Errors
We implement the GraphQL-over-HTTP specification, which roughly differentiates three main cases for a request:
- A request may be denied by lack of authentication, user being rate-limited, invalid JSON, etc. In that case the server will return the appropriate
4xxor5xxstatus code. - For a well-formed GraphQL-over-http request, the behavior depends on the
Acceptheader sent by the client:- For
application/json, the status code will always be200. - For
application/graphql-response+json:- If a request error is returned (
datanot being present), the server will return an appropriate4xxor5xxstatus code, based on the GraphQL errors codes defined below - Otherwise, at least a partial response could be generated and the status code will always be
200.
- If a request error is returned (
- For
A request may be denied for the following reasons:
| HTTP Status code | Description |
|---|---|
| 400 | Ill-formed GraphQL-over-http request ex: invalid JSON |
| 401 | Unauthenticated |
| 406 | Missing or unsupported Accept header |
| 429 | Rate limited |
| 500 | Internal server error |
The on_gateway_request hook can send an arbitrary 4xx/5xx status code.
All GraphQL errors that may be returned will have an error code in extensions. Each of them is associated with a HTTP status code. Those will be used for request errors (data is not present) if the client sent Accept: application/graphql-response+json.
As multiple errors may be present, client error 4xx are preferred over server error 5xx.
| Error Code | Description | HTTP status code |
|---|---|---|
| BAD_REQUEST | Bad request | 400 |
| TRUSTED_DOCUMENT_ERROR | Trusted document could not be loaded or doesn't exist | 400 |
| PERSISTED_QUERY_ERROR | Automatic persisted query failed | 400 |
| PERSISTED_QUERY_NOT_FOUND | Automatic persisted query was not found and must be provided | 400 |
| OPERATION_PARSING_ERROR | Operation parsing failed | 400 |
| OPERATION_VALIDATION_ERROR | Operation validation failed | 400 |
| OPERATION_PLANNING_ERROR | Operation planning failed | 400 |
| UNAUTHENTICATED | User is not authenticated | 401 |
| UNAUTHORIZED | User is not authorized | 403 |
| RATE_LIMITED | Request was rate limited | 429 |
| INTERNAL_SERVER_ERROR | Internal server error | 500 |
| HOOK_ERROR | Hook failed or returned an error | 500 |
| SUBGRAPH_ERROR | GraphQL error coming from the subgraph | 502 |
| SUBGRAPH_INVALID_RESPONSE_ERROR | Subgraph returned an invalid response | 502 |
| SUBGRAPH_REQUEST_ERROR | Request to the subgraph failed | 502 |
| GATEWAY_TIMEOUT | Request execeed the global timeout | 504 |
Hooks can override the error code by specifying one in the code extension field of the GraphQL error they emit.