stowage
Get started
Documentation

Error codes

The dashboard API returns errors with this shape:

{
  "error": {
    "code": "rate_limited",
    "message": "...",
    "detail": ""
  }
}

code is a stable string. message is human-readable. detail is optional and may carry validation specifics.

#Catalogue

Sourced from internal/api/*.go (every writeError(...) call).

CodeTypical statusMeaning
account_locked429Too many failed logins; user is locked for auth.local.lockout.window.
backend_error500 / 502Upstream backend returned an error or was unreachable. detail may carry the upstream message.
bad_range400Range request was malformed or unsatisfiable.
bad_request400Generic validation failure. detail describes what.
conflict409Generic conflict.
csrf_invalid403Missing or mismatched X-CSRF-Token.
email_taken409Another user already has this email.
exhausted410Share's download limit has been reached.
expired410Share has passed its expires_at.
forbidden403RBAC denied the operation.
id_taken409A backend with this id already exists.
internal500Unrecoverable handler failure. Check logs.
invalid_bucket400Bucket name failed validation.
invalid_bucket_name400Bucket name failed AWS-style naming rules.
invalid_cors400CORS config rejected (e.g. malformed JSON).
invalid_credentials401Wrong password / unknown username.
invalid_key400Object key failed validation (control chars, leading /, etc.).
invalid_lifecycle400Lifecycle rules rejected.
invalid_metadata400User metadata rejected (size or character constraints).
invalid_policy400Bucket policy rejected by upstream or pre-validator.
invalid_prefix400Prefix parameter failed validation.
invalid_quota400Quota values rejected (e.g. soft > hard).
invalid_request400Generic invalid-request.
invalid_tag400Object tag rejected.
last_admin409Refusing to remove or downgrade the last remaining admin.
length_required411Request needed a Content-Length.
mode_disabled403Auth mode disabled in config but invoked anyway.
not_found404Resource not found.
not_local400Operation requires a local user (e.g. password change for an OIDC user).
not_supported400Operation valid but the backend's Capabilities doesn't list it.
object_exists409Refused to overwrite an existing object.
oidc_failed400 / 500OIDC flow failed (token verification, role mapping, discovery).
password_change_required403User has must_change_pw=true; rotate before continuing.
password_mismatch401Old password didn't match in a self-service rotate.
password_required401The share has a password and the unlock cookie is missing.
quota_exceeded507Bucket would exceed its hard quota.
rate_limited429Per-session, per-IP, or per-key rate limit hit. Retry-After header set.
register_failed409Backend created in DB but registry registration failed.
revoked410Share has been revoked.
secret_key_unset503A handler that needs the AES-256 root key was called and the key isn't set.
self_delete403Refusing to let a user delete their own account.
self_role_change403Refusing to let a user change their own role.
session_error500Session attach / mint failed.
size_tracking_disabled400Per-bucket size tracking is off; the requested operation needs it on.
static_user403Refusing to mutate the static-config user via the API.
store_unavailable503Endpoint store not configured (no STOWAGE_SECRET_KEY).
too_large413Body exceeded a per-route size limit.
too_many_keys400Bulk-delete request listed too many keys.
too_many_tags400More than the per-object tag limit.
unauthorized401No session, expired session, or session revoked.
username_taken409Another user already has this username.
weak_password400Password didn't satisfy the policy.
yaml_managed409Refusing to mutate a YAML-defined backend through the UI.

#S3 proxy errors

The proxy returns AWS-shaped XML errors, not the JSON shape above. See S3 proxy → errors.