Better CORS error messages for developers
At DocuSign, we know that debugging your apps can be a pain, so we have made enhancements to the error responses associated with DocuSign CORS functionality in hopes that they improve the development process. Prior to the change, invalid CORS requests would return a simple 403 (forbidden) error response. Now, these forbidden responses also come with an error code, as well as a more descriptive error message that we anticipate will help you troubleshoot issues with your apps.
Here is the table of error codes and their error messages:
Error code(s) | Message |
---|---|
Missing_Origin_Header |
Missing Origin Header: ensure the request is configured to use CORS and try again. |
Invalid_Origin_Header |
Invalid Origin Header: ensure the request is configured to use CORS and try again. |
Origin_Not_Allowed |
Disallowed Origin Header: ensure the request is configured to use CORS and try again. |
Missing_Or_Disallowed_Http_Method |
Missing or Disallowed HTTP Method: ensure an HTTP method is specified and the method used is allowed for this integration key and try again. |
Unsupported_Http_Method |
Unsupported HTTP Method: ensure the HTTP method being used is one of the supported methods (GET, POST, PUT, DELETE, HEAD) and try again. |
Http_Method_Not_Allowed |
Disallowed HTTP Method: ensure the HTTP method being used is one of the supported methods (GET, POST, PUT, DELETE, HEAD) and try again. |
Insecure_Connection |
Insecure Connection: ensure the CORS request is made securely (e.g., HTTPS) and try again. |
Missing_Api_Version |
Invalid API Version: ensure the request URL contains the correct API version (e.g., >= v2.1) and try again. |
Cors_Invalid_Api_Version |
Invalid API Version: ensure the request URL contains the correct API version (e.g., >= v2.1) and try again. |
Invalid_Client_Id |
Invalid Integration Key: ensure an existing and correct integration key is being used and try again. |
Empty_Account_Id , Invalid_Account_Id , Misformatted_Account_Id |
Invalid Account ID: ensure the request URL contains the correct account ID and try again. |
Missing_Cors_Scope |
Missing CORS Scope: ensure the CORS scope parameter is included in the request and try again. |
Missing_Config_Or_Request |
The request is missing or the account does not have the right permissions. Please check and try again. |
Let’s take a look at an example error response. Say I make a request with an OAuth access token that does not have a CORS scope. Here is the response:
"restResponse": "{
"errorCode":"Missing_Cors_Scope",
"message":"Missing CORS Scope: ensure the CORS scope parameter is included in the request and try again."
}"
Previously, this restResponse JSON had an empty value like so:
"restResponse": ""
Note that the response now has an error code and a more descriptive message for the next step.
We hope that this will be useful in your development! Please reach out to Developer Support if you have any questions or suggestions.