be caused by:
  • The end-user being switched.
  • The device being locked.
  • Another pending operation preventing or disabling it.
1217clientErrorAndroidBiometricPromptErrorLockoutAndroidThe operation was cancelled because the API is locked out due to too many attempts. This occurs after 5 failed attempts, and lasts for 30 seconds.
1218clientErrorAndroidBiometricPromptErrorVendorAndroidHardware vendors may extend this list if there are conditions that do not fall under one of the above categories.

Vendors are responsible for providing error strings for these errors. These messages are typically reserved for internal operations such as enrolment, but may be used to express vendor errors not otherwise covered.

Applications are expected to show the error message string if they happen, but are advised not to rely on the message ID since they will be device and vendor-specific.
1219clientErrorAndroidBiometricPromptErrorLockoutPermanentAndroidThe operation was cancelled because BIOMETRIC_ERROR_LOCKOUT occurred too many times.

Biometric authentication is disabled until the end-user unlocks with strong authentication such as:
  • PIN code.
  • Pattern.
  • Password.
1220clientErrorAndroidBiometricPromptErrorUserCanceledAndroidThe end-user cancelled the operation. Upon receiving this, applications should use an alternate authentication such as a password.

The application should also provide the means to return to biometric authentication, such as with a Use Biometric button.
1221clientErrorAndroidBiometricPromptErrorNoBiometricsAndroidThe end-user does not have any biometrics enrolled.
1222clientErrorAndroidBiometricPromptErrorHwNotPresentAndroidThe device does not have a biometric sensor.
1223clientErrorAndroidBiometricPromptErrorNegativeButtonAndroidThe end-user pressed the negative button.

Note: This is a placeholder that is currently only used by the support library.
1224clientErrorAndroidBiometricPromptErrorNoDeviceCredentialAndroidThe device does not have a PIN code, pattern, or password set up.
1225clientErrorAndroidBiometricPromptErrorSecurityUpdateRequiredAndroidA security vulnerability has been discovered. The sensor is unavailable until a security update has addressed this issue.
1233clientErrorAndroidBiometricPromptErrorUnexpectedErrorCodeAndroidThe Android BiometricPrompt API returned an unexpected error code.

Server errors

The table below lists all errors that are triggered from the Encap SCA server. We refer to these as server errors.

CodeError nameApplicable platformsDescription
200serverErrorActivationCodeVerificationAndroid, iOSThe server was unable to look up an activation session from the given activation code.
201serverErrorUnexpectedAndroid, iOSAn unexpected problem occurred on the server.
202serverErrorNotRegisteredAndroid, iOSThe registration ID (registrationId) cannot be found.
203Mapped to serverErrorUnexpectediOSThe registration is not yet fully activated, as it has not been preceded by a successful activate call.
204Mapped to serverErrorUnexpectediOSThe operation requires an authenticated session, but the session is not yet fully authenticated as it has not been preceded by a successful authenticate call.
205Mapped to serverErrorUnexpectediOSThe operation has not yet been initiated. The register/identify call is missing.
208serverErrorNoSessionAndroid, iOSThere is no active session found for the request.
209serverErrorExpiredSessionAndroid, iOSThe active session has expired and cannot be used any more. A new session must be created by the end-user (service provider).
210serverErrorInvalidSessionAndroid, iOSAn operation was attempted on a session that is in an invalid state. You must undertake another start authentication operation before retrying the finish authentication operation.
211serverErrorClientOnlyDisallowedAndroid, iOSThe server is configured to disallow client-initiated sessions.

Note: This is a configuration error that should not occur during normal operation.
213serverErrorIncorrectResponseAndroid, iOSActivation failed on the server because either:
  • The verification of the client response to the server activation challenge failed.
  • Verification of hardware key signature failed.
214serverErrorAuthenticationFailedAndroid, iOSThe response to the authentication challenge was incorrect.

Example: This could be by an incorrect PIN code, which causes the authentication to fail.
219serverErrorApplicationIdMismatchAndroid, iOSThe application ID sent by the client did not match the application ID expected by the server.
221serverErrorServiceUnavailableAndroid, iOSThe server could not be reached, or it is having technical difficulties.
224serverErrorLockedByAdminAndroid, iOSThe registration was locked by the server for a reason.

Example: This could be caused by the registration being locked by an admin or customer support.
226serverErrorLockedAndroid, iOSThe registration is locked because either:
  • The maximum number of authentication attempts was exceeded.
  • The device verification failed.
230serverErrorNoMatchingAuthMethodAndroid, iOSCould not find an authentication method with the same or higher level as requested by the Encap server.
231serverErrorIllegalAuthMethodAndroid, iOSThe client tried to activate with an authentication method not allowed by the server's configuration.

Example: This could be caused by activating fingerprint when the server only allows DEVICE and DEVICE:PIN .
232serverErrorIllegalAuthFactorAndroid, iOSTried to use single-factor authentication when two-factor authentication is required.
233serverErrorAuthenticationRequiredAndroid, iOSAn authentication is required to be able to use this operation, to upgrade to a new protocol.
235serverErrorAuthMethodNotAllowedAndroid, iOSThe specified authentication method is not allowed for this session.
236serverErrorNoSessionForPurposeAndroid, iOSA session exists with another purpose set than what is in the request from the client.

Example: This could be caused by a new authentication session replacing the current authentication session.
237serverErrorApplicationIdNotFoundAndroid, iOSThe application ID does not exist.
238serverErrorApiVersionTooOldForServerAndroid, iOSThe API version is too old for the server.
239serverErrorApiVersionTooNewForServerAndroid, iOSThe API version precedes the server.
240serverErrorApiVersionTooOldForAppConfigAndroid, iOSThe application configuration has specified the version as outdated.
241serverErrorApiVersionBlacklistedAndroid, iOSThe application configuration has explicitly blocklisted (sometimes referred to as blacklisted) this version.
242serverErrorEncapServerToServiceProviderErrorAndroid, iOSSomething has gone wrong with the communication between the server and the service provider.
243serverErrorNotParsableAndroid, iOSThe internal request parameter cannot be parsed.
244serverErrorMissingParameterAndroid, iOSThe internal request is missing a required input parameter.
245serverErrorMalformedParameterAndroid, iOSThe internal request parameter is malformed.
246serverErrorActivationFailedAndroid, iOSThe start activation operation failed, but the client tried to finish the activation anyway.
249serverErrorClientRequestTimeOutOfSyncAndroid, iOSThe request has an older timestamp than the previous request.

Note: This means that either:
  • The request was delayed on the way.
  • The clock on the phone has been set back in time.
The end-user needs to wait the CLIENT_REQUEST_TIME_VALIDATION_THRESHOLD (given in milliseconds), then try again.

Note: For further details, see the Encap server manual.
250serverErrorReactivationOnUnknownDeviceAndroid, iOSReactivation must be performed on the same device as it was activated on.
254serverErrorAuthTokenCreationFailedAndroid, iOSCreation of the authentication token failed on the server side.
255serverErrorAuthTokenValidationFailedAndroid, iOSValidation of the authentication token failed on the server side.
256serverErrorAuthTokenAlreadyUsedAndroid, iOSThe provided token has already been used during another operation and cannot be used again.
257serverErrorRecoveryAlreadyUsedAndroid, iOSRecovery has already been used.

Note: Each recovery can be used only once.
258serverErrorRecoveryDoesNotExistAndroid, iOSRecovery secrets are missing or have never been created for a selected account.
259serverErrorRecoveryDisabledAndroid, iOSRecovery operations have been disabled for either the given registration or selected application configuration.
260serverErrorRecoveryLockedAndroid, iOSRecovery has been locked and cannot be used.
261serverErrorInvalidAuthTokenPurposeAndroid, iOSA token with the wrong purpose has been used to perform an operation.
262serverErrorInvalidAuthLevelForTokenRequestAndroid, iOSThe token request requires two-factor authentication.
270serverErrorGeofencingBoundaryValidationFailedAndroid, iOSThe server evaluation of the country against the allowed regions failed.
271serverErrorGeofencingClientFailureAndroid, iOSThe client failed to obtain a location, or the geocode lookup failed.
280serverErrorAppAttestUnexpectedErroriOSAn unexpected failure occurred whilst processing AppAttest data. Check the error message for more details.
281serverErrorAppAttestTimeoutiOSA timeout occurred whilst performing an App Attest operation.
282serverErrorAppAttestNotSupportediOSThe device does not support App Attest.
283serverErrorAppAttestServerUnavailableiOSThe Apple App Attest server is unavailable.
285serverErrorInvalidPublicKeyForApplicationIdAndroid, iOSThere is no key pair for the public key.
286serverErrorPlayIntegrityTimeoutAndroidThe activation or authentication failed due to the client timing out when performing Play Integrity Attestation.
287serverErrorPlayIntegrityApiFailureAndroidThe activation or authentication failed due to the client encountering an API failure whilst performing Play Integrity Attestation.

Recoverable errors

isRecoverableError indicates whether the error is recoverable or final in a finish operation:

  • It will return true if the error is recoverable.
  • It will return false if the error is not recoverable.

Android

The table below lists the recoverable errors for Android.

CodeError name
105clientErrorInvalidInputFormat
214serverErrorAuthenticationFailed
1200clientErrorAndroidBiometricPromptAuthenticationFailed
1202clientErrorAndroidBiometricPromptAcquiredPartial
1203clientErrorAndroidBiometricPromptAcquiredInsufficient
1204clientErrorAndroidBiometricPromptAcquiredImagerDirty
1205clientErrorAndroidBiometricPromptAcquiredTooSlow
1206clientErrorAndroidBiometricPromptAcquiredTooFast
1207clientErrorAndroidBiometricPromptUnexpectedHelpCode

iOS

The table below lists the recoverable errors for Android.

CodeError name
100clientErrorOperationInProgress
105clientErrorInvalidInputFormat
120clientErrorConnectionTimeout
121clientErrorNoInternetConnection
130clientErrorAuthenticationFailed

iOS localisation key

For all iOS errors, there is a localisation key. The localisation key is the error name prefixed with client.error. or server.error..